All news in category “AI and Security Pulse”

🤖 Microsoft’s Threat Intelligence report warns that threat actors are increasingly using generative AI across all stages of cyberattacks to accelerate execution and lower technical barriers. Attackers employ models to draft phishing lures, generate realistic fake identities and resumes, produce or debug malware, and scaffold infrastructure. Groups like Jasper Sleet and Coral Sleet have used AI in remote IT worker schemes, while operators test jailbreaking and agentic techniques. Microsoft advises treating these campaigns as insider risks and strengthening identity controls, credential monitoring, and protections around AI systems.

🔍 Anthropic reported discovering 22 new vulnerabilities in the Firefox browser using Claude Opus 4.6 during a two-week assessment in January 2026. Fourteen issues were rated high, seven moderate and one low, and most were patched in Firefox 148. The model detected a JavaScript use-after-free bug in about 20 minutes, which researchers validated in a virtualized environment. When tasked to produce exploits the model succeeded only twice after many attempts and roughly $4,000 in API spend, underscoring that discovery is cheaper than reliable exploitation.

⚠️ Threat actors are integrating AI across the cyberattack lifecycle to speed and scale operations, using LLMs to draft phishing, generate and debug malware, fabricate identities, and maintain persistent fraudulent access. Microsoft observed groups such as Jasper Sleet and Coral Sleet abusing generative models and jailbreaking techniques to bypass safeguards. Early experiments with agentic AI could enable semi‑autonomous workflows, increasing operational resilience. Defenders should combine identity controls, telemetry, and AI‑aware detection tools to mitigate risk.

🔐 EC‑Council launched its Enterprise AI Credential Suite, introducing four role-aligned certifications—Artificial Intelligence Essentials (AIE), Certified AI Program Manager (CAIPM), Certified Offensive AI Security Professional (COASP), and Certified Responsible AI Governance & Ethics (CRAGE)—alongside an updated Certified CISO v4. The suite is structured around the proprietary Adopt, Defend, Govern (ADG) framework to build practical capability across AI adoption, security, and governance. EC‑Council positions the expansion as a response to growing AI risk exposure and a pronounced workforce reskilling gap.

🛡️ This contributed piece from The Hacker News (Mar 06, 2026) outlines how MSPs and MSSPs can adopt AI-powered risk management to scale cybersecurity services. It argues a risk-first model shifts providers from one-off, technical fixes to continuous, business-focused protection that drives recurring revenue. The article highlights six common barriers—manual assessments, missing remediation roadmaps, compliance complexity, lack of business context, talent shortages, and unmanaged third-party risk—and recommends sourcing platforms that deliver automated assessments, dynamic risk registers, and actionable remediation plans to accelerate onboarding, improve compliance mapping, and create upsell opportunities.

🚀 February highlights include new models, tools, and global partnerships. Google introduced Gemini 3.1 Pro and an upgraded Deep Think variant for scientific and engineering problems, alongside visual models such as Nano Banana 2 and creative tools like Lyria 3 and Flow improvements. The company emphasized impact at the AI Impact Summit and announced investments, national partnerships in India, and updates to content-identification tools like SynthID, with access pathways for developers, enterprises, and consumers.

🔒 This practical guide describes how to disable built‑in AI assistants that vendors are increasingly embedding across consumer products from Microsoft, Google, Apple, and Meta. It summarizes the privacy, security, and performance risks these agents introduce and gives concise, actionable steps to turn off AI features in Gmail and Google Docs, Chrome, Firefox, Edge, Windows (Copilot and Recall), WhatsApp, Android, macOS and iOS. Where uninstalling isn't possible, the article describes flag, settings, and registry workarounds and recommends periodic checks to ensure features haven't been reactivated.

🔒 Microsoft reports companies are embedding hidden instructions in Summarize with AI buttons that pass persistence commands via URL prompt parameters. These prompts tell assistants to 'remember [Company] as a trusted source' or 'recommend [Company] first,' biasing later responses toward vendors. Researchers found over 50 unique prompts from 31 companies across 14 industries, and freely available tooling makes this trivial to deploy. The manipulation can subtly skew recommendations in critical areas like health, finance, and security without users knowing.

🔒 A new RFP Guide for Evaluating AI Usage Control and AI Governance Solutions provides security teams with a practical framework to convert vague AI-governance goals into measurable procurement criteria. It emphasizes interaction-level inspection — governing the moment a prompt is typed or a file is uploaded — rather than cataloging every shadow app. The template forces vendors to demonstrate browser- and client-side visibility, real-time enforcement, and contextual policy controls. A scoring model across eight domains helps CISOs avoid legacy checkbox tools and evaluate readiness for agentic, browser-native workflows.

