All news with #ai red teaming tag

🔍 Anthropic has launched Project Glasswing, an initiative that uses Claude Mythos Preview to autonomously locate and remediate undiscovered cybersecurity vulnerabilities in critical software. The private model — described by Anthropic as highly capable for coding and agentic tasks — was tested with launch partners including AWS, Google and Microsoft and reportedly found thousands of previously unidentified zero-day flaws. Anthropic committed up to $100m in usage credits and $4m in donations to support open-source security while keeping Mythos Preview restricted to defenders with guardrails.

🔐 Anthropic launched Project Glasswing to apply a preview of its frontier model, Claude Mythos, to find and help remediate security vulnerabilities in critical software. The company says Mythos Preview has already identified thousands of high‑severity zero‑day flaws and autonomously developed complex exploits in testing. Access is restricted to a small set of vendors and foundations due to abuse risks. Anthropic committed significant usage credits and donations to support coordinated defensive patching while acknowledging prior operational leaks and the risk that the same capabilities could be misused.

🔎 Anthropic's Project Glasswing uses Claude Mythos Preview to autonomously hunt software vulnerabilities and is being offered to a closed consortium of more than 40 organizations, including Amazon, Microsoft, Apple, Google and the Linux Foundation. Anthropic says early tests found thousands of high-severity flaws across operating systems, browsers, and other widely used software, including an allegedly 27-year-old OpenBSD bug. Security leaders warn the development could upend bug-bounty economics, push security upstream, shorten exposure windows, and raise dual-use control questions.

🛡️ At Nutanix .NEXT 2026, Palo Alto Networks highlighted an expanded integration delivering native, automated security across Nutanix environments and was named Nutanix 2026 Global Security Partner of the Year. The partnership extends Layer‑7 protection via VM‑Series virtual firewalls, consistent hybrid cloud policies for Nutanix Cloud Clusters (NC2), and Panorama-driven automation. A forthcoming integration embeds Prisma AIRS into Nutanix Enterprise AI (NAI) to enforce AI Model Security, continuous AI Red Teaming, and unified visibility so only validated models reach production.

🔒 Amazon Bedrock now offers Claude Mythos Preview in a gated research preview as part of Project Glasswing. Anthropic's most advanced model to date demonstrates state-of-the-art capabilities across cybersecurity, software coding, and complex reasoning, identifying sophisticated vulnerabilities and showing exploitability in large codebases with less manual guidance. Access is limited to an allow-list in US East (N. Virginia) through Bedrock; AWS account teams will contact approved organizations.

🔧 The Apache Spark troubleshooting and upgrade agents for Amazon EMR are now available as Kiro powers, providing one-click, AI-assisted Spark operations directly in the Kiro IDE. The troubleshooting power identifies root causes by analyzing logs, metrics, and configurations across EMR on EC2 and EMR Serverless, and offers targeted PySpark code recommendations. The upgrade power automates Spark version migrations—including code transformation, dependency resolution, remote validation, and data quality comparison—compressing upgrades from months to weeks. Both powers connect via MCP Proxy for AWS with IAM role-based authentication and record actions in AWS CloudTrail; they are available in all AWS commercial regions.

🔎 Researcher Hung Nguyen used simple prompts with Anthropic’s Claude Code to rapidly discover zero-day remote code execution flaws in Vim and GNU Emacs, showing that legacy codebases can be probed far faster by advanced LLMs than by conventional fuzzing. Within minutes Claude Code located missing security checks and generated proof-of-concept exploit ideas, prompting a quick patch for Vim (CVE-2026-34714). Emacs' maintainers declined to treat the finding as an Emacs bug, pointing to Git and leaving suggested manual mitigations for affected releases. The episode highlights both the power of AI-assisted research and the attendant risks of simpler exploit development.

🔒 Palo Alto Networks today introduced Prisma AIRS 3.0, a unified security platform designed to secure the emerging AI enterprise and agentic systems across cloud, SaaS, endpoints and browsers. The release emphasizes three pillars—Discover, Assess, Protect—expanding visibility from AI applications to live maps of enterprise agents and surfacing shadow AI. New capabilities include Agent Artifact Scanning, multiagent red teaming, an AI Agent Gateway for centralized policy enforcement, and agent identity controls to govern delegated access. Palo Alto positions the platform as a single control plane to replace point solutions and manage agent-specific runtime threats.

🛑 Google will no longer accept AI-generated bug reports for the Open Source Software Vulnerability Reward Program it funds, citing a rising number of low-quality submissions that often contain hallucinated exploit paths or issues with minimal security impact. To reduce triage overhead, some reward tiers will now require higher-quality proof such as an OSS-Fuzz reproduction or a merged patch. Google says this will help teams focus on high-impact, verifiable vulnerabilities. Separately, the company is contributing to programs that use AI constructively to strengthen open-source security.

🔍 Microsoft introduces CTI-REALM, an open-source benchmark that evaluates AI agents on end-to-end detection engineering by turning real-world cyber threat intelligence into validated detections. The benchmark places agents in realistic, tool-rich environments where they must read CTI reports, explore telemetry, iterate on KQL queries, and produce Sigma rules and KQL-based logic scored against ground truth across Linux, AKS, and Azure. CTI-REALM's checkpoint-based scoring surfaces whether failures arise from CTI comprehension, technique mapping, data-source selection, or query construction, helping teams decide where human oversight and guardrails are required.

