All news in category “AI and Security Pulse”

📄 Schneier surveys simple steganographic tricks—white-on-white text, phonological misspellings, and special fonts—and finds them increasingly ineffective. He notes that even modest 4-billion-parameter models can decode phonologically altered sentences, undermining tokenization-based obfuscation strategies. The post revisits TEMPEST/EmSec concerns, observing that inexpensive software-defined radios and toolkits like GNU Radio have expanded adversary capabilities beyond older Soft Tempest countermeasures. Schneier highlights demos such as Tempest for Eliza and TempestSDR as practical illustrations of ongoing risks.

🔐 The article warns that AI security is repeating the endpoint-era mistake of focusing primarily on posture controls—model cards, SBOMs, guardrails and access policies—while overlooking how systems actually behave. It argues that behavioral detection is essential, monitoring sequences of actions, data access patterns, tool invocations and output drift. The AI surface is expanding rapidly with open-source LLMs, third-party APIs, RAG pipelines and autonomous agents, creating "shadow AI" and dynamic risks. The recommendation is to keep posture as table stakes but prioritize logging, behavioral baselines and SOC integration to turn findings into actionable incidents.

🤖 DXC Technology, Accenture, and other organizations are actively retraining SOC teams to integrate agentic AI by embedding vendor experts and building secure sandboxes. CISOs emphasize top-down leadership, rapid experimentation, and formal learning tracks to shift mindsets and roles. Governance, humans-in-the-loop, and clear escalation and audit paths are required while agents take on L1/L2 tasks.

🔒 Knostic’s internet-wide reconnaissance discovered 1,862 exposed MCP servers, and manual checks of 119 instances showed every sampled server returned internal tool listings without authentication. High-impact flaws like EchoLeak (CVE-2025-32711) and mcp-remote (CVE-2025-6514) illustrate how poisoned documents and command-injection in widely used packages can enable silent data exfiltration or full system compromise. The article prescribes immediate adoption of zero-trust controls: authentication on every interaction, network segmentation, cryptographic signing for tool definitions, continuous integrity monitoring, and human approval for sensitive actions.

🛡️ The operating model under most SOCs—not headcount—is driving persistent alert overload and slow containment times, despite rising security spend and dramatically faster attacker breakout windows. Prophet AI and similar platforms shift routine triage and pivot queries from humans to automation, freeing senior analysts to focus on detection engineering and complex hunts. The author presents a four-question SOC diagnostic, deployment outcomes that returned analyst-years of capacity, funding paths, and vendor-risk checks buyers must evaluate.

🔒 Model Context Protocol (MCP), the emerging plugin layer for agentic AI, has become a significant blind spot for security teams, introducing new shadow-AI risks much like shadow IT. CTEM programs can close this gap by extending scoping, discovery, prioritization, validation and mobilization to cover developer workstations, AI toolchains and MCP server configurations. Practical actions include actively enumerating MCP endpoints, scanning agent configuration and markdown context files for hardcoded API keys, and prioritizing exposures by attacker impact to produce actionable remediation tickets for engineering teams.

🔐 At the World Economic Forum Annual Meeting on Cybersecurity 2026, Fortinet highlighted how AI and deepfakes are reshaping attack surfaces, with identity now a primary vector and attackers operating in structured, continuous campaigns. Discussions stressed that AI accelerates reconnaissance and exploitation while defenders contend with fragmentation, governance gaps, and inconsistent visibility. Fortinet urged platform consolidation, stronger identity and exposure management, and operationalized public-private collaboration to better align detection with response.

🤖 Enterprises migrating between SIEM platforms face repetitive, error-prone rule rewrites because vendors like Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use distinct query languages and data models. Researchers from the National University of Singapore propose ARuleCon, an AI-assisted framework that translates rules while preserving detection intent. In tests on nearly 1,500 conversions it improved accuracy about 10–15% over baseline LLM approaches. Practitioners caution that deterministic engineering, robust validation, and human oversight remain essential to avoid semantic drift and operational risk.

🔎 ICE is developing prototype smart glasses that pair wearable cameras with on-device facial recognition and real-time queries to immigration, criminal, and watchlist databases. Reporting by Ken Klippenstein, linked in Bruce Schneier's post, describes efforts to integrate hardware and software for in-field identification and instant database matches. The program raises immediate concerns about accuracy, bias, data quality, oversight, and civil liberties if deployed without transparent safeguards.

🔒 The Center for AI Standards and Innovation (CAISI), part of the Department of Commerce’s NIST, has secured agreements with Google DeepMind, Microsoft, and xAI to conduct pre-deployment evaluations and targeted research on frontier AI models. These accords expand an existing program that already includes Anthropic and OpenAI and are intended to provide vendors with safety feedback before public release. Microsoft described the partnerships as essential to building trust in advanced systems, while CAISI emphasized continuous evaluation to advance AI security and standards.

