< ciso
brief />
AI and Security Pulse Banner

All news in category “AI and Security Pulse

1118 articles · page 4 of 56

OpenAI launches AI-driven open-source vulnerability program

🔒 OpenAI has teamed with Trail of Bits to launch Patch the Planet, an AI-assisted vulnerability research program aimed at finding and fixing flaws in widely used open-source projects. The initiative pairs models and Codex Security with human review and established disclosure channels, and has already identified hundreds of issues and merged dozens of patches. Participants include projects such as Python, Go, cURL, Sigstore, and others that underpin enterprise software supply chains.
read more →

OpenAI Expands Daybreak with GPT‑5.5‑Cyber Release

🔒 OpenAI is distributing an enhanced GPT‑5.5‑Cyber model to trusted defenders via the Daybreak program, claiming improved capability to find, validate, and patch software vulnerabilities across large codebases. The company also updated the Codex Security plugin to accelerate discovery, triage, and automated patch generation, and launched Patch the Planet with Trail of Bits to secure open‑source projects. These steps aim to help maintainers cope with the surge in AI‑driven vulnerability findings while preserving human oversight.
read more →

Five Eyes urge CSOs to update cyber risk strategies now

🔒 The Five Eyes cybersecurity agencies warn that rapidly advancing AI capabilities are already reshaping offensive and defensive cyber operations and urge CSOs to treat cyber risk as core business risk. They recommend prioritizing secure-by-design practices, defense in depth, rapid patching, reduced attack surface, stronger identity controls, and testing breach responses. Some experts call the guidance too general or overdue but agree it reinforces the need for executive alignment and urgent action.
read more →

Anthropic’s Fable and the State of AI Safety

📰 On June 9, Anthropic released the Fable model; days later the US classified it as a dangerous munition and used export controls to block foreign access, prompting Anthropic to cut access entirely. Fable is a constrained variant of Mythos and reportedly excels at finding and exploiting vulnerabilities, but similar capabilities have been replicated using smaller models with improved harnesses. The core issue is not a single model but rising general AI capability and the lack of collective, global governance to manage associated risks.
read more →

Shadow AI Risk Shifts from Leakage to Access Control

🛡️ Shadow AI has evolved from simple data leakage to an access control challenge as employee-built agents connect to enterprise systems. These agents — created across platforms, extensions, and scripts — can call APIs, use credentials, and perform actions in production, often with broad or forgotten permissions. Traditional controls like DLP and domain blocking miss non-human identities, so organizations must inventory agents, map ownership and credentials, and enforce automated remediation.
read more →

How AI Is Redefining the SOC Triangle

🔍 A simple framework called the SOC Triangle balances quality, consistency and cost efficiency in security operations. Human-centric workflows create trade-offs where improving one dimension often harms another. AI is changing this dynamic by automating repeatable investigative workflows, improving depth, consistency and scaling without linear headcount increases. The triangle still exists, but its constraints are loosening for machine-suitable tasks, shifting humans toward oversight and complex judgment.
read more →

Security considerations for adopting Claude in SMBs

🔒 As SMBs adopt Claude, security leaders must quickly map which Claude products and plans are appropriate and control the blast radius. Understand plan differences—Team vs Enterprise—and apply an agile approval process for provisioning. Risk-rank features, phase enablement, and tightly manage API keys and access. Maintain data governance, monitor web search egress, and complement Anthropic controls with internal tooling and vendor collaboration.
read more →

Mistral 3.14B Instruct now on SageMaker JumpStart

🧭 AWS now offers Ministral-3-14B-Instruct-2512 in Amazon SageMaker JumpStart, adding a compact multimodal foundation model optimized for edge deployment. The 14B-parameter model supports image analysis, agentic workflows with native function calling and JSON output, and multilingual understanding across dozens of languages. Customers can deploy the model from SageMaker Studio or via the SageMaker Python SDK with a few clicks to build AI assistants, agentic systems, and vision-enabled applications on AWS.
read more →

All‑MiniLM‑L12‑v2 Now in SageMaker JumpStart

🔍 Amazon Web Services announced the availability of all-MiniLM-L12-v2 in SageMaker JumpStart, expanding model options for customers. The Sentence Transformers model encodes sentences and short paragraphs into 384-dimensional dense vectors, enabling semantic search, clustering, and similarity tasks. Its compact architecture offers fast inference and strong embedding quality, suitable for production-scale text representation workloads.
read more →

Building a Model-Agnostic Vulnerability Harness

🔧 This post describes how Cloudflare evolved a single-repo security skill into a fleet-scale, model-agnostic Vulnerability Discovery Harness (VDH) and a separate Vulnerability Validation System (VVS). It explains why single-agent prompts fail at scale and why treating models as interchangeable components improves coverage. The article outlines stages like Recon, Hunt, Validate, Trace, Dedup, Gapfill, and Feedback and emphasizes persistence, strict context controls, and cross-repo reasoning.
read more →

