All news in category “AI and Security Pulse”

🔒 Zero trust is over 15 years old, yet many organizations continue to struggle with implementation due to legacy systems, fragmented identity tooling, and cultural resistance. Experts advise shifting segmentation from devices and subnets to applications and identity, adopting pragmatic, risk-based roadmaps, and prioritizing education to change behaviors. As AI agents proliferate, leaders must extend zero trust to govern models and agent identities to prevent misuse while using AI to accelerate policy definition and threat detection.

⚠️ The NSA, together with the Australian Signals Directorate and allied security agencies, published the Principles for the Secure Integration of Artificial Intelligence in Operational Technology to highlight emerging risks as AI is applied to safety-critical OT networks. The guidance flags adversarial prompt injection, data poisoning, AI drift, hallucinations, loss of explainability, human de-skilling and alert fatigue as primary concerns. It urges operators to adopt CISA secure design practices, maintain accurate asset inventories, consider in-house development tradeoffs, and apply rigorous oversight before deploying AI in OT environments.

🧭 William Largent’s year-end Threat Source newsletter combines career reflection with a practical security briefing, urging professionals to learn from mistakes while noting rapid changes in the threat landscape. He highlights a Cisco Talos analysis of how generative AI is already empowering attackers—especially in phishing, coding, evasion, and vulnerability discovery—while offering powerful advantages to defenders in detection and incident response. The newsletter recommends immediate, measured experimentation with GenAI tools, training teams to use them responsibly, and blending automation with human expertise to stay ahead of evolving risks.

🛡️ Generative AI is rapidly reshaping cybersecurity by amplifying both attackers' and defenders' capabilities. Adversaries leverage models for coding assistance, phishing and social engineering, anti-analysis techniques (including prompts hidden in DNS) and vulnerability discovery, with AI-assisted elements beginning to appear in malware while still needing significant human oversight. Defenders use GenAI to triage threat data, speed incident response, detect code flaws, and augment analysts through MCP-style integrations. As models shrink and access widens, both risk and defensive opportunity are likely to grow.

🔒 This guide presents a practical defense-in-depth approach to move generative AI projects from prototype to production by protecting the application, data, and infrastructure layers. It includes hands-on labs demonstrating how to deploy Model Armor for real-time prompt and response inspection, implement Sensitive Data Protection pipelines to detect and de-identify PII, and harden compute and storage with private VPCs, Secure Boot, and service perimeter controls. Reusable templates, automated jobs, and integration blueprints help teams reduce prompt injection, data leakage, and exfiltration risk while aligning operational controls with compliance and privacy expectations.

🛡️ Recent research shows the “Whisper Leak” attack can infer the topic of LLM conversations by analyzing timing and packet patterns during streaming responses. Microsoft’s study tested 30 models and thousands of prompts, finding topic-detection accuracy from 71% to 100% for some models. Providers including OpenAI, Mistral, Microsoft Azure, and xAI have added invisible padding to network packets to disrupt these timing signals. Users can further protect sensitive chats by using local models, disabling streaming output, avoiding untrusted networks, or using a trusted VPN and up-to-date anti-spyware.

🔐 The article explains how indirect prompt injection — malicious instructions embedded in external content such as documents, images, emails and webpages — can manipulate AI tools without users seeing the exploit. It contrasts indirect attacks with direct prompt injection and cites CrowdStrike's analysis of over 300,000 adversarial prompts and 150 techniques. Recommended defenses include detection, input sanitization, allowlisting, privilege separation, monitoring and user education to shrink this expanding attack surface.

🔒 Generative AI introduces new attack surfaces that alter trust relationships between users, applications and models. Siemens' pentest and security teams differentiate Offensive Security (targeted technical pentests) from Red Teaming (broader organizational simulations of real attackers). Traditional ML risks such as image or biometric misclassification remain relevant, but experts now single out prompt injection as the most serious threat — simple crafted inputs can leak system prompts, cause misinformation, or convert innocuous instructions into dangerous command injections.

✍️ Researchers from Icaro Lab (DexAI), Sapienza University of Rome, and Sant’Anna School found that short poetic prompts can reliably subvert AI safety filters, in some cases achieving 100% success. Using 20 crafted poems and the MLCommons AILuminate benchmark across 25 proprietary and open models, they prompted systems to produce hazardous instructions — from weapons-grade plutonium to steps for deploying RATs. The team observed wide variance by vendor and model family, with some smaller models surprisingly more resistant. The study concludes that stylistic prompts exploit structural alignment weaknesses across providers.

