All news in category “AI and Security Pulse”

🚨 As AI agent frameworks surge, Talos warns of two immediate threats: Clawdbot — a popular open-source agentic tool (aka Moltbot/OpenClaw) that requires users to store credentials and API keys locally and can accept unvetted Skills granted broad system privileges. DKnife, active since at least 2019, is a modular Linux attack framework that compromises routers and edge devices to intercept traffic, hijack updates, and deliver malware while evading many endpoint defenses. The newsletter urges skepticism toward rushed AI tools and recommends hardening gateways, auditing firmware, enforcing strong authentication, and monitoring for suspicious update behaviors.

🤖 Claude Opus 4.6 is now available in Microsoft Foundry on Azure, delivering Anthropic’s advanced reasoning and agent capabilities to enterprise workflows. The model supports a beta 1M-token context window, up to 128K output tokens, and new API controls including Adaptive Thinking and Context Compaction. Integrated with Foundry IQ and Azure governance, Opus 4.6 targets coding, knowledge work, finance, legal, cybersecurity, and multi-tool agent automation—helping teams move from experimentation to production while preserving compliance and operational control.

🔒 Glean and Prisma AIRS have integrated to provide real-time AI threat protection that neutralizes prompt injections, blocks toxic or biased outputs, and inspects generated code and URLs for malicious patterns. The integration enforces organizational policy across chats and agent interactions and immediately blocks risky requests while notifying users. Deployment is designed to be frictionless—enable protection in three clicks by pasting a Prisma AIRS runtime API key into the Glean admin console.

🔒 The Buyer’s Guide for AI Usage Control warns that AI adoption has far outpaced visibility and governance, producing a widening gap as AI is embedded across SaaS, browsers, copilots, extensions and shadow tools. It reframes the problem as an interaction issue rather than solely a data or app problem, and positions AI Usage Control (AUC) as a distinct governance layer that must discover and enforce policy at the moment of interaction. The guide outlines four operational stages—Discovery, Interaction Awareness, Identity & Context, and Real-Time Control—and stresses that architectural fit, operational overhead, and user experience are decisive factors when selecting a solution.

🔒 Most security leaders assume they know where sensitive data resides, but rapid AI adoption has created a new exposure surface in AI inference traffic. Prompts often contain source code, contracts, PII and proprietary workflows that flow through application layers, logs and third‑party services without classification or adequate controls. Traditional protections — transport encryption, legacy DLP and standard logging practices — frequently fail to prevent prompt leakage, producing an often invisible and growing enterprise risk.

🛡️ Microsoft has developed a scanner to detect hidden backdoors in open-weight language models, focusing on triggers and malicious behaviors inserted during training or fine-tuning. The tool flags three observable signatures — attention hijacking, leakage of poisoned training fragments, and sensitivity to partial triggers — and runs using forward passes only without retraining or backpropagation. It is designed to work with most causal, GPT-style models and to serve as an added layer of supply-chain security for enterprises using third-party or open-source models.

⚠️ Gravitee reports that roughly half of an estimated three million AI agents running in US and UK enterprises are unmonitored and potentially "going rogue." A December 2025 Opinion Matters survey of 750 IT executives found a mean of 36.9 agents per large organization and that 88% suspected an agent-related security or privacy incident in the prior year. Experts warn deployment is outpacing governance and call for continuous runtime oversight, tiered access controls, and stricter credential management.

📰 In episode 453 of Smashing Security, Graham Cluley and guest Tricia Howard examine how sloppy redaction and a mix of AI and open social profiles can deanonymise documents once thought obscured. They discuss real-world incidents including malware delivery via a compromised Notepad++ installer, a sex-addiction app leaking intimate user data, and a problematic AV update used to distribute malware. The episode also highlights insider-threat risks after a senior US cybersecurity official uploaded sensitive government material into a public ChatGPT instance, and explores how broken trust can have lasting reputational consequences for vendors and organisations.

🔍 Microsoft has developed a lightweight scanner to detect backdoors in open-weight large language models (LLMs) by evaluating three observable signals tied to internal model behavior. The tool extracts memorized content, isolates suspect substrings, and scores candidates with loss functions that formalize attention and output anomalies. The approach requires no additional training and runs across common GPT‑style models, but it needs access to model files and is best suited for trigger-based, deterministic backdoors.

🔍 Microsoft researchers released new findings and a practical scanner for detecting backdoors in open-weight language models. The study identifies three signatures — a distinctive “double triangle” attention pattern, leakage of poisoning training data through memorization, and trigger “fuzziness” — and uses them to reconstruct likely triggers without retraining. The scanner requires only forward passes, works on GPT-like models, and was validated across 270M–14B models and common fine-tuning regimes. The team notes limits: it needs model file access, favors deterministic backdoors, and should be used as part of layered defenses.

