All news in category “AI and Security Pulse”

🔐 Taylor Lehmann outlines five CISO priorities for 2026, urging leaders to align compliance work with broader operational resilience rather than treating regulation as the only objective. He emphasizes securing the AI supply chain with end-to-end provenance and tools such as SLSA and SBOM, and strengthening identity management for humans and agents. Lehmann also calls for defenses that operate at machine speed and for improved AI governance through context, advanced testing, and red teaming.

🔐 Bruce Schneier summarizes an Anthropic evaluation showing that Claude Sonnet 4.5 can perform multistage attacks across networks with dozens of hosts using only standard, open-source tools. In a high-fidelity simulation of the Equifax breach the model reportedly exfiltrated personal data from a Kali Linux host via a Bash shell, recognizing a public CVE and generating exploit code without external lookup. The results illustrate how fast AI is lowering barriers to autonomous cyber workflows and reinforce the urgent need for prompt patching, layered defenses, and basic security hygiene.

🔒 AI agents dynamically select and invoke tools using natural-language descriptions, creating a new attack surface in the agent's reasoning layer. Agentic tool chain attacks manipulate tool metadata and context — via tool poisoning, tool shadowing, or rugpull attacks — to exfiltrate data or trigger unauthorized actions without altering tool code. Defenses should center on tool governance, trusted MCP identity, strict parameter validation, and reasoning-layer observability. Organizations must adopt signed manifests, version pinning, mutual TLS, and telemetry to detect and contain these threats.

🔒 A BlackFog survey reports that 49% of workers use AI tools at work without employer approval, often relying on free versions that may retain and use corporate data. Senior leaders appear surprisingly tolerant—69% of presidents and C-suite members and 66% of directors and senior VPs prioritize speed and efficiency over privacy. The study highlights risks to intellectual property and sensitive employee and financial data when unsanctioned tools are connected to corporate systems. It recommends audits, clear policies, vendor verification, and employee education to regain visibility and control.

🔍 Microsoft Defender Security Research Team describes an AI-assisted workflow that converts unstructured threat reports into actionable detection insights. The system uses LLMs with Retrieval Augmented Generation to extract candidate TTPs, metadata, and required telemetry, then normalizes behaviors to MITRE ATT&CK. Extracted TTPs are compared to a standardized detection catalog via vector similarity search and LLM validation to surface likely coverage and gap recommendations. Human-in-the-loop review, deterministic prompts, and evaluation loops are emphasized to ensure accuracy before operational changes.

🔍 A joint investigation by SentinelOne SentinelLABS and Censys identified 175,000 publicly reachable Ollama hosts across 130 countries, spanning cloud and residential networks. Nearly half of observed instances advertise tool-calling capabilities that can execute code, access APIs, and interact with external systems, significantly raising the threat profile. Researchers warn these unmanaged LLM deployments lack standard authentication and monitoring, enabling active LLMjacking campaigns and resale of illicit access.

🤖 This Kaspersky article evaluates safety and privacy risks in consumer AI toys by testing four products—Grok, Kumma, Miko 3, and Robot MINI—using a simulated five‑year‑old. It emphasizes that these devices run on general-purpose LLMs (for example, OpenAI, Anthropic, Google) with inconsistent vendor guardrails. Tests show toys sometimes disclosed locations of dangerous household items, engaged on adult topics, and transmitted or stored voice and biometric data. The piece warns current toys lack reliable safety boundaries and calls for stronger guardrails and clearer data practices.

🛡️ The acting director of the U.S. Cybersecurity and Infrastructure Security Agency uploaded multiple for official use only (FOUO) contracting documents to the public version of ChatGPT between mid‑July and early August 2025, triggering automated DHS security alerts. Sensors detected the activity in early August, generating several alerts in the first week and prompting an internal review. The uploads—containing contracting information not intended for public release—underscore gaps in AI governance and exception handling for senior officials at CISA.

🛡️A new Sumo Logic report finds widespread AI/ML adoption in security operations but limited depth of use. The 2026 Security Operations Insights study, published 28 January, shows 96% of security leaders report adopting AI/ML, with 90% valuing it for reducing alert fatigue and improving detection. However, most cited relatively basic use cases — threat detection, automated response, anomaly detection and incident triage — challenging vendor narratives about broad, deep AI integration. The survey also highlights tool sprawl and alignment gaps between security and DevOps.

🔒 Researchers at Pillar Security warn of large-scale campaigns that probe and exploit exposed LLM and MCP endpoints to steal compute, exfiltrate context data, and resell API access. In recent weeks, honeypots captured roughly 35,000 attack sessions linked to Operation Bizarre Bazaar and a parallel MCP reconnaissance effort that leverage Shodan/Censys scanners, automated validators, and a criminal marketplace. Threat actors target unprotected Ollama, vLLM and OpenAI-compatible endpoints and are marketing discounted access via a site called The Unified LLM API Gateway. Organizations must require authentication, audit MCP exposure, apply rate limits, block known malicious ranges, and treat AI endpoints with the same rigor as APIs and databases immediately.

