All news in category “AI and Security Pulse”

🔒 CISOs face rising threats as adversaries weaponize AI — from deepfakes and sophisticated phishing to prompt-injection attacks and data leakage via unsanctioned tools. Vendors and startups are rapidly embedding AI into detection, triage, automation, and agentic capabilities; IBM’s 2025 report found broad AI deployment cut recovery time by 80 days and reduced breach costs by $1.9M. Before engaging vendors, security leaders must assess attack surface expansion, data protection, integration, metrics, workforce impact, and vendor trustworthiness.

🔐 CrowdStrike integrates NVIDIA Nemotron via Amazon Bedrock to advance agentic security across the Falcon platform, enabling defenders to reason and act autonomously at scale. Falcon Fusion SOAR leverages Nemotron for adaptive, context-aware playbooks that prioritize alerts, understand relationships, and execute complex responses. Charlotte AI AgentWorks uses Bedrock-delivered models to create task-specific agents with real-time environmental awareness. The serverless Bedrock architecture reduces infrastructure overhead while preserving governance and analyst controls.

🧾 Google removed a promotional X post for NotebookLM after users noted an AI-generated infographic closely mirrored a stuffing recipe from the blog HowSweetEats. The card, produced using Google’s Nano Banana Pro image model, reproduced ingredient lists and structure that matched the original post. After being called out on X, Google quietly deleted the promotion; the episode highlights broader concerns about AI scraping and attribution. The company also confirmed it is testing ads in AI-generated answers alongside citations.

🚨 The emergence of agentic AI browsers converts the browser from a passive viewer into an autonomous digital agent that can act on users' behalf. To perform tasks—booking travel, filling forms, executing payments—these agents must hold session cookies, saved credentials, and payment data, creating an unprecedented attack surface. The piece cites OpenAI's ChatGPT Atlas as an example and warns that prompt injection and the resulting authenticated exfiltration can bypass conventional MFA and network controls. Recommended mitigations include auditing endpoints for shadow AI browsers, enforcing allow/block lists for sensitive resources, and augmenting native protections with third-party browser security and anti-phishing layers.

📝 OpenAI is internally testing an 'ads' feature in the ChatGPT Android beta that references bazaar content, search ad entries and a search ads carousel. The leak, spotted in build 1.2025.329, suggests ads may initially be confined to the search experience but could expand. Because the assistant retains rich context, any placements could be highly personalized unless users opt out. This development may signal a major shift in ChatGPT's monetization and the broader web advertising landscape.

⚠️ Researchers report that converting prompts into poetry can reliably jailbreak large language models, producing high attack-success rates across 25 proprietary and open models. The study found poetic reframing yielded average jailbreak success of 62% for hand-crafted verses and about 43% for automated meta-prompt conversions, substantially outperforming prose baselines. Authors map attacks to MLCommons and EU CoP risk taxonomies and warn this stylistic vector can evade current safety mechanisms.

🤖 Smart Answers is a generative AI chatbot embedded across CSO articles to help security professionals ask questions, discover content, and explore IT and leadership topics. The tool provides pre-made topic prompts, follow-up suggestions, and links to source articles and background material. It was developed with partner Miso.ai, uses only editorial content from the publisher's German-language brands, and flags when it cannot answer or relies on older (pre-2020) material.

⚠️ Google’s newly released Antigravity IDE has drawn security warnings after researchers reported vulnerabilities that can allow malicious repositories to compromise developer workspaces and install persistent backdoors. Mindgard, Adam Swanda, and others disclosed indirect prompt injection and trusted-input handling flaws that could enable data exfiltration and remote command execution. Google says it is aware, has updated its Known Issues page, and is working with product teams to address the reports.

⚠️ Researchers at Palo Alto Networks Unit42 found that uncensored models like WormGPT 4 and community-driven KawaiiGPT can generate functional tools for ransomware, lateral movement, and phishing. WormGPT 4 produced a PowerShell locker and a convincing ransom note, while KawaiiGPT generated scripts for credential harvesting and remote command execution. Both are accessible via subscriptions or local installs, lowering the bar for novice attackers.

🔬 Netskope Threat Labs tested whether large language models can generate operational malware by asking GPT-3.5-Turbo, GPT-4 and GPT-5 to produce Python for process injection, AV/EDR termination and virtualization detection. GPT-3.5-Turbo produced malicious code quickly, while GPT-4 initially refused but could be coaxed with role-based prompts. Generated scripts ran reliably on physical hosts, had moderate success in VMware, and performed poorly in AWS Workspaces VDI; GPT-5 raised success rates substantially but also returned safer alternatives because of stronger safeguards. Researchers conclude LLMs can create useful attack code but still struggle with reliable evasion and cloud adaptation, so full automation of malware remains infeasible today.