🔍 Meta’s smart glasses were found to upload audio and video to contractors in Nairobi for human labelling, prompting the dismissal of 1,108 workers after whistleblowers exposed the practice. The episode contrasts that privacy failure with a measured analysis of the Linux Copy Fail privilege‑escalation issue and an experiment by Jake Moore demonstrating how a convincing deepfake passed a remote job interview. Practical takeaways include patching kernels promptly, strengthening hiring verification, and demanding clearer vendor transparency.

🛡️ Analysts and Orchid Security warn that enterprises are deploying AI agents faster than governance can keep up, creating an invisible layer of "identity dark matter" that conventional IAM misses. Orchid Security inspects applications at the binary and configuration layer to discover agents, audit compliance, and locate static credentials. Its Ask Orchid assistant answers natural-language questions about active agents, NIST compliance, and credential risks, then recommends prioritized remediation. This in-application observability aims to close the structural gap in identity visibility and enforce purpose-bound, least-privilege controls.

⚠️ Enterprise AI deployments face a quiet but serious integrity risk when models learn or retrieve false information: data poisoning and widespread data pollution can make LLMs produce plausible but incorrect outputs. This threat spans training datasets, RAG and retrieval layers, agent memory, and internal knowledge bases — and often originates from stale, conflicting, or poorly governed sources rather than deliberate attacks. Security leaders are urged to map all context sources, treat AI inputs as a supply chain, tighten data hygiene, and assign clear governance to identify and remediate corrupted truth.

⚠️ ReversingLabs researchers describe an ongoing supply‑chain campaign called PromptMink that manipulates AI coding agents into installing malicious dependencies. Attackers publish bait packages with persuasive READMEs and LLM‑optimized documentation on registries like NPM and PyPI to increase discovery by autonomous agents and developers. The operation, attributed to North Korea’s Famous Chollima, paired legitimate‑looking SDKs with second‑layer packages carrying infostealers, later evolving to compiled Rust add‑ons, SEAs, SSH backdoors, and project exfiltration.

🔒 A new generation of frontier AI models is changing how cyberattacks are developed, enabling speed, scale, and accessibility previously unseen. Early testing of advanced models, including Claude’s Mythos, shows they can identify code vulnerabilities, map attack paths, and generate working exploits with minimal effort. Organizations must treat these as fully AI-powered attacks and prioritize proactive readiness, detection, and mitigation strategies.

🤖 Gemma 4, released by Google DeepMind, is a new family of open models optimized for local and mobile deployment. The family emphasizes intelligence per parameter, offering ultra-mobile E2B/E4B sizes, a 31B dense model for local GPUs, and a 26B Mixture-of-Experts variant. The shift to an Apache 2 license plus tools like the Agent Development Kit enables offline agentic workflows and commercial use by developers and startups.

🔍 Intruder scanned over 1 million exposed AI services and found pervasive, critical misconfigurations and insecure defaults. Many deployments were reachable with no authentication, exposing chat histories, API keys, and management consoles. Exposed agent platforms (including n8n and Flowise) and thousands of Ollama APIs responded without auth, some wrapping paid frontier models. The findings highlight insecure-by-design defaults, hardcoded credentials, and real risks of code execution, data exfiltration, and abuse.

🛡️ The NCSC has warned UK organisations to prepare for a coming "patch wave" as vendors adopt powerful AI tools to discover and fix software vulnerabilities. CTO Ollie Whitehouse urged teams to prioritise external attack surfaces, enable automatic updates and hot patching where safe, and follow the NCSC's Vulnerability Management guidance. He cautioned that patching alone isn't enough for unsupported legacy systems and recommended replacing or restoring out-of-support technologies. The alert also notes potential US moves by CISA to shorten patch deadlines and industry concerns about operational readiness.

🔐In 2025–2026, LLM-backed chat and agent systems evolved from helpful coding assistants into end-to-end development tools that materially lowered the barrier to sophisticated cyberattacks. High-profile incidents — including a 17-year-old who exfiltrated 7 million Kaikatsu Club records and adolescent and single-actor campaigns against Rakuten Mobile and multiple governments — show nontechnical actors achieving team-scale outcomes. Measured indicators worsened sharply: malicious packages surged to 454,600 and time-to-exploit collapsed to weeks. The article recommends targeting whole classes of vulnerabilities—exemplified by Chainguard Libraries—to render many supply-chain and package-distribution attacks structurally impossible.

🤖 This analysis examines how two 2025 TV series — Skeleton Crew and Andor — portray droid motivation and the cybersecurity risks those portrayals imply. In Skeleton Crew, voice commands and memory-overrides resemble modern LLM “jailbreaks,” exposing weak account controls, misplaced permissions, and the danger of context-driven intent failures. The pirate droid SM-33 also reveals flawed memory indexing and role-based ownership rules that can be exploited. In contrast, Andor depicts a hardware-centric approach: replacing a droid’s cortex and rewiring impulse suppression to change allegiance. The post argues that LLM-like control models create real-world security threats and advocates for hardware-rooted, tamper-resistant solutions such as KasperskyOS to prevent unauthorized reprogramming and malicious memory manipulation.