All news in category “AI and Security Pulse”

🧠 In episode 81 of The AI Fix, hosts Graham Cluley and Mark Stockley explore the surprising and fast-moving intersections of AI, education, and infrastructure. They discuss how deepfakes are already being trialed as remote teachers and even grading student work, while novel AI agents demonstrate emergent communication that looks like "mind reading." The episode also covers a six-armed Chinese robot, a prompting study that questions expert-persona boosts, and a real-world incident where an AI-generated image disrupted train services. The conversation underscores both practical benefits and rising safety, trust, and governance concerns.

🔒 Researchers at Koi found that the popular Urban VPN Proxy browser extension injects scripts to capture full AI chat conversations — including prompts and responses — then exports them to the extension vendor's backend. The monitoring runs even when the VPN is disabled and activates on major platforms such as ChatGPT, Claude, Gemini, Perplexity and Grok. For organizations that paste internal code, data or research into AI tools, this creates a significant data-theft risk outside corporate controls.

🛡️ Microsoft has been named an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense, highlighting its enterprise-ready security and governance capabilities for AI. The company emphasizes embedding security across AI apps, agents, platforms, and infrastructure using an identity-first, defense-in-depth approach. Key controls include Entra Agent ID, Microsoft Purview for real-time DLP and classification, Microsoft Defender for runtime protection, and governance tools such as Agent365 and Foundry. Built-in compliance support aligns with frameworks like EU AI Act, NIST AI RMF, and ISO 42001.

🔍 AI is reshaping cybersecurity: while models speed detection and automate response, human judgment and communication are the differentiators. CISOs must cultivate data fluency, risk literacy, executive communication, cross-functional collaboration and ethical foresight. Practical steps include regular AI bias audits, joint security/data-science sprints and measuring data-storytelling maturity to align AI with business risk.

🔐 Check Point argues that modern AI's effectiveness hinges on the volume, variety, and freshness of data, and that its three decades of aggregated threat intelligence provide a practical advantage in applying AI to cybersecurity. The post highlights data density — the combination of scale, diversity, and timeliness of telemetry — as the primary driver of model accuracy and detection efficacy. It contrasts five years of explosive AI data growth with Check Point's 30-year corpus and explains how rich telemetry enables better prediction, prevention, and operationalization of AI-driven defenses.

🔍 This article outlines a practical, metrics-driven approach to testing generative AI systems, moving teams from ad-hoc inspection to systematic evaluation. It introduces four hands-on labs that cover evaluating single LLM outputs, assessing RAG systems with Vertex AI Evaluation, tracing and grading agent behavior with the Agent Development Kit (ADK), and validating SQL-generating agents against BigQuery. Each lab emphasizes measurable metrics—safety, groundedness, faithfulness, and factual accuracy—to help productionize GenAI with confidence.

🔒 The Cybersecurity Forecast for 2026 highlights how agentic security automation and widespread AI will reshape defenses, shifting SOCs from monitoring to automated action. It calls for building workforce AI fluency, evolving IAM to treat agents as managed identities, and deploying model-protection measures alongside tamper-proof backups. Boards will increasingly demand operational resilience, quantified exposure, and mature AI governance.

🔐 Bruce Schneier warns that personal AI assistants cannot be trusted without robust integrity controls, arguing that current systems routinely push users toward bad outcomes, gaslight them, and mishandle personal context. He urges decoupling personal data stores from AI models so that cryptographic verification, access control, and auditable logs can be developed independently of model performance. Such stores should be interoperable with many models, provably accurate, under fine‑grained user control, resilient to read and write attacks, and easy to use; Schneier cites Inrupt work extending Solid and the Human Context Protocol as practical directions.

🔒 The article argues that the browser is now the primary interface for enterprise GenAI and outlines a practical security model combining policy, isolation, and precision data controls. It recommends categorizing GenAI services into sanctioned and public tools, enforcing SSO for corporate identities, and preventing cross‑account leakage. The piece highlights the risks of prompt copy/paste, file uploads, and extensions, and advises per‑site/session controls, telemetry, and a pragmatic 30‑day Secure Enterprise Browser (SEB) rollout to enable safe, productive use.

🛡️ OpenAI says it is expanding a "defense in depth" strategy to limit misuse of its frontier AI models, warning they could be used to develop zero-day exploits or aid complex intrusion operations. The company announced a new Frontier Risk Council, broader guardrails, external red‑teaming, and a trusted access program for vetted customers testing defensive use cases. OpenAI also plans to scale its Aardvark Agentic Security Researcher beta to scan codebases and recommend mitigations.

