< ciso
brief />
Tag Banner

All news with #ai security tag

759 articles · page 13 of 38

AI Security as an Architectural Decision for Enterprises

🔒 Organizations must treat AI as part of their core architecture rather than a separate stack. Effective protection extends existing controls — identity, policy enforcement, observability, and data governance — across AI interfaces, private LLMs, and agentic systems. Security requires coordinated runtime enforcement at firewalls, API gateways, and SIEM with zero-trust principles. Fortinet positions converged platforms as the way to embed AI guardrails into the foundational operating model.
read more →

Five Trends Shaping AI-Powered Cybersecurity Resilience

🛡️ AI is reshaping cyber resilience, accelerating both innovation and adversary capabilities. Organizations must move beyond static perimeter defenses to a model of continuous cyber resilience, emphasizing always-on monitoring, automation, and rapid recovery. Platform consolidation, human-centric operations, and regulatory reporting will define the next 3–5 years.
read more →

How Cybercriminals Are Thinking About AI Use and Tools

🧠 A new paper, What hackers talk about when they talk about AI, analyzes more than 160 cybercrime forum conversations collected over seven months to show how offenders perceive and experiment with AI. The study finds growing curiosity about using both legitimate AI services and bespoke illicit models, alongside clear doubts about reliability, cost, and operational security. Authors use a diffusion-of-innovation framework to trace early-stage adoption and offer practical guidance for law enforcement and policymakers.
read more →

CISOs Confront Widening AI Visibility and Risk Gaps

🔍 CISOs are scrambling to close visibility gaps as organizations rapidly adopt AI, confronting risks such as prompt injection, data poisoning, shadow AI, and agentic behaviors. Security leaders report limited insight into where AI is used and how models behave, forcing them to reposition existing tools, adopt new monitoring solutions, and formalize governance. While traditional controls like DLP and SIEM can mitigate many issues, experts warn no single solution is fully mature, so leaders must balance guardrails, emerging observability tools, and business velocity.
read more →

Google Cloud Enables Default AI and Cloud Security

🔒 Google Cloud now enables essential AI and cloud security by default via an enhanced Security Command Center (SCC) Standard tier automatically turned on for eligible customers. The free Standard tier includes a unified AI protection dashboard with detection for unprotected Gemini inference, LLM and agent guardrail reporting, and four baseline AI posture controls. It also adds expanded misconfiguration checks, DSPM, Compliance Manager, agentless vulnerability scanning, and in-context findings in Cloud Hub, GCE, and GKE dashboards.
read more →

Cloudflare Actively Adjusts Post-Quantum Priorities

🔐 Cloudflare says it is “actively adjusting” its post-quantum cryptography priorities after Google moved its PQC migration deadline up to 2029, citing algorithmic advances. The company reports that more than half of its traffic is already protected against harvest-now/decrypt-later using ML-KEM (a PQC standard ratified in 2024), and plans to deploy post-quantum certificates in 2027 to guard against active attacks. Bas Westerbaan noted Google demonstrated a breakthrough with a zero-knowledge proof while withholding key details.
read more →

Hidden Security Risks of Shadow AI in Enterprises 2026

🔒 As AI tools spread inside organizations without formal approval, employees increasingly use generative platforms and third‑party models that operate outside IT visibility. That creates uncontrolled data exposure, expanded attack surfaces, and identity risks when sensitive information or credentials are shared. Organizations should adopt clear AI usage policies, approved secure alternatives, enhanced monitoring, and targeted employee training to enable safe, productive AI usage.
read more →

Botnet DDoS Escalation: AI, IoT, and Multiterabit Threats

📈 NETSCOUT’s ATLAS platform recorded more than 8 million DDoS attacks across 203 countries during the second half of 2025, revealing a decisive shift toward multiterabit capacity and AI-enabled operations. IoT-based botnets such as Aisuru and TurboMirai variants produced demonstration floods up to 30Tbps and 4Gpps, while dark-web LLMs and conversational interfaces lowered the barrier for complex, multivector campaigns. Persistent pressure on DNS root servers and NTP services highlighted the importance of globally distributed, intelligence-driven defenses.
read more →

Amazon WorkSpaces Advisor: AI Troubleshooting for VDI

🔍 Amazon WorkSpaces Advisor is an AI-powered troubleshooting assistant for Amazon WorkSpaces Personal. It analyzes WorkSpace configurations, identifies problems, and provides actionable recommendations to restore service and optimize performance. Administrators can use its generative AI insights to streamline investigations, reduce downtime, and proactively maintain virtual desktop infrastructure. The feature is now available in all AWS commercial regions via the WorkSpaces console.
read more →

GKE Cloud Storage FUSE Profiles for AI/ML Workload I/O

⚡ GKE’s Cloud Storage FUSE Profiles automate performance tuning for AI/ML workloads by providing pre-defined, dynamically managed StorageClasses optimized for training, serving, and checkpointing. Instead of manually adjusting many mount and CSI options, users select a profile and GKE scans the bucket and node resources to calculate cache sizes and backing media. The CSI driver mounts the volume with those calculated options and dynamically adjusts cache behavior using real-time signals to maximize throughput while protecting node stability.
read more →

