All news in category “AI and Security Pulse”

🚀 OpenAI has started expanding its $4 GPT Go plan beyond India, rolling out nudges to free-account users in Indonesia and India and signaling broader regional availability in the coming weeks. Product pages already list pricing in USD, EUR and GBP, suggesting a possible U.S. launch. GPT Go grants access to GPT-5, expanded messaging and uploads, faster image creation, longer memory and limited deep research; GPT Plus ($20) and Pro ($200) tiers provide increasingly advanced capabilities and higher limits.

🔒 This post presents an architecture to enforce strong, source-of-truth authorization for Retrieval-Augmented Generation (RAG) knowledge bases using Amazon S3 Access Grants with Amazon Bedrock. It explains why vector DB metadata filtering is insufficient—permission changes can be delayed and complex identity memberships are hard to represent—and recommends validating permissions at the data source before returning chunks to an LLM. The blog includes a practical Python walkthrough for exchanging identity tokens, retrieving caller grant scopes, filtering returned chunks, and logging withheld items to reduce the risk of sensitive data leaking into LLM prompts.

🔎 OpenAI has rolled out an update to ChatGPT Search that improves accuracy, reliability, and link summarization to reduce hallucinations and make answers easier to verify. The search now better detects shopping intent, surfacing products when appropriate while keeping results focused for other queries, and it improves link summaries so users can follow back to sources. Answers are reformatted for quicker comprehension without sacrificing detail. OpenAI also added an GPT-5 Thinking toggle with adjustable 'juice' effort levels; the changes are rolling out gradually.

⚙️ OpenAI is rolling out a toggle that lets Plus, Pro, and Business subscribers choose how much "thinking" the GPT-5 Thinking model performs, trading off speed, cost, and depth. The simpler toggle UI replaces a tested slider and exposes internal "juice" effort levels — for example, Standard (juice=18) and Extended (64). Pro users also get Light (5) for very fast replies and Heavy (200) for the model's maximum reasoning depth.

⚠️Researchers at Radware disclosed a vulnerability called ShadowLeak in the Deep Research module of ChatGPT that lets hidden, attacker-crafted instructions embedded in emails coerce an AI agent to exfiltrate sensitive data. The indirect prompt-injection technique hides commands using tiny fonts, white-on-white text or metadata and instructs the agent to encode and transmit results (for example, Base64-encoded lists of names and credit cards) to an attacker-controlled URL. Radware says the key risk is that exfiltration can occur from the model’s cloud backend, making detection by the affected organization very difficult; OpenAI was notified and implemented a fix, and Radware found the patch effective in subsequent tests.

🛡️ AI's rapid enterprise adoption requires CISOs to replace inflexible bans with living governance that both protects data and accelerates innovation. The article outlines three practical components: gaining ground truth visibility with AI inventories, AIBOMs and model registries; aligning policies to the organization's speed so governance is executable; and making governance sustainable by provisioning secure tools and rewarding compliant behavior. It highlights SANS guidance and training to help operationalize these approaches.

⚠️A new study, “Mind the Gap,” examines time-of-check to time-of-use (TOCTOU) flaws in LLM-enabled agents and introduces TOCTOU-Bench, a 66-task benchmark. The authors demonstrate practical attacks such as malicious configuration swaps and payload injection and evaluate defenses adapted from systems security. Their mitigations—prompt rewriting, state integrity monitoring, and tool-fusing—achieve up to 25% automated detection and materially reduce the attack window and executed vulnerabilities.

🔒 A centralized proxy architecture on Google Cloud can secure remote Model Context Protocol (MCP) servers by intercepting tool calls and enforcing consistent policies across deployments. Author Lanre Ogunmola outlines five core MCP risks — unauthorized tool exposure, session hijacking, tool shadowing, token/theft and authentication bypass — and recommends an MCP proxy (Cloud Run, GKE, or Apigee) integrated with Cloud Armor, Secret Manager, and identity services for access control, secret scanning, and monitoring. The post emphasizes layered defenses including Model Armor for prompt/response screening and centralized logging to reduce blind spots and operational overhead.

🔐This article reviews emerging attack vectors against large language model assistants demonstrated in 2025, highlighting research from Black Hat and other teams. Researchers showed how prompt injections or so‑called promptware — hidden instructions embedded in calendar invites, emails, images, or audio — can coerce assistants like Gemini, Copilot, and Claude into leaking data or performing unauthorized actions. Practical mitigations include early threat modeling, role‑based access for agents, mandatory human confirmation for high‑risk operations, vendor audits, and role‑specific employee training.

🔎 This article examines methods to infer user satisfaction from untagged chatbot conversations by combining linguistic and behavioral signals. It argues that conventional metrics such as accuracy and completion rates often miss subtle indicators of user sentiment, and recommends unsupervised and weakly supervised NLP techniques to surface those signals. The post highlights practical considerations including privacy-preserving aggregation, deployment complexity, and the potential business benefit of reducing churn and improving customer experience through targeted dialog improvements.