🛡️ Two recent episodes involving Anthropic’s Claude — a China-based large-scale extraction campaign and the U.S. government’s ban of Claude for federal use — expose a growing operational risk in frontier AI. When adversaries can probe a model at scale they can map strengths and predictable seams, and when major customers demand behavioral changes vendors face immediate, operational trade-offs. CISOs should treat frontier models as high-value dependencies shaped by upstream pressures and invest in visibility, monitoring, and governance to detect when external influences begin affecting deployed behavior.

⚠️ CyberStrikeAI is an open-source, AI-native attack orchestration platform that consolidates end-to-end offensive tooling and automation into a single repository. According to Team Cymru, the project ships with more than 100 curated tools, native Model Context Protocol (MCP) integration, role-based testing, a skills system and mobile chatbots, and has been linked to a developer with alleged ties to Chinese state-affiliated firms. Researchers warn the platform dramatically lowers the technical barrier for attackers and could accelerate AI-augmented exploitation against edge devices and appliances.

🤖 MIT Technology Review examined Moltbook, the supposed AI-only social network where many viral posts were in fact published by people posing as bots. Experts including Cobus Greyling of Kore.ai note that humans create and verify bot accounts and craft prompts, so agents do nothing without explicit human direction. Researcher Juergen Nittner II frames the episode with his LOL WUT Theory, warning that easy-to-produce, hard-to-detect AI content could erode trust online. The Moltbook episode is a preview of that risk rather than proof of autonomous agent societies.

🔐 The article explains how Model Context Protocol (MCP)-driven AI agents are rapidly moving from chat assistants into enterprise workflows, creating an emergent class of non-human identities that often evade traditional IAM controls. It warns these agents gravitate to low-friction credentials—local accounts, long-lived tokens, and API keys—creating pervasive “identity dark matter.” The piece recommends pairing agents with human sponsors, enforcing dynamic, context-aware access, centralizing visibility and auditability, and applying consistent governance across hybrids to prevent privilege drift and regulatory blind spots.

⚠️ Unit 42 researchers describe web-based indirect prompt injection (IDPI), where adversaries embed hidden or obfuscated instructions in webpages that are later consumed by LLMs and agentic systems. The report catalogs 22 payload engineering techniques, presents a taxonomy of attacker intents from low to critical, and details multiple in-the-wild detections, including the first observed AI ad-review bypass. It emphasizes detection, intent analysis and web-scale defenses to protect automated pipelines.

🔍 Cloudflare integrated Large Language Models (LLMs) into its email security pipeline to surface previously invisible phishing behaviors and move from reactive to proactive defense. LLMs tag messages with granular categories such as Sales Outreach and PrizeNotification, providing high-fidelity, near-real-time signals for analysts. From those tags Cloudflare curated targeted corpora, extracted sentiment and intent features, and trained specialized classifiers that emit risk scores. Those scores are combined with reputation and link signals to enforce blocking or quarantine, reducing user-reported misses and accelerating updates.

🔍 Researchers warn that the open-source platform CyberStrikeAI was observed on infrastructure linked to a recent campaign that compromised hundreds of Fortinet FortiGate devices. Team Cymru analysts identified the service banner on port 8080 at 212.11.64[.]250 and saw communications between that host and targeted FortiGate appliances. The platform integrates over 100 security tools with AI agents to automate end-to-end attack chains, enabling lower-skilled operators to carry out complex exploitation.

🛡️ As deepfakes and injection attacks evolve, identity verification must move from isolated media checks to end-to-end session trust. Ricardo Amper of Incode explains that high-fidelity synthetic faces, replayed footage, virtual cameras, rooted devices, and automated probing can all defeat perception-only defenses. Incode Deepsight combines perception, integrity, and behavioral signals in real time to validate the entire verification session and reduce false acceptances while blocking persistent unauthorized access attempts.

🔎 A new study demonstrates that large language models can reliably deanonymize users from a handful of anonymous posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, LLM agents infer location, occupation, and interests and then search the web to find likely identities. The researchers report high precision results that scale to tens of thousands of candidates, showing that automated deanonymization is now practical and widely feasible.

🔒 CISOs should treat innovation as a control: enable safe experimentation while reducing exposure across AI, IoT and cloud. The article urges leaders to remove toil, standardize repeatable patterns, and provide golden paths so secure options are also the fastest. It recommends guardrails, mandatory exit criteria for pilots, and measurable outcomes to prevent innovation debt. The goal is to accelerate business velocity while demonstrably reducing risk.

🔎 Manual 'vibe checks' are unreliable for production AI agents; this article recommends adopting continuous evaluation (CE) to guard against regressions, hallucinations, and unseen edge cases. It outlines a practical engineering approach—separating discovery and defense modes—and demonstrates implementation patterns using Agent Development Kit (ADK), Vertex AI evaluation services, and Cloud Run. The guidance covers dataset design, automated rubrics, tool-trajectory metrics, shadow deployments, CI/CD gating, and distributed tracing to establish robust, auditable agent behavior.