All news in category “AI and Security Pulse”

🛡️ Anthropic appears to be preparing a public rollout of its restricted Mythos model, which the company warned poses major security risks by automating high-quality cyberattacks. Announced in April as an advanced frontier model, Mythos showed dramatic improvements in code reasoning and autonomy compared to Opus 4.7. References briefly appeared in Claude Code and Claude Security, suggesting a controlled preview, while Anthropic builds guardrails and works with partners through its Glasswing initiative.

🛡️ Researchers argue enterprises must stop treating AI agents as trusted components and instead secure them as untrusted systems. The paper, authored by teams from Google, UC San Diego, UW–Madison and others, distills five systems-security principles—least privilege, tamper resistance, complete mediation, secure information flow, and human risk—and maps eleven real-world agent attacks to these violations. They caution that stacking ML guardrails is insufficient and propose research directions for separating instructions from data, verifiable least-privilege policies, and information-flow controls.

🔎 Anthropic disclosed that Project Glasswing and access to Claude Mythos Preview helped partners uncover over 10,000 high- or critical-severity vulnerability candidates across widely used, systemically important software since last month. Analysis verified 1,726 true positives, including 1,094 high- or critical-severity flaws, and resulted in 97 upstream patches and 88 advisories. One notable finding was a critical WolfSSL flaw (CVE-2026-5194).

🦷 Movix built a custom agentic AI platform to address a severe shortage of skilled dental technicians and reduce costly remakes in aligner and appliance manufacturing. Using Google Cloud infrastructure, including Gemini Enterprise Agent Platform, Cloud Run with L4 GPUs, and Compute Engine, Movix developed deep learning, computer vision, and 3D mesh models to automate quality control and data entry. The solution integrates with legacy lab systems, anonymizes PHI for compliance, and targets large-volume labs to improve accuracy, speed, and cost savings.

🔧 Industrial AI initiatives collide with legacy OT realities: an AI-ready control room can still depend on an unpatched Windows 7 maintenance laptop that alone communicates with protection relays. The author reports pervasive visibility gaps across utilities and plants, noting fewer than 10% of OT networks have meaningful monitoring. AI trained on IT telemetry misclassifies normal industrial traffic and automated responses risk shutting down production; passive monitoring of Level 0–2 protocols and a focus on crown-jewel processes are essential before layering AI.

🔒 Microsoft has open-sourced two tools, Rampart and Clarity, intended to embed safety engineering into the AI agent development lifecycle rather than leaving it as a periodic checkpoint. Rampart converts red-team findings into structured, repeatable tests that can be automated in CI/CD pipelines and is built on top of PyRIT for continuous adversarial and benign scenario execution. Clarity targets an earlier phase, guiding engineers through structured conversations to clarify assumptions, expected behaviors, permissions and trust boundaries, storing outcomes as markdown in a .clarity-protocol/ directory for review. Both projects join Microsoft’s broader open-source agent governance stack to address risks such as prompt injection, unsafe tool use, privilege escalation, and unintended autonomous actions.

🛡️ Security professionals at DTX argued that integrating AI into SOCs is now essential to counter autonomous attacker tooling and AI-accelerated threats. Panelists stressed sustaining core cyberdefence fundamentals—system hardening, patching, access control and monitoring—before deploying AI, and preserving human oversight to manage model risk. They noted role shifts toward validation, prompt engineering and GRC, and urged rigorous testing and SDLC-like deployment controls.

🛡️ Microsoft has released two open-source tools, RAMPART and Clarity, to help developers test and clarify AI agent safety early in the development lifecycle. RAMPART is a Pytest-native framework for writing and running adversarial and benign safety tests against agents, building on prior work such as PyRIT. It evaluates test outcomes via simple adapters that connect an agent to the suite, while Clarity acts as a structured thinking partner to surface assumptions, explore failure modes, and guide design decisions before coding begins.

🔒 Microsoft has open-sourced two engineering tools—RAMPART and Clarity—to make agent safety a continuous part of development. RAMPART provides a pytest-style framework that brings red-team and adversarial tests into CI, evaluating tools invoked and side effects. Clarity is a structured design companion that captures problem statements, failure analyses, and decisions in a .clarity-protocol directory. Both aim to create living safety artifacts integrated into normal workflows.

🔒 AI security cannot be reduced to a single benchmark. Over the past 30 years software security evolved from black‑box penetration testing to white‑box analysis and process-driven standards such as BSIMM, and the report argues that AI requires a similar assurance-first approach. Benchmarks fail to capture emergent, systemic properties, so organizations should clean up their WHAT piles, adopt risk-based processes, and accept that there is no simple security meter for AI.

