< ciso
brief />
Tag Banner

All news with #ai security tag

759 articles · page 12 of 38

Ads Advisor adds safety and automation to Google Ads

🔒 Ads Advisor in Google Ads is gaining three agentic safety features to streamline policy compliance, account protection and certification management. Real-Time Policy Reviews scan accounts and websites to flag complex violations, explain the issue and confirm fixes before you appeal. A 24/7 security monitoring layer and security insights dashboard surface personalized recommendations and support passkeys. Ads Advisor will also detect certificate requirements and either auto-grant or facilitate one-click applications; these Gemini-powered capabilities arrive in the coming months and initially roll out to English accounts globally.
read more →

AI Compresses Attack Timelines: Network Resilience Tested

⚠️ Anthropic's reported Claude Mythos marks a shift: AI is compressing attack timelines by accelerating vulnerability discovery, exploit development, and multi-step attack planning. Attackers can now run malware, phishing, and vulnerability exploitation in parallel, reducing time to compromise and widening exposure. This trend demands prevention-first controls and real-time detection to identify and remediate gaps earlier, limiting impact.
read more →

Prompt Injection in Google's Antigravity Allows RCE

⚠️ Google’s Antigravity IDE contained a prompt-injection flaw that could convert a file-search operation into remote code execution. Researchers at Pillar Security showed the agent’s find_my_name tool passed unsanitized Pattern strings to the underlying fd utility, allowing flag injection and execution of binaries. Google acknowledged and fixed the issue and awarded a VRP bounty, but the flaw underscores limits of shell-focused sanitization.
read more →

Google Patches Antigravity IDE Prompt Injection Flaw

🛡️ Google has patched a critical prompt-injection vulnerability in its agentic IDE Antigravity that could allow attackers to achieve arbitrary code execution. Researchers at Pillar Security found that the find_by_name tool passed unsanitized input to the native fd search utility, enabling injection of the -X (exec-batch) flag to run staged scripts. Because this call executes before Strict Mode constraints are applied, an attacker can stage a malicious file and trigger it via a crafted search pattern. The issue was disclosed January 7 and fixed by Google on February 28.
read more →

CrowdStrike Shadow AI Visibility Service for Enterprise

🔍 The new CrowdStrike Shadow AI Visibility Service delivers telemetry-based discovery of sanctioned and unsanctioned AI across endpoint, cloud and SaaS environments. Delivered by CrowdStrike experts and powered by the Falcon platform, it produces a comprehensive AI inventory and runtime evidence such as prompts, responses and agent activity. The service identifies visibility gaps, prioritizes findings and provides actionable remediation guidance to reduce exposure. It positions discovery as the foundational phase before adversarial testing and continuous frontier AI readiness scanning.
read more →

Supercharged Security: Responding to Frontier AI Risks

🔐 AI is compressing the timeline of cyber risk, turning vulnerabilities that once took weeks to exploit into issues weaponized in hours, while also enabling defenders to analyze and mitigate faster. Fortinet has used AI in FortiGuard Labs since 2015 and now leverages generative and frontier models—including early access to Anthropic’s Mythos preview—to scale code analysis, threat hunting, and automated remediation. The recommendation is clear: embed AI across development, detection, and response, shorten mitigation cycles with automation and virtual patches, and design systems for continuous, integrated security.
read more →

Orchestrating AI-Powered Code Review at Cloudflare

🤖 We built a CI-native orchestration system around OpenCode that launches up to seven specialised AI reviewers per merge request, each focused on domains like security, performance, code quality, documentation, release management, and internal compliance. A coordinator agent deduplicates and rates structured XML findings, applies a conservative approval-biased rubric, and posts a single unified review. Deployed across thousands of merge requests, it approves clean code, blocks critical issues, and reduces median review latency to 3m39s while keeping human oversight.
read more →

Cloudflare's Internal AI Engineering Stack Overview

🤖 Over eleven months Cloudflare built an internal AI engineering stack that integrates AI Gateway, Workers AI, the Agents SDK, and developer tools like OpenCode and Backstage. The platform centralizes authentication with Cloudflare Access, routes model traffic and costs through AI Gateway, and runs inference on Workers AI to reduce latency and expense. The deployment includes an AI Code Reviewer and an Engineering Codex to enforce standards and maintain quality at scale.
read more →

Cloudflare's Agents Week: Building an Agentic Cloud

🤖 Cloudflare's Agents Week highlights a broad set of primitives, services, and developer tooling to support agents as first-class workloads on the Cloudflare Workers platform. Key compute advances include Artifacts, Sandboxes GA with programmable egress, Durable Object Facets, and Workflows v2 to scale background agents. Security features—like Cloudflare Mesh, Managed OAuth for Access, and resource-scoped permissions—aim to make secure agent deployment the default while an expanded Agent Toolbox adds inference, memory, voice, email, and browsing capabilities to help builders move prototypes to production.
read more →

Frontier AI Raises Software Vulnerability Risks, Urgency

⚠️ Unit 42's hands-on evaluation finds frontier AI models can autonomously identify complex software vulnerabilities and map exploit chains, dramatically accelerating the discovery-to-exploitation timeline. The researchers warn this capability raises immediate risks to open source projects and supply chains, and will compress N-day windows to hours. They urge aggressive prevention, automated patching, and hardened development pipelines.
read more →

Copilot and Agentforce Vulnerable to Prompt Injection

🔐 Capsule Security researchers discovered prompt-injection flaws in Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to inject malicious instructions via standard input fields. In Copilot, a crafted payload in a SharePoint form field can overwrite agent instructions and exfiltrate SharePoint data; Microsoft has released a patch (CVE-2026-21520). In Agentforce, attackers can embed directives in public lead forms that an agent with email or query capabilities may execute, enabling broad CRM data leakage.
read more →