🔒Prisma AIRS offers unified, AI-native security across the full AI lifecycle, from model development and training to deployment and runtime monitoring. The platform focuses on five core capabilities—model scanning, posture management, AI red teaming, runtime security and agent protection—to detect and mitigate threats such as prompt injection, data poisoning and tool misuse. By consolidating workflows and sharing intelligence across Prisma, it aims to simplify operations, accelerate remediation and reduce total cost of ownership so organizations can deploy bravely.

🛡️ Generative AI is now central to enterprise work, but rapid adoption has exposed gaps in legacy security models that were not designed for last‑mile behaviors. The piece argues buyers must reframe evaluations around real-world AI use — inside browsers and across sanctioned and shadow tools — and prioritize solutions offering real-time monitoring, contextual enforcement, and low‑friction deployment. It warns against blunt blocking and promotes nuanced controls such as redaction, just‑in‑time warnings, and conditional approvals to protect data while preserving productivity.

🛡️ Enterprises adopting agentic AI must update red‑teaming practices to address a rapidly expanding and interactive attack surface. The article summarizes the Cloud Security Alliance’s Agentic AI Red Teaming Guide and corroborating research that documents prompt injection, multi‑agent manipulation, and authorization hijacking as practical threats. It recommends five pragmatic steps—change attitude, continually test guardrails and governance, broaden red‑team skill sets, widen the solution space, and adopt modern tooling—and highlights open‑source and commercial tools such as AgentDojo and Agentgateway. The overall message: combine automated agents with human creativity, embed security in design, and treat agentic systems as sociotechnical operators rather than simple software.

🔒 OWASP has published an LLM AI Cybersecurity & Governance Checklist to help executives and security teams identify core risks from generative AI and large language models. The guidance categorises threats and recommends a six-step strategy covering adversarial risk, threat modeling, inventory and training. It also highlights TEVV, model and risk cards, RAG, supplier audits and AI red‑teaming to validate controls. Organisations should pair these measures with legal and regulatory reviews and clear governance.

🧭 Villager, an AI-native penetration testing framework developed by Chinese group Cyberspike, has reached nearly 11,000 downloads on PyPI just two months after release. The tool integrates Kali Linux utilities with DeepSeek AI models and operates as a Model Context Protocol (MCP) client to automate red team workflows. Researchers at Straiker reported that Villager can spin up on-demand Kali containers, automate browser testing, use a database of more than 4,200 prompts for decision-making, and deploy self-destructing containers — features that lower the barrier to sophisticated attacks and raise concerns about dual-use abuse.

🎧 In episode 68 of The AI Fix, hosts Graham Cluley and Mark Stockley blend news, commentary and light-hearted banter while launching a new merch store. The discussion covers real-world harms from AI-generated hoaxes that sent Manila firefighters to a non-existent fire, Albania appointing an AI-made minister, and reports of the so-called 'godfather of AI' being spurned by ChatGPT. They also explore wearable telepathic interfaces like AlterEgo, the rise of AI rights advocacy, and listener support options including ad-free subscriptions and merch purchases.

⚠ Villager is an AI-native red-teaming framework from a shadowy Chinese developer, Cyberspike, that has been downloaded more than 10,000 times in roughly two months. The tool automates reconnaissance, exploitation, payload generation, and lateral movement into a single pipeline, integrating Kali toolsets with DeepSeek AI models and publishing on PyPI. Security firms warn the automation compresses days of skilled activity into minutes, creating dual-use risks for both legitimate testers and malicious actors and raising supply-chain and detection concerns.

🔒 Enterprises face a paradox: AI promises intelligent, automated access control, but hybrid complexity and legacy systems are blocking adoption. Teams report being buried in manual policy creation, vendor integrations and constant firefighting despite mature platforms like Palo Alto Networks, Netskope and Zscaler. AI-driven ZTNA shifts the model from policy-first to behavior-first, building behavioral baselines that generate context-aware policies and can wrap legacy apps without invasive changes. Success requires operational bandwidth, reliable data and a mindset shift to treat access control as a business enabler rather than a compliance burden.

🔒 Astrix introduces the industry's first Agent Control Plane (ACP) to enable secure-by-design deployment of autonomous AI agents across the enterprise. ACP issues short-lived, precisely scoped credentials and enforces just-in-time, least-privilege access while centralizing inventory and activity trails. The platform streamlines policy-driven approvals for developers, speeds audits for security teams, and reduces compliance and operational risk by discovering non-human identities (NHIs) and remediating excessive privileges in real time.

🤖 Security leaders report early wins from AI in detection, triage, and automation, but emphasize limits and oversight. Prioritizing high-value telemetry for real-time detection while moving lower-priority logs to data lakes improves signal-to-noise and shortens response times, according to Myke Lyons. Financial firms are experimenting with agentic AI to block business email compromise in real time, yet researchers and practitioners warn of missed detections and 'ghost alerts.' Organizations that treat AI as a copilot with governance, explainability, and institutional context see more reliable, safer outcomes.