All news in category “AI and Security Pulse”

🔒 NIST is investing $20m to fund two new AI security research centers run by nonprofit MITRE: the AI Economic Security Center for US Manufacturing Productivity and the AI Economic Security Center to Secure US Critical Infrastructure from Cyber Threats. The centers will develop technology evaluations and advancements to protect US AI leadership, counter adversarial AI uses, and reduce risks from insecure systems. NIST says the effort will drive applied science breakthroughs and support commercialization of new technologies.

🎄 This Christmas episode of The AI Fix examines whether chatbots agree that Santa Claus exists, testing responses from popular conversational AIs and Google's seasonal features. The hosts discuss a string of Waymo robotaxi incidents that sparked PR headaches, Microsoft's reduced ambitions for Copilot amid low usage, and research suggesting future programmers may rely more on psychological prompt design than traditional coding. Hosts: Graham Cluley and Mark Stockley.

🚀 MiniMax-M2 is now available on SageMaker JumpStart, enabling immediate deployment of this efficient open-source MoE model in minutes. The model combines 230 billion total parameters with 10 billion active parameters to deliver a compact, fast, and cost-effective option optimized for coding and agentic tasks while preserving strong general intelligence. Customers can deploy via SageMaker Studio or the SageMaker Python SDK and follow AWS best practices for production use.

🔒 Many enterprises are racing to deploy autonomous agentic AI without establishing robust identity and authentication controls, creating an identity crisis for CISOs. Experts warn that fewer than 5–10% of organizations assign formal agent identities (for example via PKI) before wider release, leaving deployments vulnerable to hijacking and prompt-injection. Because agents routinely communicate with one another, a compromised agent can cascade malicious instructions across legitimate agents before revocation, and current vendor solutions and kill switches are incomplete or absent.

🤖 Trend Micro's Rachel Jin warns that the rapid evolution of AI is outpacing static security controls and forcing defenders to embrace automation and context-aware defenses. She notes LLMs update frequently and attackers leverage that pace to craft tailored phishing, automate tasks and scale operations. Jin stresses that visibility into AI usage, agents and infrastructure is essential and recommends an AI security blueprint to map risk, consolidate tooling and prioritize scarce budgets.

🖼️ Fraudsters are using AI and large language models to create highly convincing fake invoices, appraisal certificates and certificates of authenticity for artworks, making forgeries harder to detect. Brokers and appraisers, including Marsh, report that chatbots can invent plausible experts and documentation or hallucinate false references that owners accept as real. Insurers and valuation firms are now deploying AI-based metadata analysis and anomaly detection to flag manipulated provenance and guide human review.

🛡️ CrowdStrike outlines its methodology for training security-focused GenAI models at scale using the Google Cloud Vertex Training Cluster and an infrastructure-as-code approach. The team leverages Slurm for workload scheduling, modular data pipelines with synthetic augmentation, and a mix of parallelism strategies (data, tensor, pipeline, sequence/expert) to match model size and hardware. They optimize across GPU architectures (H100, B200) using high-performance attention kernels like Flash Attention and NCCL for inter-node communication to improve throughput, support extended contexts, and manage memory via gradient checkpointing and observability tooling.

🤖 The editorial teams of Computerwoche, CIO and CSO reflect on a turbulent 2025 shaped by the rapid rise of AI, economic uncertainty and geopolitical friction. They call out major flops such as widespread AI‑justified layoffs (Surfshark estimates 200,000+ jobs lost) and the growing use of AI by cybercriminals, while noting positive trends: pragmatic CIOs focusing on data quality, innovative change management like Mobilezone, and sizable sovereignty investments such as Schwarz IT.

🛡️ The OWASP Top 10 for Agentic Applications identifies the most critical security risks from AI agents—systems that access data, invoke tools, and act autonomously—and offers CISOs practical threat taxonomies, mitigation strategies, and example threat models. Contributors prioritized data-driven, real-world issues discovered during research, including many agentic deployments unknown to IT and security teams. The list is designed to be consumable and directly actionable for threat modeling, governance, and security architecture.

🔒 CrowdStrike outlines a science-backed framework for training, validating, and hardening AI agents to perform analyst-grade triage and response in the SOC. The post emphasizes using expert-annotated data, reproducible benchmarking, continuous human feedback, scalable heterogeneous architecture, strict guardrails, and adversarial testing. CrowdStrike cites over 98% decision accuracy for Charlotte AI Detection Triage and Agentic Response agents and highlights time-savings and auditable recommendations to accelerate investigations while preserving human oversight.