🤖 Brave has begun testing an agentic AI browsing mode that uses its privacy-focused assistant Leo to perform autonomous tasks like web research, product comparison, promo-code discovery, and news summarization. The feature is currently available in Brave Nightly and is disabled by default. Brave isolates the agent in a separate profile without access to cookies, logins, or sensitive data and adds restrictions plus an alignment checker to mitigate prompt-injection and other risks.

🔍 Researchers used a new benchmark, SCONE-bench, to train AI agents to find and produce exploits against historically compromised smart contracts. On 405 real-world contracts from 2020–2025, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 generated exploits valued at $4.6 million. In simulated tests against 2,849 recently deployed contracts the agents discovered two novel zero-day vulnerabilities and created exploits worth $3,694, with GPT-5 incurring $3,476 in API costs. The findings show autonomous, profitable exploitation is technically feasible and emphasize the need for proactive AI-driven defense.

🔐 OpenAI says rapid model gains have reshaped its planning and prompted expanded defensive measures. Internal CTF assessments rose from 27% on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max in November 2025, leading the company to warn some systems may reach 'High' levels on its Preparedness Framework. OpenAI outlined a layered defense-in-depth strategy — including access controls, infrastructure hardening, egress monitoring, model steering, detection tools and end-to-end red teaming — and is preparing a trusted access program alongside private-beta tools such as Aardvark to steer capabilities toward defensive outcomes.

🤖 Offensive AI is accelerating cyberattacks, automating reconnaissance, malware orchestration, and large-scale credential harvesting. Security teams and observers such as Google Threat Intelligence and Anthropic warn these techniques can bypass legacy defenses and overwhelm manual SOC processes. Network Detection and Response (NDR) solutions provide continuous network visibility, real‑time analytics, and automated triage to detect polymorphic threats, reduce false positives, and speed incident response.

🔐 This article explains how sensitive data commonly leaks from AI systems — from RAG retrievals and agentic tool chains to user-initiated oversharing — and why LLMs cannot enforce document-level permissions. It recommends a layered, defense-in-depth approach: automatic identification and classification, data minimization at ingress, sanitization, redaction, and strict access controls that follow data through the pipeline. The authors also stress threat modeling and vendor due diligence to limit regulatory, competitive, and reputational harm.

🤖 On episode 447 of the Smashing Security podcast Graham Cluley and guest Jenny Radcliffe explore how generative AI can enable stalking — reporting that Grok was used to doxx people, outline stalking strategies, and share revenge‑porn tips. They also recount the audacious Louvre crown jewels heist, where thieves abused assumptions about what ‘looks normal’. Graham additionally interviews Rob Edmondson about how Microsoft 365 misconfigurations and over‑privileged accounts create serious security exposures. The episode emphasizes practical lessons in threat modelling and access hygiene.

🔒 Microsoft argues that as organizations adopt agentic AI, security must be a strategic priority that enables growth, trust, and continued innovation. The post identifies risks such as oversharing, data leakage, compliance gaps, and agent sprawl, and recommends three pillars: prepare for AI and agent integration, strengthen organization-wide skilling, and foster a security-first culture. It points to resources like Microsoft’s AI adoption model, Microsoft Learn, and the AI Skills Navigator to help operationalize these steps.

🧠 The convergence of AI and quantum computing is poised to redefine computing, cybersecurity and geopolitical power. Quantum machine learning can accelerate model training and enable real-time simulation by exploiting qubits' parallelism, while quantum key distribution promises communication that is far more resistant to interception. At the same time, this synergy raises risks: quantum-capable adversaries could undermine current cryptography and enable advanced cyberattacks.

⚠️ Gartner analysts Dennis Xu, Evgeny Mirolyubov and John Watts strongly recommend that enterprises block AI browsers for the foreseeable future, citing both known vulnerabilities and additional risks inherent to an immature technology. They warn of irreversible, non‑auditable data loss when browsers send active web content, tab data and browsing history to cloud services, and of prompt‑injection attacks that can cause fraudulent actions. Concrete flaws—such as unencrypted OAuth tokens in ChatGPT Atlas and the Comet 'CometJacking' issue—underscore that traditional controls are insufficient; Gartner advises blocking installs with existing network and endpoint controls, restricting pilots to small, low‑risk groups, and updating AI policies.

⚠️ The FBI is warning of AI-assisted fake kidnapping scams that use fabricated images, video, and audio to extort victims. Criminal actors typically send texts claiming a loved one has been abducted and follow with multimedia that appears genuine but often contains subtle inaccuracies. Examples include missing tattoos, incorrect body proportions, and other mismatches, and attackers may use time-limited messages to pressure victims. Observers note the technique is currently of uncertain effectiveness but likely to be automated and scaled as AI tools improve.