Five new SOC roles emerging from AI evolution

🔒 The rise of AI-driven SOCs is reshaping security operations and creating new specialist roles rather than simply replacing people. Today's AI-SOC automates Tier 1 triage and is moving into Tier 2 investigation and remediation, prompting demand for skills in data engineering, agent orchestration, model training, threat hunting, and AI-savvy red teaming. Organizations will need professionals who can integrate diverse telemetry, manage agent swarms, fine-tune models, hunt adversary intent, and test AI-specific weaknesses.
read more →

AI Forces Security to Shift From Predictability

🛡️ AI is reshaping cybersecurity by breaking the long-held assumption of predictable, deterministic systems. Traditional prevention-focused controls remain important but are insufficient as AI agents, LLMs and automated development accelerate runtime change and attacker capabilities. Organizations must prioritize runtime visibility, use AI to augment defensive operations, rebuild vulnerability management and emphasize resilience and containment to manage evolving AI-driven risks.
read more →

OpenAI testing ChatGPT for Science subscription

🔬 OpenAI appears to be testing a new subscription called "ChatGPT for Science" spotted on the web build, aimed at scientific use cases. It may join existing offerings—Personal, Teams, and Business—and could be restricted to verified institutes or universities. OpenAI has previously developed specialized models like GPT-Rosalind for enterprise life sciences, suggesting advanced capabilities and stricter access controls.
read more →

Amazon Bedrock AgentCore managed harness now GA

🚀 Amazon Bedrock AgentCore announces general availability of its managed agent harness, enabling teams to deploy production-grade agents in minutes. The harness handles orchestration, tool execution, session isolation, persistent memory, failure recovery, and context management so customers define agents via configuration rather than coding the loop. It supports any model, mid-session model switching, integrated security and observability, and exports to code for custom orchestration, and is available today in all AWS Commercial Regions where AgentCore is offered.
read more →

AI Red Teaming: Turning Unknowns into Evidence

🔍 AI red teaming identifies how deployed AI systems can be manipulated or misused in real operational contexts. It tests the interaction of models with prompts, retrieval, tools, and workflows to produce actionable attack paths rather than isolated examples. This adversarial, continuous approach complements traditional security by focusing on intent, context, policy, and business impact. Teams should inventory systems, threat model by risk, red team early and often, and re-test after changes.
read more →

US Government's Expanding Use of AI Raises Oversight Questions

📰 The Trump administration disclosed an inventory of 3,611 active or planned AI use cases across the federal government, a 70% increase from the Biden-era list, including controversial proposals ranging from grant screening to inmate risk assessment and nuclear reactor control. The brief disclosures lack meaningful context, public consultation, and consistent impact labeling, limiting oversight. The authors argue for rigorous transparency, public comment, and risk assessment frameworks, citing France and Canada as stronger models, while acknowledging some beneficial uses like machine translation.
read more →

Five AI Risk Frameworks to Shore Up Critical Gaps

🧭 Organizations integrating AI find legacy risk frameworks insufficient and are turning to AI-specific guidance. New standards and frameworks offer structured approaches for governance, technical controls, threat modeling, and regulatory alignment. Options include ISO/IEC 42001, NIST AI RMF, ENISA FAICP, ISO/IEC 23894, and Google’s SAIF, each addressing different priorities and maturity levels. Choosing the right framework depends on organizational needs and resource constraints.
read more →

Deploy a Remote MCP Server to GKE in 30 Minutes

🔧 This guide explains how to build and deploy a remote Model Context Protocol (MCP) server on Google Kubernetes Engine (GKE) using the Streamable HTTP transport. It covers prerequisites, creating a simple math MCP server with FastMCP, local testing, containerizing the server, and pushing the image to Artifact Registry. Finally, it details deploying to GKE Autopilot and exposing the server securely with the Kubernetes Gateway API and managed SSL.
read more →

Siemens modernizes legacy code with agentic workflows

🛠️ Siemens and Google Cloud built Knowledge Fabric, an AI system using knowledge graphs on Spanner Graph, the Google Agent Development Kit, and LLM APIs to modernize large industrial codebases. The platform models code relationships with GQL, uses embeddings and ANN for semantic search, and combines full-text search to deliver precise impact analysis. By "slicing the elephant," agentic workflows break large refactors into smaller tasks with human oversight, reducing engineering effort and preserving system integrity.
read more →

xAI Grok 4.3 now available on Amazon Bedrock

🚀 AWS announced that xAI’s Grok 4.3 is now available on Amazon Bedrock, making xAI a model provider on the platform. Grok 4.3 is a reasoning-first model with configurable, always-on reasoning levels and optimized token efficiency. It supports strong tool use, instruction following, and is suited for enterprise tasks like contract and financial document analysis. The model runs on Mantle, Bedrock’s new inference engine supporting tool calling and streaming.
read more →