🔒 The post argues that financial institutions must treat cybersecurity as the foundation for safe AI adoption, centering on three imperatives: understand the AI–cybersecurity nexus, harness AI to accelerate detection and response, and adopt Secure AI by Design. It highlights AI-driven SOCs that distill billions of events into actionable incidents and cites customer outcomes such as dramatic reductions in MTTR and large-scale threat prevention. The author also describes new AI-specific risks to data, models and agents, and calls for enterprise governance, risk-tiered inventories, strict access controls and coordinated policy to enable innovation while managing systemic risk.

🔐 Infinity Global Services (IGS) has launched its first dedicated AI security training courses, the initial release in a growing AI services portfolio. The programs offer expert-led instruction and hands-on labs to help security teams, developers, and leaders defend against AI-driven threats and implement AI securely across operations and product development. IGS also plans upcoming offerings in AI red teaming, governance, and implementation consulting to extend defensive and advisory capabilities.

⚠️ Checkmarx research shows Human-in-the-Loop (HITL) confirmation dialogs can be manipulated so attackers embed malicious instructions into prompts, a technique the researchers call Lies-in-the-Loop (LITL). Attackers can hide or misrepresent dangerous commands by padding payloads, exploiting rendering behaviors like Markdown, or pushing harmful text out of view. Approval dialogs meant as a final safety backstop can thus become an attack surface. Checkmarx urges developers to constrain dialog rendering and validate approved operations; vendors acknowledged the report but did not classify it as a vulnerability.

🔒 Within the past year AI copilots and agents have been embedded across major SaaS like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow, creating dynamic cross-app data flows that traditional governance struggles to monitor. A dynamic AI-SaaS security layer functions as an adaptive guardrail over OAuth grants and integrations, logging prompts and file access, detecting permission drift in real time, and blocking risky actions. Platforms such as Reco aim to deliver continuous visibility, end-to-end auditability, and automated policy enforcement so organizations can adopt copilots without losing control.

🤖 The Future Report, based on responses from over 7,000 European teenagers, finds young people largely optimistic and adept at using AI and algorithmic platforms in daily life. Many report educational benefits—47% say AI explains complex topics, and 81% of users feel it improved aspects of learning or creativity—while also expressing concerns about over-reliance, trust, and skill erosion. The report calls for strengthened digital literacy, age-appropriate experiences, and youth participation in shaping responsible AI design.

🔎 Fortinet and UC Berkeley partners analyzed a Singapore tabletop exercise to assess how AI is reshaping cybercrime and defense. The practitioner perspective complements CLTC’s academic work and shows AI is amplifying existing attack vectors—speeding phishing, reconnaissance, code generation, and malware iteration—while lowering barriers to entry. The exercise highlighted that governance, human judgment, and cross-sector collaboration frequently determine response effectiveness more than specific tools.

🔍 Fortinet and academic partners, including UC Berkeley’s CLTC and the Berkeley Risk and Security Lab, collaborated on global tabletop exercises and analysis to assess how AI is reshaping cybercrime. The Singapore TTX demonstrated that AI amplifies existing attack vectors—speeding reconnaissance, phishing, and malware development—while lowering barriers to entry and fostering criminal specialization. Defenders reported that governance, decision rights, and human judgment often mattered more than specific tools, underscoring the need for strong public-private collaboration and human oversight of AI-assisted detection.

⚠️ Security researchers at Checkmarx disclosed a novel technique called Lies-in-the-Loop (LITL) that manipulates Human-in-the-Loop (HITL) confirmation dialogs to trigger arbitrary code execution. The attack forges or alters dialog text, metadata and Markdown rendering so that dangerous commands appear benign, effectively turning a safety checkpoint into an exploit vector. Demonstrations targeted privileged code-assistant tools including Claude Code and Copilot Chat, and the authors urge a defense-in-depth approach combining user training, improved dialog clarity and input sanitization.

🔒 Security researchers have found that the popular Chrome extension Urban VPN Proxy (featured in the Chrome Web Store and used by millions) contained scripts that intercepted AI chat conversations and transmitted them to company-controlled analytics servers. The functionality, introduced in version 5.5.0 on July 9, 2025, allegedly runs regardless of whether the VPN is active and cannot be disabled via settings. Koi's analysis says prompts, responses, timestamps and session identifiers were captured and compressed before exfiltration. The same capability was reportedly present in seven related extensions from the same publisher, potentially affecting more than 8 million users across Chrome and Edge.

🔐 This article examines the security and governance challenges of generative AI and outlines practical steps organizations can take to reduce risk. It highlights model limitations such as hallucinations and underscores the continued need for human oversight for high‑stakes decisions. The author reviews prominent standards including NIST AI RMF, AICM and CSA Model Risk Management, and stresses cloud shared‑responsibility, cross‑team governance, and targeted workforce training as core mitigations.