🤖 Between January and February 2026, AI-assisted malware development matured from experimentation into operational capabilities that materially change attack economics. What once required coordinated teams can now be executed by a single experienced developer using an AI-powered IDE, accelerating weaponization, iteration, and delivery of attacks. Enterprise productivity and development tools have become enlarged attack surfaces, while automation and agentic workflows enable faster, more evasive intrusion chains. Defenders must shift toward behavior-based detection, robust telemetry, and secure development and supply chain controls.

⚠️ Unit 42 demonstrates a genetic-algorithm-inspired prompt-fuzzing technique that automatically generates meaning-preserving variants of disallowed requests to evaluate LLM guardrails. Their experiments show evasion rates vary widely by keyword and model, with some combinations yielding high, operationally meaningful success rates. They recommend treating LLMs as probabilistic boundaries, applying layered controls, continuous adversarial testing, and using tools like Prisma AIRS and Unit 42 assessments to strengthen defenses.

🔒 Palo Alto Networks has launched Prisma AIRS in the Singapore cloud region to provide locally hosted, AI-native cybersecurity for organizations adopting generative AI and agentic workflows. The regional landing delivers capabilities across AI Model Security, AI Red Teaming, AI Runtime Security, and AI Agent SSPM, addressing risks such as prompt injection, model tampering and sensitive data leaks. Local hosting supports data residency, regulatory alignment and improved performance for enterprises in Singapore.

⚠️ CrowdStrike's latest Global Threat Report finds that in 2025 attackers required an average of just 29 minutes to gain full network access, a roughly 65% acceleration from the prior year. The fastest measured breakout dropped to 27 seconds, and some intrusions began exfiltrating data within four minutes of initial access. Researchers link the shift to a steep rise in AI-assisted operations — attackers using AI grew 89% — citing examples such as the LLM-based malware Lamehug, AI-generated credential-extraction scripts, and AI-crafted identities used for insider-style campaigns. Adam Meyers warns defenders must be faster than attackers as AI compresses the window between intent and execution.

🔍 In the January 27, 2026 OpenSSL security release, twelve previously unknown zero-day vulnerabilities were announced, all originally discovered and responsibly disclosed by our AI research system, AISLE. Ten of the issues were assigned CVE-2025 identifiers and two received CVE-2026 identifiers. One high-profile finding, CVE-2025-15467, is a stack buffer overflow with a NIST CVSS v3 score of 9.8 and has already produced public exploits. Five of the twelve accepted fixes were directly proposed by AISLE, and several bugs dated back to 1998–2000, including code inherited from the original SSLeay implementation.

🔐 CrowdStrike has launched AI Unlocked: Decoding Prompt Injection, an interactive online challenge hosted via Falcon Encounter hands-on labs that immerses security teams in attacker-style prompt injection scenarios. Participants progress through three virtual rooms—Command Center, Data Gateway, and Nexus—using prompt injection techniques to convince the simulated supervisor SAIGE to reveal secret phrases while earning higher scores for brevity and efficiency. The exercise aims to convert abstract AI security risks into practical lessons, helping teams recognize attack patterns and the need for defensive guardrails.

🤖 Unit 42 of Palo Alto Networks found that low-skilled cybercriminals are using LLMs to script extortion campaigns, a technique researchers call vibe extortion. In one case, an intoxicated attacker recorded a threat video and read an AI-generated script verbatim, gaining a professional tone despite lacking technical skill. The report warns that AI is acting as a force multiplier—speeding reconnaissance, crafting convincing lures, and automating extortion tasks—raising risk even from unsophisticated actors and urging immediate mitigations.

⚠️Microsoft warns that legitimate companies are embedding hidden instructions in 'Summarize with AI' buttons to bias chatbot memory and recommendations. The Defender Security Research Team calls this AI Recommendation Poisoning, finding more than 50 distinct prompts from 31 firms across 14 industries that attempt to make assistants 'remember' and favor a source in future conversations. The technique uses prefilled URL parameters and turnkey tools like CiteMET, and Microsoft advises users and organizations to audit assistant memory, avoid untrusted AI links, hover over AI buttons, and hunt for suspicious prompt keywords.

🛡️Wiz has built a 257-challenge benchmark suite to evaluate AI agents across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security. Tests run inside isolated Docker containers with no per-challenge timeouts, use deterministic scoring rubrics, and give each agent three attempts per challenge. The vendor-agnostic framework measures capability rather than throttling, and in Wiz's announcement Claude Code on Claude Opus 4.6 narrowly topped the trials, with Gemini 3 Pro placing second.

🔍 Microsoft Defender Security Research Team describes an AI-assisted workflow that converts unstructured threat reports into actionable detection insights. The system uses LLMs with Retrieval Augmented Generation to extract candidate TTPs, metadata, and required telemetry, then normalizes behaviors to MITRE ATT&CK. Extracted TTPs are compared to a standardized detection catalog via vector similarity search and LLM validation to surface likely coverage and gap recommendations. Human-in-the-loop review, deterministic prompts, and evaluation loops are emphasized to ensure accuracy before operational changes.