All news in category “AI and Security Pulse”

🔐 Researchers at Varonis Threat Labs uncovered 'Reprompt', a one-click attack that abuses Microsoft Copilot Personal by embedding prompts in URLs and using follow-up server requests to exfiltrate data. It combines a URL 'q' parameter injection, a double-request bypass of initial sanitization, and chained server instructions to siphon conversation history and files without further user interaction. Microsoft issued a patch; organizations should treat prefilled prompts as untrusted and enforce continuous authentication, least privilege, prompt hygiene, auditing, and anomaly detection.

🔍 OpenAI is rolling out an upgrade to ChatGPT that improves chat-history search and recall. The new reference chat history option lets ChatGPT more reliably find details from past conversations and marks any past chat used to answer queries as a source you can open and review. The feature is currently rolling out to Plus and Pro subscribers. OpenAI also updated personality controls and improved dictation accuracy for all logged-in users.

⚠️Researchers in 2025 discovered multiple unsecured databases of AI-generated images and videos, many depicting sexualized or fabricated nudes created from everyday photos. Analysis pointed to third-party generative tools such as MagicEdit and DreamPal, which offered explicit editing, face‑swap and clothing‑change features and, in some cases, disabled filters for erotic content. The exposure highlights how generative AI lowers the barrier to producing convincing fake intimate images and broadens the pool of potential sextortion victims. The post urges tightening social media privacy, using tools like Privacy Checker, and monitoring children with Kaspersky Safe Kids.

🔒 Cybersecurity researchers disclosed a novel method called Reprompt that can enable single-click data exfiltration from AI chatbots, notably Microsoft Copilot, while bypassing typical enterprise controls. The technique exploits the Copilot q URL parameter to inject instructions from a link, then uses repeated requests and a remote attacker server to continue covert fetching and return of sensitive data with no further user interaction. Microsoft says it addressed the issue and that Microsoft 365 Copilot enterprise customers are not affected, but researchers warn the approach turns Copilot into an invisible exfiltration channel.

🔍 Episode 450 explores confusion after claims that data linked to 17.5 million Instagram accounts was put up for sale — a story driven by a vague post, conflicting statements, and an unexpected flood of password‑reset emails. The episode also examines Grok, Elon Musk’s AI chatbot, after it generated sexualised images of women and children, raising urgent questions about guardrails and accountability. Hosts discuss why simple censorship is not a solution.

🔐 The post argues that traditional vulnerability-sharing frameworks built around software flaws are inadequate for adversarial AI threats such as poisoning and inference attacks that target models and data rather than code. It recommends bridging existing cyber infrastructure — including the CVE Program, CVSS, CNAs, the NVD and CISA’s KEV Catalog — with new standards for AI artifacts like poisoned datasets and backdoored models. Palo Alto Networks supports the White House AI Action Plan and the proposed AI-ISAC to accelerate adoption, coordinate disclosure, and help operationalize AI-specific vulnerability management.

🛡️As AI copilots and assistants are embedded into daily work, recent incidents show the primary risk lies in surrounding workflows rather than in the models themselves. Malicious Chrome extensions that exfiltrated ChatGPT and DeepSeek chats and prompt injections that tricked an AI coding assistant into executing malware exploited integration contexts, not model internals. The piece advises mapping AI usage, applying least-privilege, enforcing middleware guardrails to scan outputs, and using dynamic SaaS platforms like Reco to detect and control risky workflows.

🔍Generative AI is transforming fuzzing by automating test generation, expanding input diversity, and enabling scalable discovery of bugs and logic flaws. Security teams and consulting firms use models to create behavioral variants, convert breach data into scenarios, and prototype fuzzing harnesses to exercise code and APIs at scale. Attackers likewise leverage uncensored or fine‑tuned models to automate complex, high‑throughput attacks, forcing defenders to continuously fuzz guardrails and address LLM nondeterminism and prompt injection.

🔍 OpenAI is internally testing a feature codenamed Agora, with references appearing in its web, Android, and iOS apps. The clues point to a potential cross-platform capability — possibly a unified client, a social or group interaction layer (reflecting the Greek meaning of 'agora'), or a communications feature that may leverage agora.ai's audio/video SDK. Observers also link the work to OpenAI's hardware experiments, and a recent update improved ChatGPT's dictation accuracy for logged-in users.

🤖 Google is testing integration of Gemini into Chrome for Android, with Chromium source references indicating an agentic feature codenamed Glic. A Google engineer noted the browser binary increases because of the added support code, suggesting significant new functionality. The integration may provide contextual, agent-like actions such as page summaries and follow-up queries, similar to mobile copilots. No release timetable has been announced.