🔍 While many organizations intentionally deploy AI to improve productivity, unsanctioned AI is proliferating faster — employees install tools or vendors embed assistants into existing apps. The article defines four AI categories and maps specific detection techniques to each, covering DNS, web gateways/NGFW, EPP/EDR, application and browser controls, and SSPM/identity governance. It flags OAuth consent as a high-risk channel and summarizes admin steps for Microsoft Entra, Google Admin, Salesforce, and ServiceNow to block or restrict app access.

🔍 ENISA chief Hans de Vries told ESET World that AI-powered vulnerability scanners mean firms can no longer claim ignorance of software bugs. He warned that the Cyber Resilience Act and emerging AI tools require security by design and that failure to use AI coherently risks exploitation and litigation. The NCSC also expects AI to expose poorly coded systems while vendors adopt AI to remove flaws.

🔍 Across organizations, employees run three to five AI tools daily—many unapproved and often connected to corporate data via OAuth, browser extensions, or newly added vendor features—creating a widening "shadow AI" gap that evades traditional network controls. The article outlines five practical steps security teams can apply: build an inventory, write usable policies, create a fast approval lane, implement browser-native monitoring, and deliver just-in-time coaching. Together these measures aim to preserve productivity while restoring visibility, reducing data exposure, and aligning employee workflows with security requirements.

🔍 New benchmarks from the UK’s AI Security Institute (AISI) show leading AI models rapidly improving at multi-stage penetration testing, with the difficulty of tasks solvable by models doubling every 4.7 months as of early 2026. The tests measure the longest task an AI can complete with 80% success relative to human work-hours, emphasizing autonomous chaining of steps rather than raw speed. While there are caveats — token limits and inconsistent model performance — the findings highlight growing offensive and defensive implications for enterprise security.

🔍 Researchers from Xidian University describe a new image-based prompt injection called CrossMPI that uses near-imperceptible pixel perturbations to alter how large vision-language models interpret both visual and textual inputs. The technique targets intermediate multimodal fusion layers rather than final outputs, misleading LVLMs without modifying text prompts. Tests show strong black-box transferability and high success rates across several open-source models, while common defenses reduce but do not fully eliminate the threat.

🔒 The UK’s National Cyber Security Centre (NCSC) has published new guidance for organisations considering the adoption of agentic AI, summarising a wider report produced with Five Eyes partners. It flags the heightened risk from agent autonomy and complexity, including excessive access, unpredictable behaviour and actions that can outpace human review. The NCSC advises incremental deployment with tightly bounded pilots, clear ownership, ongoing monitoring and meaningful human oversight, and points organisations to industry best practice such as ETSI EN 304 223.

🛡️ The rapid rise of AI-assisted and vibe coding is accelerating secrets sprawl, with developers and AI agents increasingly introducing credentials, tokens, and private data into code and collaboration tools. Security researchers from Wiz and independent analysts found a Jan. 28, 2026 Moltbook backend misconfiguration on Supabase that exposed 1.5 million API authentication tokens, tens of thousands of emails, and private messages. Organizations report that detection is outpacing remediation: many teams can find leaks but lack governance and processes to revoke, rotate, and purge secrets at scale. Experts urge treating the issue as identity governance, embedding security into the SDLC, and enforcing short-lived credentials and automated rotation.

🔍 Cloudflare tested security-focused LLMs on its infrastructure and reports detailed findings from using Anthropic’s Mythos Preview as part of Project Glasswing. The model stood out for exploit chain construction and automated proof generation, producing runnable PoCs and iterating on failures. Its emergent guardrails proved inconsistent across runs and prompts, so Cloudflare built a tailored harness and additional safeguards to scale safely. The team also observed higher-quality, actionable findings compared with earlier frontier models, but noted increased noise from memory-unsafe languages and model bias.

🔒 The article argues that security must move beyond detection and focus on compressing the OODA loop—observe, orient, decide and act—so defenses can outrun attackers. It notes that detection improvements have reached diminishing returns while investigation and remediation remain time-bound bottlenecks. By embedding contextual investigation into systems and deploying agent-based remediation, teams can make faster, more consistent decisions. As AI-driven interactions accelerate threat timelines, continuous validation and automated response become essential.

🆕 AWS added FLUX.2-klein-base-4B and Qwen3-Embedding-0.6B to Amazon SageMaker JumpStart. FLUX.2 targets real-time image generation and multi-reference editing in a compact architecture that can run on consumer GPUs with about 13GB VRAM. Qwen3-Embedding delivers instruction-aware, multilingual text embeddings across 100+ languages for retrieval, RAG, and semantic search. Customers can deploy these models via SageMaker Studio or the SageMaker Python SDK.