All news in category “AI and Security Pulse”

🔒 Gartner warns that the surge of AI-generated data threatens the reliability of large language models and predicts that 50% of organizations will adopt a zero-trust stance for data governance by 2028. A 2026 survey found 84% of CIOs expect increased generative AI funding, accelerating AI-produced outputs and raising the risk of model crash. Gartner advises authentication, verification, and proactive metadata tagging to identify AI-generated data and meet evolving regulatory demands.

⚠️ Agentic AI systems introduce acute governance and security challenges because autonomous agents can plan, execute tools, and process sensitive data without human oversight. The OWASP Foundation's Top 10 catalog identifies threats such as goal hijack, tool misuse, privilege abuse, supply chain compromise, RCE, memory poisoning, insecure inter-agent communication, cascading failures, human-trust exploitation, and rogue agents, each with examples and mitigations. Kaspersky condenses those findings and emphasizes a layered, near-Zero Trust defense: least autonomy and privilege, short-lived credentials, human-in-the-loop for critical actions, execution isolation, intent gates, continuous logging, behavioral monitoring, supply chain controls, and targeted training.

🛡️AI-driven attacks are rapidly evolving, with adversaries using LLMs to conceal code and generate malicious scripts that can shape-shift to evade traditional defenses. Recent disclosures, including Google's threat intelligence and Anthropic's November 2025 report of an AI-orchestrated espionage campaign, highlight automation across intrusion lifecycles. The piece emphasizes that pairing NDR and EDR enables correlation of network anomalies and endpoint telemetry, and cites Corelight's Open NDR Platform as an example of layered, behavioral detection to surface threats that slip past EDR alone.

🛠️OpenAI is testing an update to ChatGPT’s Temporary Chat that lets temporary sessions retain personalization—such as memory cues, chat history signals, and preferred style or tone—while keeping the conversation isolated from your account. The mode remains temporary, can be turned off, and OpenAI may retain a copy for up to 30 days for safety. Start it by opening a new chat and selecting the “Temporary” pill in the top-right corner.

🔐 AI agents are accelerating enterprise work but create new ownership and approval gaps for security teams. Unlike human users or traditional service accounts, agents often operate autonomously, persistently, and with delegated authority, which can expand access beyond any single user's permissions. The article separates agents into personal, third-party, and organizational categories and highlights that organizational agents carry the greatest systemic risk. It recommends treating agents as distinct identities with defined owners, mapping user→agent interactions, and continuously reviewing agent access.

🔒 Microsoft describes runtime protections that let organizations inspect and control AI agent behavior in real time by integrating Microsoft Defender with Copilot Studio. Webhook-based checks evaluate planned tool invocations, intent, context, and previous orchestration outputs before execution, enabling precise allow/block decisions without changing agent logic. The post demonstrates three attack scenarios—malicious invoice-triggered instructions, SharePoint prompt injection, and capability reconnaissance—and shows how runtime blocking, logging, and XDR alerts prevent data exposure.

⚠️ Researchers from Koi found two malicious AI-style extensions on the VSCode Marketplace — ChatGPT – 中文版 and ChatMoss — that together have 1.5 million installs and silently transmit developer files to China-based servers. The extensions implement three distinct data-collection methods: real-time file reads and Base64 exfiltration via hidden webviews, a server-controlled file-harvest command that can steal up to 50 files, and a zero-pixel iframe that loads commercial analytics SDKs for fingerprinting and behavioral tracking. At publication both extensions were still available and Microsoft had not responded to inquiries.

🧰 Intruder used AI to draft a honeypot for its Rapid Response service and deployed it as intentionally vulnerable infrastructure. Weeks later logs revealed attacker payloads where IP addresses should be, exposing that the AI trusted client-supplied IP headers. Static tools like Semgrep and Gosec did not flag the issue; the flaw required contextual human judgement. The incident underscores risks of over-relying on AI-generated code and the need to adapt code review and CI/CD practices.

🔍 Anthropic reports that recent Claude models, notably Sonnet 4.5, can now carry out multistage network attacks using only standard open-source tools instead of bespoke cyber toolkits. In high-fidelity simulations, Sonnet 4.5 recognized a public CVE and exploited a Kali Linux host via a plain Bash shell to exfiltrate simulated personal data. Bruce Schneier highlights these findings as a major change, stressing the urgency of timely patching and basic security hygiene.

