All news in category “AI and Security Pulse”

🛡️ Non-human employees — bots, AI agents, service accounts and automation scripts — are expanding enterprise attack surfaces as organizations scale AI and cloud automation. NHIs often live outside traditional IAM and frequently hold over-permissioned standing access and static credentials, making them attractive targets. The article recommends applying zero-trust, enforcing least-privilege and Just-in-Time access, and adopting ephemeral secrets and automated rotation. It highlights secrets and Privileged Access Management solutions such as KeeperPAM to centralize secrets, monitor privileged sessions, and make machine identities auditable and manageable at scale.

🔒 Researchers propose a defensive data-poisoning tool called AURA to protect proprietary knowledge graphs that feed LLMs. The method injects plausible but false entries that authorized users can filter out with a secret key, while stolen graphs become unreliable for attackers. The authors report degrading unauthorized accuracy to 5.3% and preserving 100% fidelity for key-holders with under 14% max latency overhead.

🤖 OpenAI has begun rolling out a new variant of its coding agent, labeled GPT-5.2-Codex-Max, to a subset of paying users who have spotted the model identifier when querying Codex. The release follows December’s introduction of Codex with GPT-5.2 and appears to deliver enhanced long-task persistence, repository context compaction, improved tool reliability, better Windows workflow handling, and stronger vision for interpreting screenshots, UI bugs, and diagrams. Given the prior uplift seen with GPT-5.1-Codex-Max, this Max tier is expected to provide another notable performance bump, and OpenAI may publish formal details in the coming days.

🔐 Generative AI is accelerating password attacks against Active Directory, making cracking cheaper, faster, and more targeted than traditional techniques. Models like PassGAN learn real-world password patterns and can predict employee passwords when trained on breach data or public company content. Combined with readily available GPU cloud rentals, attackers can test vastly more candidates and tailor guesses using org-specific reconnaissance. Vendors such as Specops recommend longer, random passphrases and breached-password screening to reduce exposure.

🔍 Microsoft pushed back after security engineer John Russell disclosed multiple prompt injection and sandbox-related issues in Copilot, which the company says do not meet its vulnerability criteria. Russell reported indirect and direct prompt injection that could leak the system prompt, a file-upload bypass via base64-encoding, and the execution of commands inside Copilot's isolated Linux environment. Microsoft told BleepingComputer it reviewed the reports against its public bug bar and assessed them as out of scope when they did not cross clear security boundaries or impacted only the requesting user's environment. The exchange highlights differing definitions of AI risk between vendors and researchers.

🔐Agentic AI introduces a new class of identity that behaves with humanlike intent yet scales and persists like machines. Traditional IAM and PAM were designed for employees and predictable workloads; AI agents are decentralized, easy to create, cross‑platform, and often granted broad privileges, creating serious blind spots. CISOs should apply lifecycle management: assign clear ownership tied to the identity provider, define explicit measurable purpose and scope, enforce least privilege, maintain continuous visibility to detect privilege drift, and automate revocation when agents go idle.

🔒 As AI hype settles, CISOs are refocusing 2026 priorities on resilience, rapid detection, and measurable outcomes. They favor engineering-driven architecture for cloud stability, AI-enabled orchestration to cut dwell time, and broad identity and privilege governance for human and non-human accounts. Visibility and SaaS discovery will curb shadow AI use, while security baked into agentic AI and post-quantum preparedness (cryptographic inventories and vendor roadmaps) become essential. Turning security into a visible trust signal and linking spend to ROI rounds out the agenda.

🔒 CrowdStrike and NVIDIA operationalized Nemotron LLMs to enable natural-language-to-CQL translation inside the Falcon platform. They leveraged millions of analyst queries, AST-based deduplication, and a PII scrubbing pipeline, then used NVIDIA NeMo Data Designer to generate synthetic natural-language descriptions for fine-tuning. Fine-tuning Llama-3.3-Nemotron-Super-49B-v1.5 with LoRA produced improved accuracy, interpretability through intermediate reasoning, and 96% valid-query accuracy versus frontier alternatives.

⚡ Google is testing a new image AI called Nano Banana 2 Flash, positioned as the fastest model in the Gemini Flash lineup. It aims to deliver quicker, more affordable image generation and editing than the existing Nano Banana Pro, though it will not match the Pro’s top-end capability for complex, high-accuracy creative tasks. The model was spotted on X by leaker MarsForTech and appears to prioritize speed and cost over fidelity.