🔒 OpenClaw is an open-source, agentic AI assistant that can run locally or on servers, connect to LLMs and external APIs, and autonomously perform actions such as sending email or controlling browsers. Its local storage of config and broad access (files, terminals, sometimes root) makes misconfigured deployments attractive as backdoors. CrowdStrike observed rapid adoption and internet-exposed instances, and recommends discovery, runtime guardrails, and automated removal integrated into detection workflows.

⚠️ Security researcher Paul McCarty (aka 6mile) has identified 386 malicious OpenClaw "skills" on the ClawHub repository that impersonate crypto trading tools. The add-ons use social engineering to trick users into executing commands that deploy infostealers on macOS and Windows, harvesting exchange API keys, wallet private keys, SSH credentials and browser passwords. The discovered skills share a common C2 IP (91.92.242.30) and many remain available, with the most active uploader accounting for nearly 7,000 downloads.

🔐 AI agents—custom GPTs, copilots, coding agents and other autonomous tooling—are proliferating in production while remaining largely outside traditional IAM, PAM, and IGA controls. The piece argues for treating agents as a distinct identity class and applying continuous identity lifecycle management to ensure visibility, ownership, dynamic least privilege, and auditability. Rather than slowing adoption, this approach positions identity as the control plane for balancing innovation and security.

🤖 Our inaugural survey of 251 senior public sector leaders, commissioned by Google Cloud and conducted by National Research Group, finds agentic AI is already mission‑critical: 55% report using AI agents and 42% have deployed more than 10 in production. Respondents expect to allocate 50%+ of future AI budgets to agents. The report highlights productivity gains (70% improved; 46% at least doubled) and security improvements (79% better threat identification, 70% improved intelligence/response integration), and points to Gemini for Government with FedRAMP High-authorized protections as a clear path to scale.

🔒 Early agentic AI experiments have exposed a rapidly expanding cybersecurity problem: enterprises are accumulating vast numbers of non-human identities (NHIs)—service accounts, tokens, API keys and automation credentials—that security teams largely cannot see or govern. Analysts predict counts will jump from millions to tens of millions within months, driving visibility into these assets into the single digits. Experts recommend containment and segmentation of legacy NHIs, strict ownership, and a clean-slate approach to provisioning future agents rather than attempting perfect retroactive inventories.

🔒 OpenClaw (formerly Moltbot/ClawdBot) has had over 230 malicious skills published in less than a week, with many near-identical clones gaining thousands of downloads. The packages impersonate legitimate utilities but include a disguised AuthTool installer that delivers info-stealing malware, including a macOS variant of NovaStealer. Researchers found hundreds of exposed admin interfaces and numerous typosquat registries, and warn users to sandbox the assistant, restrict permissions, secure remote access, and thoroughly vet any third-party skills before installation.

🔒 The CrowdStrike Falcon platform delivers unified protection for AI across endpoints, cloud workloads, identities, and data flows, extending proven security principles to machine‑speed operations. By combining a single lightweight sensor with integrated modules, Falcon provides visibility, identity governance, data protection, and continuous monitoring for models and AI agents. Customers use these capabilities to detect misconfigurations early, govern non‑human identities, and prevent sensitive data exfiltration while preserving developer velocity and operational scale.

⚛️ Quantum computing paired with AI promises transformative gains in processing speed and machine learning capacity, enabling tasks—such as real-time climate modelling and instant financial simulations—that classical infrastructure struggles to deliver. At the same time, the article warns that quantum-enabled attacks could undermine widely used cryptosystems like RSA, ECC and AES, creating a disruptive Q-Day when encrypted confidentiality is at risk. Governments and enterprises are already staging migrations to post-quantum cryptography and updating governance and observability, but the piece stresses that building trust, ethical AI oversight and resilient frameworks will be essential to preserve digital privacy and integrity.

🛈 OpenAI is rolling out a full-screen onboarding experience for ads in ChatGPT on Android, assuring users that sponsored content will be clearly labeled and separated from model answers. The company says ads will not change responses and that it will not sell personal data to advertisers, though current chats may influence which sponsored message appears. Users can hide or report ads, ask ChatGPT about an ad, and manage ad-related data via a new Ads controls setting; paid tiers are exempt.

🔔 OpenAI said it will retire the popular GPT-4o model on February 13, 2026, along with several other models, including GPT-5 Instant, GPT-5 Thinking, GPT-4.1, and o4-mini. The company said the move follows the rise of GPT-5.2, which it now regards as meeting expectations for capability and safety. OpenAI introduced a Personality feature to help users replicate aspects of GPT-4o’s warmer, conversational style, and said API behavior is unchanged at this time.