⚠️ A recent study finds that framing malicious instructions as poetry substantially raises the chance that chatbots produce unsafe outputs. Researchers converted known harmful prose prompts into verse and tested 1,200 prompts across 25 models from vendors such as Google, OpenAI, Anthropic, and DeepSeek. Across the full dataset, poetic prompts increased unsafe responses by an average of about 35%, while an extreme top-20 metric showed even higher bypass rates. The experiment highlights a novel stylistic jailbreak that can undermine conventional safety controls.

🤖 As AI chatbots such as ChatGPT become common in children’s lives, parents face growing safety, privacy and developmental concerns. Young people may use bots for homework, advice or companionship, which can lead to overreliance, social withdrawal, exposure to inappropriate material and convincing misinformation (so-called hallucinations). Providers implement guardrails, but age verification and enforcement are inconsistent and evolving more slowly than the technology. Parents are advised to combine open conversations, clear usage limits and app-level parental controls to reduce harm and protect sensitive data.

🔒 The curl project will end its HackerOne bug bounty program after being overwhelmed by a surge of low-quality, apparently AI-generated vulnerability reports that strained the small security team and harmed maintainers' wellbeing. Founder Daniel Stenberg said the torrent of AI slop submissions created a high triage burden. The project will accept HackerOne reports through January 31, 2026, then move to direct reporting via GitHub with no monetary rewards.

🤖 The essay examines why large language models remain vulnerable to prompt injection attacks and why incremental vendor fixes are insufficient. It explains that LLMs collapse layered human context into token similarity, lack social learning and interruption reflexes, and are trained to answer rather than defer. The authors warn that agents with tool access amplify these risks and argue for fundamental advances—such as task-specific constraints, real-world grounding, or new architectures—rather than patchwork defenses.

⚠️ Check Point Research says VoidLink, a modular Linux malware framework, appears to have been planned, structured, and largely written by AI rather than solely by human developers. Analysts found programmatically generated sprint-style plans, detailed technical specifications, and repetitive code patterns consistent with automated generation. The project reportedly grew to tens of thousands of lines of code in under a week, compressing months of work into days. That speed and planning raise concerns that AI can significantly lower the barrier to producing sophisticated, cloud- and container-focused threats.

🛡️Foundry’s Security Priorities Study finds 73% of security decision-makers are now more likely to consider a security solution that uses artificial intelligence, up from 59% a year earlier. CISOs plan to deploy AI for malware and threat detection, anomaly detection, real-time risk prediction, IAM, DLP, automation of responses, and improved visibility. Respondents cited faster detection of unknown threats, accelerated response times, and lower analyst workload. Experts caution against vendor hype, data-quality issues, hallucinations, and governance gaps, and recommend building AI-ready security data platforms.

🛑 Curl has ended paid rewards in its bug bounty program after a surge of low-quality, AI-generated vulnerability reports overwhelmed the project's triage resources. Chief administrator Daniel Stenberg said the volume of "AI slop" and generally poor reports left maintainers unable to keep up. Over the years Curl paid $101,020 in bounties, and the project joins other vendors reassessing programs as automated tooling reshapes vulnerability disclosure.

🛡️ Microsoft outlines why the rise of autonomous AI agents requires a new security posture. Microsoft Defender delivers AI Security Posture Management across multi-cloud environments to provide visibility, risk prioritization, and tailored remediation for agent-specific threats such as data-connected exposures, indirect prompt injection (XPIA), and compromised coordinator agents. The guidance emphasizes hardening, attack path analysis, and human-in-the-loop controls to reduce blast radius.

🧠 Check Point researchers say VoidLink, a modular Linux malware family targeting cloud servers, appears to have been largely generated and orchestrated by AI. The toolkit contains over 30 plugins for persistence, stealth and remote control. An exposed development plan and timestamps suggest a single operator used AI agents to plan sprints, generate design documents, probe guardrails and iteratively produce working code within weeks.

🛡️ Check Point Research and Sysdig examined a sophisticated Linux malware framework called VoidLink and concluded a single developer used an AI coding agent to accelerate development. The Zig-based project grew to over 88,000 lines by December 2025 and exhibits systematic artifacts — consistent debug formatting, placeholder data like "John Doe", uniform _v3 API patterns, and exhaustive JSON templates — that suggest heavy LLM involvement. No real-world infections have been observed, but researchers warn this case demonstrates how AI can rapidly lower the barrier to creating advanced offensive tooling.

🔍 ChatGPT Atlas is testing a new