🔐 Google is rolling out a new Personal Intelligence capability in Gemini that can access information from Gmail, Google Photos, Search, YouTube and other Google products to generate more personalized responses. The feature is opt-in, off by default, and users can choose which apps to connect, disconnect them, or turn the feature off at any time. Google illustrates uses such as pulling tire specifications from photos and emails or extracting a license plate from an image to confirm vehicle details. The functionality is launching as a U.S. beta for eligible subscribers, and Google warns that the model can still produce inaccuracies or over-personalization, inviting users to provide feedback.

🌐 OpenAI has quietly launched ChatGPT Translate, a web-based translation tool accessible at chatgpt.com/translate and available to all users without a paid account. It supports typed text, photo uploads, voice input, and file attachments, automatically detecting language or allowing manual source/target selection. The tool emphasizes preserving meaning over literal translations and lets users request tones like “business formal” or “explain like a child,” with the added benefit of continuing the conversation to refine results. ChatGPT’s Android and iOS apps do not yet expose the translate toggle.

🛡️ Tenzai's December 2025 assessment found that five popular vibe coding tools — Claude Code, OpenAI Codex, Cursor, Replit, and Devin — frequently generate insecure code when given common programming prompts. Across 15 generated applications the researchers identified 69 vulnerabilities, many low‑to‑medium but several rated high and six rated critical. The most serious flaws involved API authorization and business‑logic failures; by contrast, the tools avoided classic issues such as SQLi and XSS. Tenzai concluded human oversight, targeted testing, and embedding security into AI development workflows remain essential.

🔒 Organizational AI agents are increasingly embedded in critical workflows and often run under shared service identities with broad, long-lived permissions. Because actions execute under the agent identity, users can indirectly obtain access they don’t have, and audit logs typically attribute activity to the agent rather than the initiating user. This creates invisible privilege-escalation paths and complicates least-privilege enforcement. Wing is cited for continuously discovering agents, mapping their access to critical assets, and restoring visibility and accountability.

⚠️ Security researchers at Varonis disclosed a vulnerability, dubbed Reprompt, that could let attackers hijack a user's Copilot Personal session by embedding malicious instructions in a URL. The attack leverages the 'q' URL parameter to inject prompts that execute when the page loads, then uses chained server-side follow-up requests to maintain access and exfiltrate data after a single click. Varonis reported the issue to Microsoft on August 31, and Microsoft issued a fix on the January 2026 Patch Tuesday; users should apply the latest Windows update promptly.

🤖 Allianz Commercial's annual Risk Barometer reports that artificial intelligence has jumped from tenth to second place among global business risks, trailing only cybercrime. The insurer warns that cybercriminals increasingly harness AI for social engineering—deepfakes, cloned voices and highly tailored phishing—while legitimate internal AI use can produce erroneous or fabricated outputs that prompt litigation and reputational harm. The survey of 3,338 professionals across 97 countries also links AI risk to business interruptions and copyright exposure.

🧠 In episode 83 of The AI Fix, hosts Graham Cluley and Mark Stockley explore how users are testing and tricking large language models, including a journalist’s invented idiom that exposed AI bluffers. They discuss OpenAI’s new ChatGPT Health, a Dutch case where a marriage certificate was invalidated after an official used ChatGPT, and quirky AI applications like an automated barman. The episode also examines research on new methods to corrupt LLMs and continuing debate over the future of Stack Overflow.

🔒 This webinar explains why MCPs — the control plane that governs what agentic AI can execute — are a critical but often overlooked security boundary. Drawing on recent incidents such as CVE-2025-6514, the session shows how trusted proxies and misconfigurations can convert automation into a remote code execution vector at scale. Participants will learn to detect shadow API keys, audit agent actions, and apply practical controls to secure agentic AI without slowing development.

🟢 Apple and Google confirmed a multi-year collaboration that will bring Google's Gemini models and Google Cloud hosting to future versions of Siri and Apple Foundation Models. The move aims to address performance gaps after Apple’s in-house Siri models lagged behind rivals. Apple says Apple Intelligence will run on-device and on its Private Cloud Compute while foundation models are hosted on Google Cloud, and that user privacy remains a priority.

🔒 Fortinet CISO Carl Windsor argues that 2026 will demand resilience as the central organizing principle for security as AI accelerates both innovation and risk. CISOs must act as de facto chief resilience officers, embedding continuity into AI-augmented operations and assuming AI-enabled failures will occur. He outlines five strategic priorities—business continuity, AI governance, hardened identity, cross‑functional collaboration, and continual adaptation—to contain and absorb disruption.