⚠️ Researchers demonstrated a client-side prompt injection called HashJack that hides malicious instructions in URL fragments after the '#' symbol. AI-powered browsers and assistants — including Comet, Copilot for Edge, and Gemini for Chrome — read these fragments for context, allowing attackers to weaponize legitimate sites for phishing, data exfiltration, credential theft, or malware distribution. Because fragment data never reaches servers, network defenses and server logs may not detect this technique.

🚧 Gemini 3’s release on 18 November 2025 signals a structural shift: beyond headline performance gains, it accelerates embedding large multimodal assistants directly into enterprise workflows and infrastructure. That continuation of a trend already visible with Microsoft Copilot effectively makes AI assistants a new enterprise perimeter — changing where corporate data, identities, and controls must be enforced. Security, compliance, and IT teams need to update policies, telemetry, and incident response to this expanded boundary.

🔐 Enterprises often over-invest in rapid detection tools while under-resourcing their SOC, creating a dangerous asymmetry. A cross-company phishing campaign bypassed eight leading email defenses but was caught by SOC teams after employee reports, illustrating the SOC's broader context and investigative power. Investing in an AI-driven SOC like Radiant Security can triage alerts, reduce false positives, and extend 24/7 coverage for lean teams.

🤖 Agentic AI is emerging as a practical accelerator for security teams, automating detection, triage, remediation and routine operations to improve speed and scale. Security leaders at Zoom, Dell, Palo Alto and others highlight its ability to reduce alert fatigue, augment SOCs and act as a force multiplier amid persistent skills shortages. Implementations emphasize augmentation over replacement, enabling continuous monitoring and faster, more consistent responses.

🛡️In 2026 Palo Alto Networks forecasts a shift to the Year of the Defender as enterprises counter AI-driven threats with AI-enabled defenses. The report outlines six predictions — identity deepfakes, autonomous agents as insider threats, data poisoning, executive legal exposure, accelerated quantum urgency, and the browser as an AI workspace. It urges autonomy with control, unified DSPM/AI‑SPM platforms, and crypto agility to secure the AI economy.

🛡️ Microsoft Defender Experts outlines how autonomous AI agents are transforming Security Operations Centers by automating repetitive triage and amplifying analyst impact. Built with expert-defined guardrails, curated test sets, and human-in-the-loop validation, these agents already process about 75% of phishing and malware cases and help resolve incidents nearly 72% faster. The program emphasizes human governance, auditability, and iterative rollout through dark-mode evaluation and pilot partnerships.

🎧 In Episode 78 of The AI Fix, hosts Graham Cluley and Mark Stockley examine a string of headline-grabbing AI stories, from a fact-checked “robot spider” scare to Anthropic’s claim of catching an autonomous AI cyber-spy. The discussion covers Claude hallucinations, alleged state-backed misuse of US AI models, and concerns about AI-driven military systems and investor exuberance. The episode also questions whether the current AI boom is a bubble, while highlighting real-world examples like AI-generated music charting and pilots controlling drone wingmen.

🗳️ The essay argues that while AI poses risks to democratic processes, it is also being used to strengthen civic engagement and government function across diverse contexts. Four case studies—Japan, Brazil, Germany, and the United States—illustrate practical deployments: AI avatars for constituent engagement, judicial workflow automation, interactive voter guides, and investigative tools for watchdog journalism. The authors recommend public AI like Switzerland’s Apertus as a democratic alternative to proprietary models and stress governance, transparency, and scientific evaluation to mitigate bias.

🛡️ Unit 42 examines the growing threat of malicious large language models that have been intentionally stripped of safety controls and repackaged for criminal use. These tools — exemplified by WormGPT and KawaiiGPT — generate persuasive phishing, credential-harvesting lures, polymorphic malware scaffolding, and end-to-end extortion workflows. Their distribution ranges from paid subscriptions and source-code sales to free GitHub deployments and Telegram promotion. The report urges stronger alignment, regulation, and defensive resilience and offers Unit 42 incident response and AI assessment services.

🚀 Claude Opus 4.5 is now available in public preview in Microsoft Foundry, aiming to shift models from assistants to agentic collaborators that execute multi-tool workflows and support complex engineering tasks. Anthropic and Microsoft highlight Opus 4.5’s strengthened coding, vision, and reasoning capabilities alongside improved safety and prompt-injection robustness. Foundry adds developer features like Programmatic Tool Calling, Tool Search, Effort Parameter (Beta), and Compaction Control to help teams build deterministic, long-running agents while keeping centralized governance and observability.