🤖 Generative AI is rapidly transforming CyberOps by automating routine tasks, accelerating investigations and raising overall team productivity. Tools—some developed in-house and some by vendors—assist with forensics, incident response, log analysis, orchestration, vulnerability management and reporting. While AI scales capabilities and elevates junior staff, leaders stress the need for AI governance, prompt engineering skills and human oversight to manage risk.

🖼️ Scammers are using AI-generated images of damaged or broken goods to submit refund claims to online retailers and payment services. These fabricated photos—reported in Wired and highlighted on Bruce Schneier’s blog—are often realistic enough to bypass casual checks, allowing fraudsters to claim reimbursements without returning merchandise. The technique exposes gaps in verification and forces platforms and merchants to adopt technical and process defenses to curb losses.

🔒 Many SOC teams are experimenting with AI but fail to operationalize it, treating models as shortcuts for broken processes rather than engineering solutions. Christopher Crowley summarizes 2025 SANS SOC findings and identifies five practical SOC workflows—detection engineering, threat hunting, software development, automation, and reporting—where narrowly scoped, testable AI can add reliable value. He stresses rigorous validation, human accountability, and ongoing tuning to avoid overreliance on out-of-the-box models.

🛡️ OWASP published the Agentic Applications Top 10 for 2026 to classify risks unique to autonomous AI agents. Koi Security summarizes multiple real incidents from the past year — malicious MCP servers, poisoned assistants, and RCEs in Claude Desktop extensions — that show how autonomy expands attack surfaces. The report stresses inventorying runtime dependencies, enforcing least privilege, and monitoring agent behavior to detect and contain attacks.

🤖 OpenAI is rolling out a mobile update that lets ChatGPT Plus subscribers select the Thinking time toggle, often called the model's 'juice', to enable longer, higher‑compute responses on mobile. Until now, Android devices routed Thinking requests through Standard Thinking, which uses less compute and cannot sustain long reasoning. On desktop, users could already switch between Standard Thinking and Extended Thinking, with Extended using more compute for complex queries. The rollout is gradual, the toggle is limited to ChatGPT Plus (the Go tier does not include it), and OpenAI also introduced new desktop formatting blocks and mini editor toolbars for richer task-specific outputs.

🚀 Microsoft is rolling out GPT-5.2 to Copilot on web, Windows, and mobile as a free upgrade that will coexist with the existing GPT-5.1 model. The new option appears as a 'Smart Plus' mode and uses a 'Thinking' variant designed for more complex, multi-step tasks. OpenAI positions GPT-5.2 as its strongest model family yet, improving productivity for spreadsheets, presentations, coding, document understanding, image work, and tool use.

🔒 2025 exposed major, real-world risks across the AI ecosystem as rapid adoption of agentic AI expanded enterprise attack surfaces. Researchers documented pervasive Shadow AI and vulnerable vendor tools, AI supply-chain poisoning, credential theft (LLMjacking), prompt-injection attacks, and rogue or misconfigured MCP servers. These incidents affected popular frameworks and cloud services and resulted in data breaches, remote-code execution, and costly fraud.

🔒 Traditional security frameworks like NIST CSF, ISO 27001, and CIS Controls were designed for legacy IT assets and do not map cleanly to AI-specific risks. Recent incidents — including the December 2024 Ultralytics compromise, ChatGPT memory-extraction flaws across 2024, and August 2025 malicious Nx packages — show organizations can meet compliance yet remain exposed. The article argues security teams must adopt AI-tailored controls such as prompt validation, model integrity verification, semantic DLP, and AI-focused red teaming.

📰OpenAI is exploring a new ad format for ChatGPT — 'sponsored content' — that could be prioritized within model responses and shown in a sidebar or carousel. References to the feature appeared in an Android beta and in mockups reported by The Information. An OpenAI spokesperson confirmed the company is researching ads and said any approach would be designed to respect user trust.

📝 OpenAI has introduced 'formatting blocks' in ChatGPT, adjusting how the interface presents generated content to match the specific task users are performing. The update adds a compact editor toolbar that appears when text is highlighted in newer rich-text areas, such as email composition or writing drafts. Drafts are now shown as formatted documents users can edit inline, similar to Word or Gmail, rather than as plain chat messages. The feature is rolling out gradually and OpenAI plans to add support for additional formats over time.

🛠️ OpenAI is testing a new ChatGPT feature called Skills, modeled on Anthropic's Claude Skills. Reports say the capability — codenamed 'hazelnuts' — will appear as slash commands and include a dedicated Skills editor plus an option to convert a custom GPT into a skill. Claude's Skills are folder-based instructions that can be composable, portable, efficient, and can include executable code; OpenAI's implementation appears to follow a similar design. Timing is unclear, but a January 2026 rollout is currently suggested.