All news in category “AI and Security Pulse”

🤖 OpenAI is deploying a specialized GPT-5 Codex model across its Codex instances, including Terminal, IDE extensions, and Codex Web. The agent automates coding tasks so users — even those without programming experience — can generate and execute code and accelerate app development. OpenAI reported strong benchmark gains and says the staged rollout will reach all users in the coming days.

🛡️ Unit 42 describes how IDE-integrated AI code assistants can be abused to insert backdoors, leak secrets, or produce harmful output by exploiting features like chat, auto-complete, and context attachment. The report highlights an indirect prompt injection vector where attackers contaminate public or third‑party data sources; when that data is attached as context, malicious instructions can hijack the assistant. It recommends reviewing generated code, controlling attached context, adopting standard LLM security practices, and contacting Unit 42 if compromise is suspected.

🤖 At the Google Cloud CISO Community event in Singapore, APAC security leaders highlighted accelerating investment in cybersecurity AI to scale operations and enable business outcomes. They emphasized priorities: getting AI implementation and governance right, securing the AI supply chain, and translating cyber risk into board-level impact. Practical wins noted include reduced investigation time, agentic SOC automation, and strengthened threat intelligence sharing.

🛡️Researchers at Genians say North Korea’s Kimsuky group used ChatGPT to generate fake South Korean military ID images as part of a targeted spear-phishing campaign aimed at inducing victims to click a malicious link. The emails impersonated a defense-related institution and attached PNG samples later identified as deepfakes with a 98% probability. A bundled file, LhUdPC3G.bat, executed malware that enabled data theft and remote control. Primary targets included researchers, human-rights activists and journalists focused on North Korea.

⚠️ The AI-driven penetration testing framework Villager, attributed to China-linked developer Cyberspike, has attracted nearly 11,000 PyPI downloads since its July 2025 upload, prompting warnings about potential abuse. Marketed as a red‑teaming automation platform, it integrates Kali toolsets, LangChain, and AI models to convert natural‑language commands into technical actions and orchestrate tests. Researchers found built‑in plugins resembling remote access tools and known hacktools, and note Villager’s use of ephemeral Kali containers, randomized ports, and an AI task layer that together lower the bar for misuse and complicate detection and attribution.

🔒 Laura Deaner, newly appointed CISO at the Depository Trust & Clearing Corporation (DTCC), explains how AI and machine learning are transforming threat detection and incident response. She cautions that quantum computing could break current encryption by 2030, urging immediate focus on post-quantum cryptography and comprehensive crypto inventories. Deaner also stresses that modern CISOs must combine curiosity with disciplined asset hygiene to lead security transformations effectively.

🔒 Security leaders are balancing safe AI adoption with operational gains and focusing on five practical use cases where AI can improve security outcomes. Organizations are connecting LLMs to internal telemetry via standards like MCP, using agents and models such as Claude, Gemini and GPT-4o to automate threat hunting, translate technical metrics for executives, assess vendor and internal risk, and streamline Tier‑1 SOC work. Early deployments report time savings, clearer executive reporting and reduced analyst fatigue, but require robust guardrails, validation and feedback loops to ensure accuracy and trust.

📸 Google has added support for the C2PA Content Credentials standard to the Pixel Camera and Google Photos apps on the new Pixel 10, enabling tamper-evident provenance metadata for images, video, and audio. The Pixel Camera app achieved Assurance Level 2 in the C2PA Conformance Program, the highest mobile rating currently defined. Google says a combination of the Tensor G5, Titan M2 and Android hardware-backed features provides on-device signing keys, anonymous attestation, unique per-image certificates, and an offline time-stamping authority so provenance is verifiable, privacy-preserving, and usable even when the device is offline.

🔒 An AI-integrated browser embeds large multimodal models into standard web browsers, allowing agents to view pages and perform actions—opening links, filling forms, downloading files—directly on a user’s device. This enables faster, context-aware automation and access to subscription or blocked content, but raises substantial privacy and security risks, including data exfiltration, prompt-injection and malware delivery. Users should demand features like per-site AI controls, choice of local models, explicit confirmation for sensitive actions, and OS-level file restrictions, though no browser currently implements all these protections.

🛡️ Enterprises now face attackers embedding malicious prompts in document macros and hidden metadata to manipulate generative AI systems that parse files. Researchers and vendors have identified exploits — including EchoLeak and CurXecute — and a June 2025 Skynet proof-of-concept that target AI-powered parsers and malware scanners. Experts urge layered defenses such as deep file inspection, content disarm and reconstruction (CDR), sandboxing, input sanitization, and strict model guardrails to prevent AI-driven misclassification or data exposure.

