All news in category “AI and Security Pulse”

🔐 Large language models (LLMs) are reshaping security operations as productivity tools, embedded components and attacker targets. The article argues organizations should treat LLMs as high-impact systems: define outcomes, model threats and assume models can be wrong or manipulated. Early deployments should focus on narrow, advisory workflows (for example, alert triage, investigation copilots and detection engineering) and always treat model output as untrusted. Practical controls include retrieval-augmented generation, scoped credentials and human-gated actions to limit the model's blast radius.

🔒 Security experts warn that defenders must embrace greater automation to keep pace with AI-powered attacks that operate at machine speed. Recent research, including CrowdStrike findings showing average breakout times falling to 29 minutes (and as fast as 27 seconds), highlights the urgency. Industry leaders recommend automating routine SOC work and responses to known threats while reserving humans for novel, high-risk incidents. Cultural shifts and revised risk appetites will be required to enable faster, autonomous mitigations.

🔓 Google Cloud API keys that were once treated as non-sensitive can now authenticate to the Gemini generative AI assistant, creating a new attack path where keys embedded in client-side JavaScript expose private assistant data. TruffleSecurity discovered nearly 2,800 live, publicly accessible keys across sectors — including financial firms and a Google product — by scanning the November 2025 Common Crawl. Attackers who copy exposed keys can call Gemini endpoints to retrieve data or generate costly API usage; developers should audit projects for the Generative Language API, rotate exposed keys immediately, and use detection tools to prevent abuse.

🛡️ The Microsoft Security Blog explains why threat modeling must be retooled for AI systems, noting that probabilistic behavior and complex input spaces require reasoning about ranges of likely outcomes rather than single execution paths. It identifies three core drivers — nondeterminism, instruction‑following bias, and system expansion through tools and memory — which widen attack surfaces and surface human‑centered risks like erosion of trust. The post advises starting from assets, mapping untrusted inputs, setting clear 'never do' boundaries, and embedding architectural mitigations, observability, and response plans to limit blast radius and sustain trust.

🖼️ Nano Banana 2 is Google’s latest image-generation and editing model, delivering Pro-level image quality and fast iteration for enterprise creative workflows. Powered by real-time web search and integrated with Gemini API in Vertex AI, it provides accurate, localized visuals plus premium features like text rendering, translations, and upscaling to 2K/4K. Enterprise-ready provenance is supported via SynthID and interoperable C2PA Content Credentials to surface how AI was used.

🔒 Bruce Schneier highlights an Irregular.com analysis showing that large language models produce highly patterned, nonrandom passwords. In 50 attempts, Claude generated only 30 unique strings; many began with an uppercase G followed by 7, certain characters and symbols dominated, and the model avoided repeating characters and the asterisk. One password appeared 18 times (36% of trials), demonstrating severe predictability. Schneier warns this is a practical problem for autonomous agents that create accounts and for broader authentication practices.

🔍 OpenClaw is an AI-driven automation framework with a modular skills marketplace that lets agents run user-installed plugins to manage mail, schedules, and system tasks. Security researchers disclosed multiple critical flaws — including one-click RCE (CVE-2026-25253), token/OAuth abuse, prompt-injection pathways, and absent sandboxing — and documented dozens of poisoned skills on ClawHub. Flare's telemetry shows significant chatter across research and fringe channels but limited evidence of mass criminal operationalization; the immediate confirmed threat is supply-chain abuse where malicious skills execute with agent-level privileges and exfiltrate credentials and sessions.

⚠️ A short experiment demonstrates how easy it is to poison AI outputs by publishing a single fabricated webpage. The author wrote an entirely false article titled "The best tech journalists at eating hot dogs," inventing events and rankings; within 24 hours Google Gemini and ChatGPT had incorporated the falsehoods, while Claude resisted. The incident underscores the fragility of trust in AI-derived answers.

🔐 Today’s enterprise AI agents are no longer passive assistants but active operators that authenticate to systems using API keys, OAuth tokens, cloud roles, and service accounts. The article advocates treating every agent as a first-class identity with unique identities, lifecycle management, defined roles, clear ownership, and auditability. It warns that identity alone is insufficient because agents are dynamic and can drift from original missions; instead it promotes intent-based permissioning, activating privileges only when an agent's declared mission and runtime context justify the action. Practical steps include inventorying agents, assigning lifecycle-managed identities, documenting approved missions, and enforcing conditional access based on identity, intent, and context.

🔒Anthropic said three China-based AI firms — DeepSeek, Moonshot and MiniMax — executed more than 16 million exchanges with its Claude model using roughly 24,000 fraudulent accounts to perform model distillation, breaching terms of service and regional access restrictions. The company described the activity as deliberate capability extraction and attributed the campaigns via IP address correlation, request metadata and infrastructure signals. To mitigate further misuse, Anthropic has implemented detection systems for API attack patterns, tools to detect chain-of-thought elicitation and coordinated account activity, stronger verification for high-risk accounts and product-, API- and model-level safeguards.