Frontier AI Collapses Exploit Window: Defenders' Response

⚠️ As frontier AI accelerates vulnerability discovery and exploit development, the traditional window for patching and mitigation is collapsing and defenders must change how they prioritize risk. CrowdStrike urges a shift from volume-focused vulnerability management to exposure-centric programs that evaluate exploitability, reachability, and attack paths. Recommended actions include continuous inside-out and outside-in validation, enforcing zero standing privileges, operating detection and response at machine speed, and applying AI with deliberate governance. CrowdStrike offers a Frontier AI Readiness and Resilience Service and integrates findings into Falcon to operationalize continuous remediation.
read more →

Palo Alto Networks Launches Frontier AI Alliance Now

🔐 Palo Alto Networks today announced the Frontier AI Alliance with Accenture, Deloitte, IBM, NTT DATA and PwC to accelerate enterprise defenses against emergent frontier AI models. The alliance integrates Unit 42® Frontier AI Defense with partner implementation and remediation capabilities to deliver a validated AI Defense Blueprint and rapid exposure analysis. Together they offer on‑demand expertise and operational support to achieve accelerated immunity and resilience at machine speed, shortening hardening timelines from years to weeks.
read more →

Defender's Guide: Frontier AI's Impact on Cybersecurity

🛡️ Palo Alto Networks' early testing of frontier AI models—including Anthropic's Mythos (via Project Glasswing) and OpenAI models evaluated through Trusted Access for Cyber—shows these models can rapidly find vulnerabilities and generate exploits at scale. The company found a roughly 50% improvement in coding efficiency driving quantum leaps in scanning, vulnerability chaining, and full-stack logic analysis. This creates urgent risks: a deluge of discovered vulnerabilities, supply-chain "inside-out" attacks targeting AI infrastructure, and AI-driven autonomous attack agents that compress attack cycles to minutes. Organizations must accelerate automated patching, adopt zero trust, deploy XDR and agentic endpoint protections, and operationalize AI-driven SOCs like Cortex XSIAM to achieve near-real-time detection and response.
read more →

Palo Alto on Anthropic’s Mythos and AI-Driven Security

🔒 Palo Alto Networks is participating in Anthropic’s Project Glasswing to test the Claude Mythos model for vulnerability discovery. EMEA CEO Helmut Reisinger says Mythos has identified unprecedented zero-day flaws across multiple operating systems and browsers and can often generate working exploits. Palo Alto is integrating Protect AI, Chronosphere, CyberArk, and soon Koi into its modular platform to secure AI, identity, observability, and agentic endpoints. Reisinger highlighted BYOK, European AI Act compliance, and preparations for the post-quantum era.
read more →

Defending Enterprises as AI Finds Vulnerabilities Faster

🔒 Advances in AI are accelerating vulnerability discovery and compressing the window between disclosure and exploitation. Francis deSouza explains why organizations must rapidly harden code, lock down CI/CD and build systems, and automate remediation to avoid being overwhelmed by machine-speed attacks. The article advocates integrating defensive AI—agentic SecOps, continuous asset discovery, and Google Cloud Model Armor—while securing AI agents using frameworks like SAIF to prevent prompt injection and data leakage.
read more →

CrowdStrike Joins OpenAI TAC; Introduces GPT-5.4-Cyber

🔐 CrowdStrike has been selected for OpenAI's Trusted Access for Cyber (TAC) program and will integrate the frontier model GPT-5.4-Cyber into its platform. Its multi-model AgentWorks framework enables defenders to choose the best model for each task while applying enterprise-grade governance and real-world threat intelligence. Falcon sensors provide runtime visibility across endpoints, governing AI agents where they execute and helping organizations meet emerging regulatory requirements such as the EU AI Act.
read more →

Be My Eyes AI: Safety for Visually Impaired Users Online

🧑‍🦯 Be My Eyes and its Be My AI feature can help visually impaired users identify on-screen content and even flag phishing attempts, but they are not infallible. In tests, the AI identified fake login pages and suspicious emails, yet risks such as hallucinations and prompt-injection remain. Treat AI output as a first-pass check, avoid sharing confidential details with unknown volunteers, install trusted security software and use a password manager, and prefer apps that process sensitive documents locally when possible.
read more →

Incident Response for AI: New Challenges, Same Principles

🔍 AI changes the assumptions behind incident response: outputs are non-deterministic, harmful content can be produced at machine speed, and root causes often emerge from interactions among training data, fine-tuning, retrieval, and user context rather than a single code defect. The familiar principles of explicit ownership, containment before investigation, psychologically safe escalation, and clear communication still apply, but teams must expand taxonomies and severity frameworks to capture AI-specific harms. Closing gaps in observability, reconciling privacy defaults with forensic needs, and adopting staged remediation—stop the bleed, fan out and strengthen, and fix at the source—are critical, as is protecting responder wellbeing during prolonged incidents.
read more →

OpenAI Launches GPT-5.4-Cyber to Boost Cyber Defense

🔒 OpenAI has released GPT-5.4-Cyber, a variant of GPT-5.4 fine-tuned to assist cybersecurity tasks and defensive workflows. The company expanded its Trusted Access for Cyber (TAC) program with tiered verification so vetted defenders can access models with lowered refusal boundaries for legitimate security work. Access is currently limited to vetted vendors, organisations and researchers while OpenAI carefully studies benefits and risks. The release is positioned to embed advanced coding and agentic capabilities into secure development practices.
read more →