🔒 Today's low-cost AI services have industrialized cybercrime, enabling novice actors to produce highly convincing BEC and phishing content at scale. Tools such as WormGPT, FraudGPT, and SpamGPT remove traditional barriers by generating personalized messages, exploit code, and automated delivery that evade static filters. Defensive detection alone is insufficient when signatures continually mutate; organizations must protect identity and neutralize credential exposure. Join the webinar to learn targeted signatures and access-point controls to stop attacks even after a click.

🔒 In 2025 threat actors increasingly used AI—deepfakes, automated scripts, and AI-generated lures—to scale ransomware, phishing, and data-exfiltration attacks, exposing gaps between siloed security and backup tools. Publicly disclosed ransomware victims rose sharply and phishing remained the dominant initial vector, overwhelming legacy protections. Organizations are moving to AI-driven automation and unified detection, response, and recovery platforms to shorten dwell time and streamline compliance.

🪓 Security teams face a pivotal moment as AI becomes embedded across products while core decision-making remains opaque and vendor‑controlled. The author urges building and tuning small, controlled AI‑assisted utilities so teams can define training data, risk criteria, and behavior rather than blindly trusting proprietary models. Practical skills — basic Python, ML literacy, and active model engagement — are framed as essential. The piece concludes with an invitation to a SANS 2026 keynote for deeper, actionable guidance.

🔒 AI-SPM is emerging to protect AI/ML pipelines, cloud-hosted models and large datasets without moving data. The guide outlines core capabilities — agentless access, data classification, pipeline protection, model monitoring and compliance checks — and summarizes offerings from vendors such as Cyera, LegitSecurity, Microsoft, Orca and Palo Alto Networks. It also advises reviewing standards like MITRE ATLAS and OWASP LLM when evaluating tools.

🎧 In episode 79 of The AI Fix, hosts Graham Cluley and Mark Stockley examine the latest surprises from Gemini 3, including boastful comparisons, hallucinations about the year, and reactions from industry players. They also discuss an arXiv paper proposing adversarial poetry as a universal jailbreak for LLMs and the ensuing debate over its provenance. Additional segments cover robot-versus-appliance antics, a controversial AI teddy pulled from sale after disturbing interactions with children, and whether humans need safer robots — or stricter oversight.

🔴 OpenAI's ChatGPT experienced a global outage that produced "something seems to have gone wrong" errors and stalled responses, with some users reporting that entire conversations disappeared and new messages never finished loading. BleepingComputer observed the model continuously loading without delivering replies, while DownDetector recorded over 30,000 reports. OpenAI confirmed elevated errors at 02:40 ET, said it was working on a fix, and by 15:14 ET service had begun returning but remained slow.

⚠️OpenAI's ChatGPT experienced a global outage that caused errors and disappearing conversations for many users. Many reported seeing messages such as "something seems to have gone wrong" and "There was an error generating a response," while some conversations vanished and new messages kept loading indefinitely. DownDetector recorded over 30,000 reports, and OpenAI acknowledged elevated errors and said engineers were working on a fix. Service began returning as of 15:14 ET, though performance remained slow.

🚀 Microsoft has added Mistral Large 3 to Foundry on Azure, offering a high-capability, Apache 2.0–licensed open-weight model optimized for production workloads. The model focuses on reliable instruction following, extended-context comprehension, strong multimodal reasoning, and reduced hallucination for enterprise scenarios. Foundry packages unified governance, observability, and agent-ready tooling, and allows weight export for hybrid or on-prem deployment.

🧠 The democratization of advanced attack capabilities means cybersecurity leaders must rethink talent strategies now. Ann Johnson argues the primary vulnerability in an AI-transformed landscape is human: teams must combine technical expertise with cognitive diversity to interrogate and adapt to probabilistic AI outputs. Organizations should change hiring, onboarding, retention, and continuous upskilling to create resilient, future-ready security teams.

🔍 Running into CUDA out-of-memory errors is a common blocker when fine-tuning models; High Bandwidth Memory (HBM) holds model weights, optimizer state, gradients, activations, and framework overhead. The article breaks down those consumers, provides a simple HBM sizing formula, and walks through a 4B-parameter bfloat16 example that illustrates why full fine-tuning can require tens of GBs. It then presents practical mitigations—PEFT with LoRA, quantization and QLoRA, FlashAttention, and multi‑GPU approaches including data/model parallelism and FSDP—plus a sizing guide (16–40+ GB) to help choose the right hardware.

⚠️ Security researchers disclosed that an npm package, eslint-plugin-unicorn-ts-2, embeds a deceptive prompt aimed at biasing AI-driven security scanners and also contains a post-install hook that exfiltrates environment variables. Uploaded in February 2024 by user "hamburgerisland", the trojanized library has been downloaded 18,988 times and remains available; the exfiltration was introduced in v1.1.3 and persists in v1.2.1. Analysts warn this blends familiar supply-chain abuse with deliberate attempts to evade LLM-based analysis.