< ciso
brief />
Tag Banner

All news with #ai guardrails tag

33 articles

Prisma AIRS AI Gateway Now Generally Available

🔒 Palo Alto Networks has announced the general availability of Prisma AIRS AI Gateway, an AI control plane designed to provide unified governance, identity, and runtime controls for enterprise AI interactions. The gateway sits inline between agents, AI apps, and model providers to deliver observability, policy enforcement, credential scoping, and runtime inspection. Built from Portkey innovations, it targets scale and security gaps as AI usage and outbound data volumes surge across enterprises.
read more →

Continuous AI Red Teaming as Ongoing Security

🔍 AI security cannot be treated as a one-time certification; it requires an ongoing cycle of adversarial discovery, hardening, and operational resilience. NIST research shows no finite set of guardrails can guarantee permanent robustness, so teams must continuously test, remediate, and monitor systems as models, prompts, and integrations evolve. Effective programs tie red teaming to runtime protection and governance so findings become durable improvements.
read more →

Anthropic redeploys Mythos 5 and Fable 5 with safeguards

🛡️ Anthropic has redeployed Claude Mythos 5 and Claude Fable 5 globally after a brief suspension linked to US export controls, adding new security limitations. Fable 5 now includes an improved safety classifier that blocks reported jailbreaks in over 99% of cases, though it may increase false positives for benign coding tasks. The models will be available across major clouds and selected subscription tiers, and Anthropic is collaborating with government and industry partners on AI security testing and a HackerOne program.
read more →

Amazon Bedrock adds automated policy refinement workflows

🔧 AWS announced automated refinement workflows for Automated Reasoning checks in Amazon Bedrock Guardrails. These checks use formal logic to validate generative AI responses against user-defined policies to detect hallucinations and provide verifiable explanations. The new workflows — iterative policy improvement and ambiguity reduction — help customers refine policies with less manual effort. Both workflows are accessible via the Amazon Bedrock APIs and the AWS Management Console.
read more →

Check Point Integrates OpenAI Frontier Cyber Models

🤖 Check Point is embedding OpenAI frontier cyber models into its security products through the Daybreak Cyber Partner Program to deliver sharper prevention, faster remediation, and stronger security operations. The partnership emphasizes built-in guardrails, misuse monitoring, and task-focused outputs. Initial explorations target agentic network security orchestration and CTEM Agentic Exposure Validation to improve policy translation, configuration validation, exposure summarization, prioritization, and remediation drafting.
read more →

Amazon Bedrock launches per-request Guardrails API

🛡️ Amazon Bedrock Guardrails introduces the InvokeGuardrailChecks API, a resourceless endpoint that lets you apply individual safeguards at any step of agentic AI workflows without creating guardrail resources. The API returns numeric severity and confidence scores so you can set custom thresholds and actions — block, pass, retry, or log — per request. It supports content filters, prompt attack detection, and sensitive information filters and is available in multiple AWS Regions.
read more →

Researchers warn guardrails can enable AI DoS attacks

🛡️ New research shows that reasoning-based AI agent guardrails can be weaponized into denial-of-service vectors by a single poisoned document that traps safety systems in extended thinking loops. The study, from the Hong Kong University of Science and Technology and collaborators, demonstrated large slowdowns across four agent frameworks, with LangGraph suffering the worst impact. The work highlights a tradeoff where stronger guardrail reasoning increases resource use and introduces concentration risk for shared governance.
read more →

Anthropic launches Mythos 5 and guarded Fable 5 AI

🤖 Anthropic has released two new models, Claude Mythos 5 and Claude Fable 5, with Mythos 5 earmarked as an upgraded frontier model for cybersecurity and initially deployed via Project Glasswing. Fable 5 uses the same core model but adds conservative guardrails, routing certain queries to Claude Opus 4.8. Both models are priced significantly lower than previous previews and Fable 5 is already available through Microsoft Foundry.
read more →

Anthropic launches Fable 5 with limited-time access

🔒 Anthropic has released Fable 5, a safer variant of its powerful Mythos-class model, intended to reduce misuse by blocking sensitive cybersecurity, biology, and chemistry queries. The company will route restricted prompts to Opus 4.8, while the unrestricted Claude Mythos 5 remains limited to highly vetted partners. Fable 5 is free temporarily for Pro, Max, and Enterprise users until June 22 but consumes tokens much faster than other models.
read more →

OpenAI Lockdown Mode: Limits, Risks, and Governance

🔒 OpenAI’s Lockdown Mode aims to reduce AI-enabled data exfiltration by disabling web browsing, image support, Deep Research, Agent Mode, network access from generated code, and file downloads while still permitting manually uploaded file analysis. Experts say the feature is a pragmatic but imperfect mitigation that still allows side-channel exfiltration, complicates governance across multiple AI vendors, and shifts responsibility between providers and enterprise security teams.
read more →