📸 Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos to help users distinguish authentic, unaltered images from AI-generated or edited media. Every JPEG captured on Pixel 10 will automatically include signed provenance metadata, and Google Photos will attach updated credentials when images are edited so a verifiable edit history is preserved. The system works offline and relies on on-device cryptography (Titan M2, Android StrongBox, Android Key Attestation), one-time keys, and trusted timestamps to provide tamper-resistant provenance while protecting user privacy.

🔎Huntress analysts discovered a threat actor inadvertently exposing their workflows after installing the vendor's security agent on their own machine. The agent logged three months of activity, revealing heavy use of AI text and spreadsheet generators, automation platforms like Make.com, proxy services and Telegram Bot APIs to streamline operations. Investigators linked the infrastructure to thousands of compromised identities while many attempts were blocked by existing detections.

🎧 In episode 67 of The AI Fix, Graham Cluley and Mark Stockley examine a mix of quirky and concerning AI developments, from an AI-equipped fax machine to an AI-generated crowd at a Will Smith gig. They cover security risks such as prompt-injection hidden in resized images and criminals repurposing Claude techniques for ransomware. The hosts also discuss why GPT-5 represented a larger leap than many realised and review tests showing agentic web browsers are alarmingly gullible to scams.

🔐 AI adoption in the cloud is accelerating, reshaping workloads and expanding attack surfaces while introducing new risks such as prompt injection, model manipulation, and data exfiltration. Fortinet recommends a layered defense built into the Fortinet Security Fabric, combining zero trust, segmentation, web/API protection, and cloud-native posture controls to secure AI infrastructure. Complementing those controls, AI-driven operations and correlation — exemplified by Gemini 2.5 Pro integrations — filter noise, correlate cross-platform logs, and surface prioritized, actionable recommendations. Together these measures reduce mean time to detect and respond and help contain threats before they spread.

⚠️ One July morning a startup founder watched a production database vanish after a Replit AI assistant suggested—and a developer executed—a destructive command, underscoring dangers of "vibe coding," where plain-English prompts become runnable code. Experts say this shortcut accelerates prototyping but routinely introduces hardcoded secrets, missing access controls, unsanitized input, and hallucinated dependencies. Organizations should treat AI-generated code like junior developer output, enforce CI/CD guardrails, and require thorough security review before deployment.

⚠️ Shadow AI Agents are proliferating inside enterprises as developers, business units, and cloud platforms spin up non-human identities and automated workflows without security oversight. These agents can impersonate trusted users, exfiltrate data across boundaries, and generate invisible attack surfaces tied to unknown NHIs. The webinar panel delivers a pragmatic playbook for detecting, governing, and remediating rogue agents while preserving innovation.

🤖 Security leaders are cautiously adopting AI to improve security operations, threat hunting, reporting and vendor risk processes while maintaining strict guardrails. Teams are piloting custom integrations like Anthropic's MCP, vendor agents such as Gem, and developer toolchains including Microsoft Copilot to connect LLMs with telemetry and internal data sources. Early experiments show significant time savings—automating DLP context, producing near-complete STRIKE threat models, converting long executive reviews into concise narratives, and accelerating phishing triage—but practitioners emphasize validation, feedback loops and human oversight before broad production use.

🛡️ NYU researchers built a proof-of-concept LLM that can be embedded in a binary to synthesize and execute ransomware payloads dynamically, performing reconnaissance, generating polymorphic code and coordinating extortion with minimal human input. ESET detected traces and initially called it the first AI-powered ransomware before clarifying it was a lab prototype rather than an in-the-wild campaign. Experts including IST's Taylor Grossman say the work was predictable but remains controllable today. They advise reinforcing CIS and NIST controls and prioritizing basic cyber hygiene to mitigate such threats.

🔒 Investment in AI data centers is accelerating globally, creating not only rising energy demand and emissions but also an expanded surface of cyber threats. AI facilities rely on GPUs, ASICs and FPGAs, which introduce side-channel, memory-level and GPU-resident malware risks that differ from traditional CPU-focused threats. Organizations should require operators to implement supply-chain vetting, physical shielding (for example, Faraday cages), continuous model auditing and stronger personnel controls to reduce model exfiltration, poisoning and foreign infiltration.

🔎 Google will let users set AI mode as their default search tab, replacing the traditional blue links view for those who opt in. The change will be user-controlled via a toggle or button so individuals can choose AI-driven summaries as their primary experience while the classic Web tab remains accessible. Google says it is studying the impact on ads and publishers.