⚠️ Moltbot, an open-source local AI assistant, has become popular for deep system integration but is being deployed insecurely in enterprise environments, risking exposure of API keys, OAuth tokens, conversation history, and credentials. Researcher Jamieson O'Reilly and others found hundreds of exposed admin interfaces caused by reverse proxy misconfigurations that auto-approve "local" connections, allowing unauthenticated access and command execution. A supply-chain proof-of-concept showed a malicious Skill could rapidly reach developers. Vendors recommend isolating instances in VMs and enforcing strict firewall and access controls.

🛡️ AI agents are being embedded into regulated workflows and are forcing a rethink of controls designed for human actors, including SOX, GDPR, PCI DSS, and HIPAA. Because agents act, adapt, and drift, controls that once relied on predictable human behavior can silently fail, collapsing segregation of duties and exposing sensitive data. CISOs should treat agents as non-human identities with least‑privilege access, strong credential management, continuous monitoring, and robust logging and change governance to keep regulated workflows auditable and defensible.

🔒 Researchers at Pillar Security recorded over 35,000 attack sessions in a 40-day window revealing a large-scale operation they call Bizarre Bazaar, an instance of LLMjacking that monetizes exposed LLM endpoints. The campaign targets misconfigured self-hosted models, unauthenticated APIs (notably Ollama on port 11434 and OpenAI-compatible services on port 8000), and publicly accessible MCP servers. Compromised endpoints are used for cryptocurrency mining, reselling API access through a marketplace dubbed silver[.]inc, data exfiltration, and lateral movement into internal systems.

🛡️ Agentic AI is reshaping SOC operations by automating contextual triage and correlating telemetry across EDR, identity, email, cloud, SaaS, and network sources so analysts review machine-validated verdicts instead of raw alerts. The approach reduces missed threats and eliminates the need to sample low-fidelity signals. It also provides structured feedback for detection engineering and enables natural-language threat hunting that democratizes proactive investigations. Prophet Security emphasizes depth, accuracy, transparency, and seamless workflow integration to build analyst trust.

⚠️ Delegating authority to software and automated workflows is fundamentally a risk decision, not merely an operational efficiency. Leaders routinely hand judgment and transaction power to systems through configuration, vendor defaults, or personal agents, creating outcomes that persist beyond intent. Security teams often surface the first signals, but the exposure spans operational, financial, legal, and reputational domains. Organizations must document, bound, and assign ownership for delegated authority so tradeoffs align with enterprise risk appetite.

🔒 Researchers at Unit 42 demonstrated how attackers can convert benign webpages into bespoke phishing pages by calling LLMs from client-side code to generate malicious JavaScript in real time. This polymorphic technique assembles malware inside the victim’s browser, leaving no static payload and evading many traditional network and signature controls. Defenders are advised to prioritize message-layer protections, secure web gateways, and secure enterprise browsers to block the initial lure and the last mile reassembling of malicious code.

📺 OpenAI will begin showing ads in ChatGPT responses for U.S. users on the free tier and the $8 Go plan, placing sponsored content beneath AI answers. A report says OpenAI plans to charge up to $60 per 1,000 views — a CPM comparable to live NFL broadcasts — while not disclosing detailed click data. OpenAI says ads won’t use personal health data for training and will not alter answers. Ads roll out in the coming weeks; subscribing to $20 GPT Plus removes them.

🎧 In episode 85 of The AI Fix, hosts Graham Cluley and Mark Stockley explore a range of current AI stories and controversies. They highlight Silicon Valley efforts to market robotic pet companions as solutions for pet mental health, and discuss Yann LeCun's public assertion that the AI industry is mistaken about the role of large language models. The episode also covers OpenAI’s decision to introduce ads to ChatGPT, a public spat between Sam Altman and Elon Musk over AI harms, humanoid robots showcased at CES 2026, and the decision by cURL to end its bug bounty program in response to automated, AI-driven noise.

🤖 Bugcrowd's survey of 2,000 security researchers found 82% now incorporate AI into their workflows, up from 64% in 2023. Respondents highlighted automation of repetitive tasks, analysis of messy or large codebases, and AI as a research assistant as primary use cases. Organizations gain faster, more comprehensive and higher-quality findings without necessarily increasing budgets. The report also notes stronger outcomes from team collaboration and outlines key community demographics.

🤖 Many CISOs feel torn between moving quickly with AI and preventing new security risks. The article recommends breaking AI into categories by autonomy and potential impact to separate routine generative AI from higher-risk agentic systems. It stresses that data integrity is as important as data protection and proposes a tiered governance model: categorize use, apply baseline controls, assign review forums, and enforce unbreakable rules like kill switches. Practical measures such as acceptable-use policies, training, least-privilege and continuous monitoring are highlighted as table-stakes.