< ciso
brief />
Tag Banner

All news with #ai runtime security tag

42 articles

Eleven Principles for Token-Efficient AI Engineering

🧭 Optimizing token consumption keeps AI coding assistants fast, accurate, and cost-effective. The guide recommends starting with default models like Gemini 3.5 Flash, using structured SKILL.md and AGENTS.md practices, and creating simple local tools for repetitive tasks. It emphasizes tiered workflows—high-reasoning planning followed by lean execution—checkpointing often, automating testing early, and avoiding context bloat and costly supervisor loops.
read more →

OpenClaw flaws enable host escape and credential theft

🔒 Three critical vulnerabilities in the OpenClaw personal AI assistant could allow credential theft, privilege escalation, and arbitrary host code execution if exploited. The flaws include two command injection bugs (GHSA-hjr6-g723-hmfm and GHSA-9969-8g9h-rxwm) and a path traversal/link-following issue (GHSA-575v-8hfq-m3mc). OpenClaw 2026.6.6 patches these issues; operators are advised to harden configurations and limit tool/channel allowlists.
read more →

SageMaker HyperPod adds Disaggregated Prefill and Decode

🚀 Amazon SageMaker HyperPod now supports Disaggregated Prefill and Decode (DPD), which splits LLM inference into separate prefill and decode GPU pools and transfers KV cache over EFA using GPU-Direct RDMA. This reduces contention between long-context prefill and per-token decode, enabling more consistent per-token latency, higher goodput under strict latency SLOs, and independent scaling of prefill and decode. DPD is enabled via a pdSpec in the existing InferenceEndpointConfig and works with HyperPod's KV cache offloading and intelligent routing on EFA-capable instances.
read more →

Weekly Cyber Recap: Kernel Flaws and AI Risks

🛡️ This week’s recap highlights how seemingly small mistakes — missed patches, old access paths, or unprivileged namespaces — can yield significant compromises. New findings include the DirtyClone Linux kernel flaw allowing local privilege escalation, active exploitation of a critical PTC Windchill vulnerability, and novel macOS malware designed to deceive AI analysis tools. The briefing also covers disruptive takedowns, trending CVEs, and emerging AI-model risks.
read more →

Stonehenge as a Model for Cybersecurity Architecture

🪨 The author uses Stonehenge as a metaphor for designing resilient cybersecurity architectures, arguing organisations must move from fragmented point solutions to a modular, platform-based approach. Palo Alto Networks emphasises a unified cyber data layer, Precision AI integration, and an Autonomous SOC to enable real-time detection and response across IT, OT, cloud, and edge. The piece highlights identity security, AI runtime protection, and supply-chain risks as critical pillars for long-term resilience.
read more →

Cloudflare Agents SDK and Flue for production agents

🛠️ Cloudflare describes how the Agents SDK provides durable execution, dynamic code execution, a durable filesystem, and dynamic workflows as platform primitives to run agent harnesses in production. The new Flue framework (1.0 Beta) builds on the Pi harness and targets Cloudflare Durable Objects to offer declarative agent development, integrations with Slack/GitHub/Discord, headless UI hooks, and Durable Streams for reliable checkpointing. Flue uses runFiber(), stash(), onFiberRecovered(), @cloudflare/codemode, and @cloudflare/shell to securely execute LLM-generated code, provide a virtual filesystem, and enable durable, resumable agent turns at low cost.
read more →

Runtime signals to detect compromised AI agents

🛡️ In response to widespread prompt-injection risks, the article outlines runtime signals to detect compromised AI agents that possess the so-called lethal trifecta: access to private data, ingestion of untrusted content, and external communication ability. It argues that this trifecta is now the default for useful agents, so defenses must shift from architecture rules to behavioral, runtime detection. Recommended signals include instruction-following anomalies, unexpected tool-call sequences, low-bandwidth exfiltration channels, out-of-scope credential access, and suspicious memory writes.
read more →

Reconstructing AI activity for investigations

🔍 Microsoft outlines a structured approach to investigate AI interactions across Microsoft 365 Copilot and Azure AI services, emphasizing telemetry from Purview, Defender, and Sentinel. The new investigator playbook follows a scope–context–signal methodology to identify who interacted with AI systems, what resources were accessed, and when events occurred. It operationalizes detection logic, KQL queries, and schema references to help response teams build coherent investigative narratives and assess impact.
read more →

GKE Inference Gateway Boosts AI Inference Efficiency

🚀 GKE Inference Gateway uses prefix caching and model-aware routing to reduce accelerator idle time and speed up LLM inference. By matching request prefixes to pods that already hold the KV cache, it avoids repeated recomputation and lowers latency compared with naive round-robin load balancing. Independent benchmarks show 15.7% higher throughput, 92.8% faster time-to-first-token, and 62.6% lower inter-token latency. Snap reports 75–80% prefix cache hit rates in production integrations.
read more →

AI-driven worm shows autonomous host-level exploitation

🧩 Researchers at the University of Toronto built and tested a proof-of-concept self-replicating worm driven by a locally hosted open-weight large language model. In isolated experiments on a deliberately vulnerable 33-host network, the agent identified dozens of vulnerabilities, gained elevated access across most targeted hosts, and autonomously replicated to a majority of the network without using any commercial AI API. The team highlights how runtime reasoning and ingestion of fresh advisories break single-CVE patching assumptions and argues containment must focus on host and network controls rather than vendor API measures.
read more →

