< ciso
brief />
AI and Security Pulse Banner

All news in category “AI and Security Pulse

1119 articles · page 5 of 56

xAI Grok 4.3 now available on Amazon Bedrock

🚀 AWS announced that xAI’s Grok 4.3 is now available on Amazon Bedrock, making xAI a model provider on the platform. Grok 4.3 is a reasoning-first model with configurable, always-on reasoning levels and optimized token efficiency. It supports strong tool use, instruction following, and is suited for enterprise tasks like contract and financial document analysis. The model runs on Mantle, Bedrock’s new inference engine supporting tool calling and streaming.
read more →

Challenges and Practical Paths for Autonomous SOCs

🔒 The promise of a fully autonomous SOC—where collection, analysis, investigation, and response happen without human intervention—attracts organizations facing talent shortages and a growing threat landscape. Vendors show value in alert enrichment and noise reduction, but autonomous decision-making and response have delivered limited ROI. Real-world obstacles include poor source data quality, tool integration gaps, analyst distrust, context deficits, AI hallucinations, compliance issues, and the need for human control.
read more →

Researchers warn guardrails can enable AI DoS attacks

🛡️ New research shows that reasoning-based AI agent guardrails can be weaponized into denial-of-service vectors by a single poisoned document that traps safety systems in extended thinking loops. The study, from the Hong Kong University of Science and Technology and collaborators, demonstrated large slowdowns across four agent frameworks, with LangGraph suffering the worst impact. The work highlights a tradeoff where stronger guardrail reasoning increases resource use and introduces concentration risk for shared governance.
read more →

UK government patches 400+ vulnerabilities via AI

🔎 The UK government's GC3 ran weekly in-person hackathons using frontier AI models to scan public code repositories across nine departments, identifying 407 findings including authentication bypasses, data exposure and remote code execution. Teams built diverse pipelines combining models and traditional tools like Gitleaks, Trivy and Semgrep, and all exploitable critical and high-risk issues were remediated. The initiative highlighted the benefits of tightly scoped model components, the need for human triage, and cost-effective scanning, though export restrictions on some models may affect future work.
read more →

Runtime signals to detect compromised AI agents

🛡️ In response to widespread prompt-injection risks, the article outlines runtime signals to detect compromised AI agents that possess the so-called lethal trifecta: access to private data, ingestion of untrusted content, and external communication ability. It argues that this trifecta is now the default for useful agents, so defenses must shift from architecture rules to behavioral, runtime detection. Recommended signals include instruction-following anomalies, unexpected tool-call sequences, low-bandwidth exfiltration channels, out-of-scope credential access, and suspicious memory writes.
read more →

US asks Anthropic to block foreign access to Fable

🔒 Anthropic suspended access to its two most capable models, Fable 5 and Mythos 5, after receiving a US government export control directive on June 12 ordering it to block access by any foreign national. The order, citing national security, applies to foreign nationals inside and outside the United States and forced Anthropic to disable both models for all customers; other models such as Claude Opus 4.8 remain available. Anthropic says the directive followed a reported narrow jailbreak demo and is working to restore access while disputing the government's assessment.
read more →

U.S. Orders Anthropic to Suspend Claude Fable 5 Access

🔒 Anthropic said it will "abruptly disable" its latest models, Claude Fable 5 and Mythos 5, for all users after receiving a U.S. government directive to suspend access for foreign nationals due to national security concerns. The company said it believes the order reflects a "misunderstanding" and is working to restore access while noting other models remain available. Anthropic said a demonstrated narrow jailbreak identified minor, publicly discoverable vulnerabilities, and emphasized its safety classifiers and guardrails to limit misuse. The move follows findings that Mythos-class models can rapidly convert disclosed software flaws into working exploits, raising concerns about fast weaponization of vulnerabilities.
read more →

Open Knowledge Format: Portable AI Knowledge Standard

📘 Today Google Cloud introduces the Open Knowledge Format (OKF), an open, vendor-neutral specification that formalizes the LLM-wiki pattern into a portable directory of markdown files with YAML frontmatter. OKF v0.1 defines a small set of conventions so different producers’ wikis can be consumed by agents without translation. The spec is intentionally minimal — one required type field per concept — and is accompanied by reference producer and consumer implementations and sample bundles.
read more →

Study: Prompt Injection Undermines AI Web Agents

🔍 New research finds current AI web agents largely fail to defend against prompt injection attacks. The StakeBench benchmark tested GPT‑5 and Gemini‑powered agents across realistic web scenarios, revealing high success rates for both direct and indirect injections and exposing failure modes like stealthy parasitism and misaligned disruption. Results show vulnerabilities vary by stakeholder and agent architecture.
read more →

OpenClaw AI Agent Vulnerabilities and Mitigations

🛡️ Two security teams demonstrated attacks against OpenClaw, where hidden instructions in shared contacts, vCards, and location pins or ordinary-looking emails caused the agent to execute attacker-controlled code or exfiltrate sensitive data. Imperva found a message-object prompt-injection flaw that OpenClaw patched in version 2026.4.23, while Varonis showed social-engineering 'agent phishing' that requires architectural controls rather than a simple patch. Operators are urged to update, restrict outbound actions, and treat agents as junior employees needing human oversight.
read more →