Microsoft unveils containment for agentic AI security

🔒 Microsoft announced new controls to contain agentic AI workloads, including the Microsoft Execution Container (MXC) runtime and enhancements to the multi-agent vulnerability research system MDASH. MXC is a policy-driven sandbox for specifying and enforcing access to files, networks, credentials, and resources at runtime across Windows, Linux, and macOS. The company also highlighted Agent 365 SDK, Windows 365 for Agents, and two open-source standards—ASSERT and Agent Control Specifications—to govern agent behavior across platforms.
read more →

The AI Defense Plane: Securing Enterprise AI

🛡️ This article explains why AI requires a unified security architecture — the AI Defense Plane — to discover, protect, govern, and assure AI behavior across employees, applications, and agents. It describes how AI becomes an execution layer that can retrieve data, call tools, and take actions, creating risks that traverse traditional security boundaries. The piece emphasizes runtime protection, coordinated enforcement, and continuous testing to prevent prompt-based attacks, data exposure, and unsafe agent behavior.
read more →

When AI Support Workflows Become an Authorization Risk

🔒 Reporting suggests attackers used Meta’s AI support chatbot to change recovery emails on high-profile Instagram accounts, leading to notable takeovers. The core issue isn’t just prompt injection or a model jailbreak but that the AI operated within a sensitive account recovery workflow with insufficient independent verification. Organizations must treat AI-driven support actions as part of the security boundary and constrain authority, permissions, and verification around such agents.
read more →

Shift AI Security from Models to System-Level Controls

🛡️ Researchers argue enterprises must stop treating AI agents as trusted components and instead secure them as untrusted systems. The paper, authored by teams from Google, UC San Diego, UW–Madison and others, distills five systems-security principles—least privilege, tamper resistance, complete mediation, secure information flow, and human risk—and maps eleven real-world agent attacks to these violations. They caution that stacking ML guardrails is insufficient and propose research directions for separating instructions from data, verifiable least-privilege policies, and information-flow controls.
read more →

RAMPART and Clarity: Open Tools for Agent Safety Workflow

🔒 Microsoft has open-sourced two engineering tools—RAMPART and Clarity—to make agent safety a continuous part of development. RAMPART provides a pytest-style framework that brings red-team and adversarial tests into CI, evaluating tools invoked and side effects. Clarity is a structured design companion that captures problem statements, failure analyses, and decisions in a .clarity-protocol directory. Both aim to create living safety artifacts integrated into normal workflows.
read more →

Cloudflare Findings on Frontier Cybersecurity LLMs

🔍 Cloudflare tested security-focused LLMs on its infrastructure and reports detailed findings from using Anthropic’s Mythos Preview as part of Project Glasswing. The model stood out for exploit chain construction and automated proof generation, producing runnable PoCs and iterating on failures. Its emergent guardrails proved inconsistent across runs and prompts, so Cloudflare built a tailored harness and additional safeguards to scale safely. The team also observed higher-quality, actionable findings compared with earlier frontier models, but noted increased noise from memory-unsafe languages and model bias.
read more →

AWS AI Security Framework: Controls by Layer and Phase

🔒 The AWS AI Security Framework presents a structured model that helps security and business leaders align the right controls to the right use case, at the right layer, and at the right phase so AI can move from prototype to production securely. Its core principle is that you build AI on top of security, not add security later. The post maps controls across three layers—infrastructure, identity and data, and AI application—and across four use cases from answering to agentic and physical AI. It highlights Amazon Bedrock and AgentCore as pillars that decouple model choice from security infrastructure.
read more →

Amazon Bedrock AgentCore adds Chrome policies and CA support

🔒 Amazon now enables Bedrock AgentCore to apply Chrome Enterprise policies to AgentCore Browser and to accept custom root Certificate Authority (CA) certificates for both AgentCore Browser and Code Interpreter. Administrators can leverage 100+ configurable browser policies — such as URL restrictions, disabling password managers, download controls, and kiosk-mode restrictions — to enforce compliance for AI agents. Custom root CA support permits secure TLS connections to internal services and corporate proxies that use enterprise-signed certificates, helping agents operate within strict security environments.
read more →

Securing Homegrown AI Agents with Falcon AIDR & NeMo

🔒 Falcon AIDR now integrates with NVIDIA NeMo Guardrails to provide programmable runtime protections for homegrown AI agents moving into production. The combined solution blocks prompt injection, redacts PII, defangs malicious domains, and moderates unwanted topics while preserving responsive, sub-100ms agent workflows. Teams can leverage 75+ built-in detectors or create custom policies to monitor in report-only mode and then progressively enforce blocks, redactions, encryptions, or transformations.
read more →

Researchers Find Major Security Flaws in LLM Guardrails

🔒 Researchers at Unit 42, Palo Alto Networks' lab, have demonstrated that LLM-based safety and evaluation systems — called AI Judges — can be manipulated via prompt-injection-style token sequences. Their custom fuzzer, AdvJudge-Zero, probes models in a black-box manner, finding low-perplexity formatting tokens that shift internal attention and increase the likelihood of an 'allow' decision. Unit 42 recorded a 99% bypass rate across multiple architectures, and showed that adversarial retraining on fuzzer-discovered examples can reduce that success rate to near zero.
read more →