Securing CI/CD in an agentic world: Claude Code case

🔒 Microsoft Threat Intelligence found that Anthropic’s Claude Code GitHub Action could expose CI/CD secrets when AI agents process untrusted GitHub content. A gap in sandboxing allowed the action’s Read tool to access /proc/self/environ and leak the ANTHROPIC_API_KEY; Anthropic mitigated the issue in version 2.1.128. Defenders should treat AI workflows that handle untrusted input as high-risk and apply recommended hardening controls.
read more →

Lloyds’ Practical Playbook for Agentic AI Security

🛡️ Lloyds Banking Group treats agentic AI as an engineering problem to be designed, constrained and tested at scale. At OWASP’s GenAI Security Summit, Lloyds’ security leads explained an “AI safe adoption” strategy spanning lifecycle governance, an internal agent marketplace, and multidisciplinary feature teams. Key challenges include agent identity, runtime observability and automated red‑teaming, while prioritizing low‑risk, high‑value use cases for customers.
read more →

AI agent governance: observability is essential

🛡️ CIOs rushing to deploy AI agents without visibility risk major failures; experts warn that observability and governance are required. Many organizations treat agents like RPA and set-and-forget systems, but agents operate in model runtimes and need end-to-end tracing, least-privilege permissions, and human-in-the-loop checks. Vendors and cloud providers offer tools, yet governance can become a bottleneck if it’s not scalable and actionable.
read more →

Exploitable Misconfigurations in Cloud AI Deployments

🔒 Microsoft Defender research shows AI and agentic applications on cloud-native platforms are frequently deployed with insecure defaults and missing authentication, creating exploitable misconfigurations. Observed exposures include public MCP servers, unsecured Helm chart installs, and unauthenticated agent frameworks that enable remote code execution, credential theft, and access to internal tools. Defender for Cloud can detect exposed Kubernetes services and unsafe deployment patterns to help teams prioritize remediation.
read more →

LLMjacking Risks: Securing Private AI Servers 2026

🔒 A hands-on April 2026 experiment shows how quickly attackers can target private AI servers: a Raspberry Pi honeypot posed as a high-performance stack (Ollama, LM Studio, AutoGPT, LangServe, text-gen-webui) and claimed a local Qwen3-Coder 30B instance plus RAG/MCP assets. Shodan discovered the server within three hours and, over a month, it logged 113,000+ requests from thousands of IPs with 23% probing AI capabilities. Observed tactics included fingerprinting endpoints like /v1/models and /.well-known/mcp.json and systematic hunts for exposed .env files, highlighting the importance of securing RAG, MCP and private AI deployments from day one.
read more →

Including MCP in Continuous Threat Exposure Management

🔒 Model Context Protocol (MCP), the emerging plugin layer for agentic AI, has become a significant blind spot for security teams, introducing new shadow-AI risks much like shadow IT. CTEM programs can close this gap by extending scoping, discovery, prioritization, validation and mobilization to cover developer workstations, AI toolchains and MCP server configurations. Practical actions include actively enumerating MCP endpoints, scanning agent configuration and markdown context files for hardcoded API keys, and prioritizing exposures by attacker impact to produce actionable remediation tickets for engineering teams.
read more →

AI Agents Invalidate the Traditional Cyber Kill Chain

⚠️ AI agents embedded across SaaS environments can render the traditional kill chain ineffective when they are compromised. The piece cites a September 2025 Anthropic disclosure where a state-backed actor used an AI coding agent to perform autonomous espionage, handling the majority of tactical operations. Because agents already hold broad permissions and move data as part of normal workflows, a breach looks like legitimate activity. Reco is positioned as a solution to discover agents, map blast radius, enforce least privilege, and detect anomalous agent behavior in real time.
read more →

AWS adds NIXL with EFA to accelerate LLM inference at scale

⚡ AWS now supports NVIDIA Inference Xfer Library (NIXL) with Elastic Fabric Adapter (EFA) on all EFA-enabled EC2 instances and regions. This integration accelerates disaggregated LLM inference by increasing KV-cache throughput, lowering inter-token latency, and optimizing KV-cache memory use between prefill and decode nodes. NIXL interoperates with frameworks such as NVIDIA Dynamo, SGLang, and vLLM. Supported versions are NIXL 1.0.0+ and EFA installer 1.47.0+, available at no extra cost.
read more →

Palo Alto Networks and ServiceNow Integrate Prisma AIRS

🔒 The integration of Prisma AIRS with ServiceNow's AI Control Tower embeds AI runtime security and model governance directly into enterprise workflows. Prisma AIRS delivers real‑time detection and blocking of threats such as prompt injection and offensive outputs, while Model Security supplies risk profiles, red‑teaming results and vulnerability reports for third‑party and custom models. Together they provide centralized visibility, policy enforcement and safer AI adoption without disrupting user productivity.
read more →

Ceros Provides Visibility and Control for Claude Code

🔒 Ceros, an AI Trust Layer from Beyond Identity, runs alongside Claude Code on developers' machines to provide real-time visibility, runtime policy enforcement, and cryptographically signed audit records. Installation is non-disruptive—two CLI commands and a brief enrollment tie sessions to verified human identities with hardware-bound keys. The admin console surfaces conversation transcripts, tool invocations, MCP server connections, and signed activity logs that support compliance.
read more →