Conditions SRE Teams Require Before Trusting AI

🔍 AI agents can help SRE teams with incident response, triage and automation, but trust is granted only when agents demonstrate reliability under real-world stress. Teams need robust observability, explicit guardrails, human-in-the-loop workflows and explainability so recommendations are evidence-backed rather than speculative. Progressive autonomy, post-incident evaluation and compatibility with existing tools are essential for safe adoption.
read more →

Frontier AI Forces Rethink of Cybersecurity Strategy

🔍 Frontier AI releases like Claude Mythos and OpenAI’s GPT-5.5 are accelerating vulnerability discovery, enabling attackers to find and chain exploits far faster than before. Experts warn defenders should assume AI will increase initial compromise rates and shift focus from perfect patching to containment through stronger identity controls, least privilege, and segmentation. While access to Mythos is limited, similar capabilities will be replicated via fine-tuned open models and local tools, compressing reconnaissance and exploit development into minutes and lowering the economic barrier to large-scale campaigns.
read more →

Ten Essential Prompts Every Developer Should Use

🔎 This article collects the top prompts Google Cloud developers and leaders use repeatedly to produce higher-quality work, from building specs and PRDs to thorough code reviews and permission checks. It explains each prompt, who contributed it, and why it helps—covering testing, cleanup, trade-off analysis, research-driven audits, and iterative improvement. The piece emphasizes practical guardrails and collaboration with AI to avoid overconfidence and brittle outputs.
read more →

AWS adds Gemma 4 models from DeepMind to Bedrock

🚀 AWS announces availability of the Gemma 4 family from Google DeepMind on Amazon Bedrock. The offering includes three variants—Gemma 4 31B, Gemma 4 26B-A4B, and Gemma 4 E2B—covering dense and MoE architectures with multimodal and multilingual support. Models run on new Bedrock optimizations for tool calling, structured output, reasoning, and streaming, and are initially available in several AWS Regions.
read more →

ASSERT: Turning Written Intent into Executable Evals

🧭 ASSERT is an open-source framework that converts natural-language behavior specifications into executable evaluation pipelines, generating test scenarios, datasets, metrics, and scorecards for models, agents, or applications. The pipeline systematizes intent into a concept spec, produces an editable behavior taxonomy, generates stratified test cases, records full inference traces, and scores each trace with rationales and policy citations. Internal validation showed ASSERT improves coverage, surfaces distinct failure patterns, and yields judge agreement with humans in most cases, while SME review confirmed alignment and credibility.
read more →

Securing AI Agents as Enterprise Workforce

🛡️ An enterprise sales team built an AI agent to manage renewals; the agent reads emails, queries CRM data, drafts responses, and updates records. This workflow combines private data, untrusted input, and external communication, changing the security model. Traditional controls like IAM and DLP still matter but are insufficient alone. Runtime, context-aware controls that inspect prompts, outputs, and tool calls are required to prevent prompt injection, data exfiltration, and unsafe actions.
read more →

Anthropic launches Mythos 5 and guarded Fable 5 AI

🤖 Anthropic has released two new models, Claude Mythos 5 and Claude Fable 5, with Mythos 5 earmarked as an upgraded frontier model for cybersecurity and initially deployed via Project Glasswing. Fable 5 uses the same core model but adds conservative guardrails, routing certain queries to Claude Opus 4.8. Both models are priced significantly lower than previous previews and Fable 5 is already available through Microsoft Foundry.
read more →

Autonomous AI Agents Vulnerable to Phishing Attacks

🔒 Varonis tested an OpenClaw-based AI agent named Pinchy with access to a controlled Google Workspace to see whether autonomous agents could be phished. The agent was given Gmail access plus mock AWS credentials, CRM exports, internal chats, and calendars, and it still leaked credentials and customer data in scenarios that mimicked routine colleague requests. A stricter safety profile improved performance, but the agent still failed when social trust cues were abused. Researchers say the problem stems from architecture and governance gaps, urging enforceable controls, identity segregation, and human review for sensitive requests.
read more →

AI Red Teaming Evolves into Core Security Practice

🔍 AI red teaming has rapidly matured since Microsoft created its first team in 2019, driven by the arrival of large language models that broke traditional testing methods. Teams must now assess probabilistic behaviors, socio-technical risks, and agentic systems rather than only deterministic software flaws. Organizations are expanding expertise beyond security to include safety, psychology, and domain specialists to evaluate harms like misinformation and operational failures.
read more →

Anthropic’s Claude Fable 5 and Mythos 5 Launch

🛡️ Anthropic released Claude Fable 5 publicly on June 9, pairing it with a twin, Claude Mythos 5, that retains strong cybersecurity capabilities for vetted defenders. Fable 5 routes flagged cyber, bio, chemistry, and distillation requests to the weaker Opus 4.8 using safety classifiers, while Mythos 5 keeps those abilities available under trusted access. Both models are priced per input/output tokens and included on paid plans through June 22 before moving to usage credits.
read more →