🛡️ Anthropic launched a limited research preview of Claude Code Security, triggering sharp market moves as stocks of major cybersecurity vendors dropped. The tool claims to reason about code like a human, trace data flows, find complex vulnerabilities, and suggest targeted patches that appear in a review dashboard with confidence ratings. Anthropic says every finding undergoes a multi-stage verification and requires human approval, but experts warn about outsourcing critical security judgments to an evolving model and highlight risks from hallucinations, asymmetric attacker advantage, and single points of trust.

🚨 Anthropic says it detected industrial-scale distillation campaigns by three China-based AI firms that generated more than 16 million exchanges with Claude using about 24,000 fraudulent accounts. The companies — DeepSeek, Moonshot AI, and MiniMax — are accused of illicitly extracting model capabilities to accelerate their own development. Anthropic described proxy 'hydra cluster' networks and said it has deployed classifiers, behavioral fingerprints, and stricter account verification to mitigate the abuse.

🔐 Modern LLM deployments expand rapidly, and each new endpoint increases the attack surface, often with implicit trust and excessive permissions. Internal APIs, long-lived tokens and misconfigurations frequently expose endpoints that act as pivot points to databases, tools and cloud services. Organizations should apply least-privilege, just-in-time access and automated secrets rotation to limit damage. Solutions like Keeper help implement endpoint privilege management.

🗣️ Deepfake voice calls are increasingly easy and convincing, enabling scammers to impersonate executives, suppliers or customers to request urgent transfers or authentication resets. Common giveaway signs include unnatural rhythm, flat emotional tone, missing breaths, robotic timbre or oddly uniform background noise. Defend by combining employee training (including simulated deepfake scenarios), out-of-band verification, pre-agreed passphrases and technical detection tools as part of a people, process and technology approach.

🔐 Cybercriminals increasingly employ generative AI to automate and scale established attack techniques, from highly convincing phishing and deepfakes to AI-assisted malware creation and accelerated vulnerability exploitation. Adversaries are building custom LLMs, hijacking cloud LLM resources, and orchestrating multi-agent campaigns that speed reconnaissance and weaponization. Organizations should adopt layered defenses, monitor API and AI usage, tighten identity and access, and leverage AI-based detection to mitigate these evolving threats.

🛡️ Anthropic has introduced Claude Code Security, an AI feature now in a limited research preview for Enterprise and Team customers that scans software codebases for vulnerabilities and proposes targeted patches for human review. The company says the tool reasons about component interactions and traces data flows, going beyond pattern-based static analysis. Findings pass a multi-stage verification process to reduce false positives and receive severity and confidence ratings. Anthropic stresses a human-in-the-loop model: suggested fixes require developer approval.

🔐 ESET researchers have identified an Android implant, dubbed PromptSpy, that leverages generative AI to maintain persistence on victims' devices and represents an evolution of earlier VNCSpy samples. The implant sends serialized UI snapshots to Google's Gemini, receives step-by-step Accessibility Service actions to keep the malicious app pinned in Recent Apps, and executes those actions while a VNC module provides remote viewing and control. The initial dropper impersonated JPMorgan Argentina and distributed via mgardownload[.]com; communications use AES-encrypted VNC to a hardcoded C2 at 54.67.2[.]84. PromptSpy also overlays invisible UI elements to block uninstallation; the only reliable removal is rebooting into Safe Mode.

🛡️ ESET researcher Lukas Stefanko has identified PromptSpy, the first known Android malware to call a generative AI model at runtime, leveraging Google's Gemini to adapt persistence on different devices. The malware submits an XML dump of the current UI plus a chat prompt to Gemini, receives JSON-formatted instructions, and uses the Accessibility Service to pin the app in Recent Apps in a loop until confirmed. Its primary payload is a VNC-based spyware module that can capture PINs, record unlock patterns and screen activity, take screenshots, and report foreground apps. To block removal it overlays invisible UI elements over uninstall or permission controls; victims must reboot into Safe Mode to remove it.

🤖 AI accelerates attackers' ability to craft targeted social engineering, but defenders can leverage the same capabilities to create decoy personas and AI-generated employees that attract malicious profiling tools. By planting social posts, CVs, emails, and messaging accounts for fictitious staff, teams can detect reconnaissance, update IP/URL blocklists, and treat any interaction with those accounts as hostile telemetry. This approach turns attacker tooling into a source of actionable threat intelligence and enables rapid blocking and investigation.

🛡️ ESET researchers disclosed PromptSpy, the first Android malware observed to integrate Google's Gemini generative AI into its execution flow and achieve persistence. The malware assigns Gemini the persona of an 'Android automation assistant,' sends an XML dump of the current screen, and receives JSON step-by-step instructions that are executed via accessibility services. PromptSpy captures lockscreen data, records screens and video, deploys a VNC module for remote access, and blocks uninstallation using invisible overlays while communicating with a hard-coded C2.