Building AI Defenses at Scale Before Threats Emerge

🛡️ At AWS, decades of scaled security operations combine with new AI collaborations to proactively harden critical systems. Through Project Glasswing and Anthropic’s Claude Mythos Preview, AWS runs continuous AI-driven code reviews and provides gated research previews via Amazon Bedrock. Complementary offerings include AWS Security Agent for autonomous penetration testing and Bedrock guardrails and Automated Reasoning to enforce enterprise controls and reduce risk.
read more →

Anthropic's Claude Mythos Preview Now on Vertex AI

🔒 Anthropic’s newest and most capable model, Claude Mythos Preview, is available in Private Preview to a select group of Google Cloud customers through Project Glasswing. Its placement on Vertex AI provides enterprises access to a frontier model integrated with Google Cloud’s tools to build, scale, and govern AI applications and agents. The announcement emphasizes high performance across use cases and a renewed focus on reducing cybersecurity risk in enterprise deployments.
read more →

Cybersecurity in the Age of Instant Software — AI Risks

🔐 AI is rapidly changing how software is produced, introducing a new class of instant software that is written, deployed, and discarded on demand. This shift alters vulnerability dynamics because AIs can both discover and craft exploits as well as generate patches, empowering attackers and defenders simultaneously. The balance of power will hinge on how quickly AIs learn to write secure code, reliably produce updates, and coordinate defensive sharing.
read more →

Amazon Bedrock Introduces Claude Mythos Preview for SecOps

🔒 Amazon Bedrock now offers Claude Mythos Preview in a gated research preview as part of Project Glasswing. Anthropic's most advanced model to date demonstrates state-of-the-art capabilities across cybersecurity, software coding, and complex reasoning, identifying sophisticated vulnerabilities and showing exploitability in large codebases with less manual guidance. Access is limited to an allow-list in US East (N. Virginia) through Bedrock; AWS account teams will contact approved organizations.
read more →

GrafanaGhost vulnerability enables silent data exfiltration

🔒 Researchers at Noma's Threat Research Team have disclosed a critical vulnerability, GrafanaGhost, that enables attackers to silently extract sensitive enterprise data from Grafana environments. The exploit chains application and AI weaknesses — including flawed URL validation and indirect prompt injection — to transfer data to attacker servers without credentials or user interaction. Built-in guardrails can be bypassed with simple prompt tricks and protocol-relative URLs, allowing automatic background exfiltration that leaves little trace.
read more →

Telehealth Risks in 2026: Medical Data and AI Scams

🔒 Telehealth offers fast, convenient access to care but creates persistent medical records that are highly valuable to criminals. Stolen health data — from diagnoses and prescriptions to insurance IDs and test results — often fetches far more than payment or social-login credentials and enables extortion, fraud, and identity theft. The rise of AI-driven fake clinics and diagnostic tools makes realistic phishing and data-harvesting sites easier to create. Protect yourself by using a dedicated medical email, avoiding social sign-in, enabling 2FA, using clinic-provided encrypted portals, and keeping health devices patched.
read more →

Zero‑click Grafana AI flaw enables enterprise data leaks

🛡️ Researchers disclosed a critical issue in Grafana, dubbed GrafanaGhost, that enables zero‑click exfiltration of sensitive telemetry and business data via AI‑powered dashboards. Noma Security reported the chained exploit, which combines indirect prompt injection and a URL validation bypass; Grafana validated the report and released a patch. The attack abuses protocol‑relative URLs and model keywords to trick AI into sending data to attacker servers. Organizations should patch, restrict img‑src, and enforce egress controls.
read more →

Webinar: Closing Identity Gaps Amid AI-Driven Risk

🔒 The Hacker News is hosting a webinar that examines why identity programs can advance while enterprise risk rises. New Ponemon Institute research finds hundreds of applications remain disconnected from centralized identity, creating an unmanaged dark matter attack surface that AI agents now exploit. Join experts Mike Fitzpatrick and Matt Chiodi for tactical guidance to measure, prioritize, and close identity gaps.
read more →

FBI: Over $17.7bn Lost to Cyber Fraud in US During 2025

🛡️ The FBI's 2025 Internet Crime Report shows US victims lost more than $17.7 billion to internet-enabled fraud, with the Internet Crime Complaint Center (IC3) receiving over one million complaints in 2025. Cryptocurrency investment scams were the single largest source of financial loss at $7.2 billion, followed by Business Email Compromise and fake tech support schemes. The report also highlights nearly $893 million lost to AI-enabled fraud and 22,364 AI-related complaints, warning that synthetic content and deepfakes are increasingly abused to perpetrate scams.
read more →

Breakout Time Shrinks: Prevention-First Cybersecurity

🔒 Attackers are compressing the time from initial access to lateral movement by using AI, automation and refined TTPs, forcing defenders to adopt prevention-first strategies. The article highlights that average breakout time is about 30 minutes and that exfiltration can sometimes occur in minutes, with extreme cases measured in under ten minutes. It recommends AI-powered XDR/MDR, unified visibility across endpoint, network and cloud, and stronger identity-centric controls to speed detection and response. Automated containment—session termination, host isolation and password reset—should be orchestrated with SIEM and SOAR to reduce dwell time.
read more →