< ciso
brief />
Tag Banner

All news with #ai security tag

759 articles · page 15 of 38

RSA Conference 2026: Six Takeaways for Security Leaders

🔒 RSA Conference 2026 made clear that AI dominated every conversation, reframing priorities for CISOs and security teams. Sessions and hallway discussions emphasized securing the AI stack, managing rampant shadow AI usage, and governing machine or non-human identities. Speakers warned that AI accelerates both attacks and defensive response, while capital and workforce dynamics are shifting rapidly.
read more →

RSAC 2026: Securing AI and the Workforce of Tomorrow

🔐 At RSAC 2026, Google Cloud leaders outlined a three-stage AI adoption journey—automate tasks, redesign workflows, and rethink functions—and stressed the need for a bilingual workforce fluent in both domain and AI. They warned that AI expands the attack surface across models, agents, and data, urging multi-model, multicloud resilience and identity-centric defenses. Google highlighted the Secure AI Framework, partnerships to counter supply-chain threats like OpenClaw, and agentic SOC innovations, including the acquisition of Wiz and its AI-Application Protection Platform.
read more →

State of Secrets Sprawl 2026: AI-Driven Credential Risk

🔒 GitGuardian's State of Secrets Sprawl 2026 shows leaks accelerated in 2025, uncovering 29 million new hardcoded secrets — a 34% year-over-year increase and the largest single-year jump recorded. The report highlights three core trends: AI-driven credential exposures, unexpectedly widespread internal-repo and collaboration-tool leaks, and persistent remediation failures. It urges a shift from detection to continuous non-human identity governance, secrets vaulting, and automated rotation to reduce attacker access.
read more →

RSAC 2026 Wrap-Up: AI Agents and Security Trends Overview

🎥 RSAC 2026 concluded with AI agents taking center stage across sessions and discussions. ESET Chief Security Evangelist Tony Anscombe, on the ground for the conference, highlights that AI was discussed both as a strong defensive capability and, more urgently, as a growing risk many organizations have not yet fully addressed. Watch the video for concise, practical takeaways from the event, where ESET delivered a record six presentations.
read more →

AI Named Top Cybersecurity Priority as Threats Rise

🔒 A PwC report finds AI is now the top cybersecurity investment priority for defenders as criminals rapidly weaponize generative models. The firm's Annual Threat Dynamics 2026 study warns adversaries are using AI to accelerate malware development, automate reconnaissance and scale social engineering, including via dark‑web LLMs. PwC cites agentic tools like ReaperAI being repurposed in real campaigns, but also stresses that AI can empower defenders with faster detection, automated containment and intelligence‑led decision‑making when embedded into security strategies.
read more →

OpenAI unveils Safety Bug Bounty to limit AI abuse

🛡️ OpenAI has launched a new Safety Bug Bounty, hosted on Bugcrowd, to solicit researcher reports of AI abuse and safety risks across its products. Announced March 26, it complements the existing Security Bug Bounty and targets issues like agentic risks (MCP abuse, prompt injection, data exfiltration), account integrity violations, and proprietary-information exposures. OpenAI clarified scope limits, excludes low-impact jailbreaks, runs private campaigns for certain harms, and will triage submissions between safety and security programs.
read more →

Masters of Imitation: How AI Fuels Network Fakery Now

🔍 Modern attackers use AI to imitate trusted users, tools, and services, making many incidents malware-free and harder to detect. The article compares these tactics to art forger Elmyr de Hory and outlines threats such as agentic AI, supply-chain impostors, cloaked tunnels, rogue infrastructure, and sophisticated phishing. Network Detection and Response (NDR), including Corelight’s Open NDR Platform, is highlighted as essential for spotting behavioral anomalies, protocol inconsistencies, and contextual metadata to expose impostors early.
read more →

AI Is Breaking Security Models — Where They Fail First

🤖 AI-assisted triage is changing vulnerability workflows and forcing organizations to redesign ownership and decision-making. By enriching findings with exploitability indicators, ownership metadata and business-impact signals, AI platforms accelerate detection and reduce manual triage. Security teams must shift from routine investigation to governing models, defining owners, and maintaining human checkpoints for high‑risk actions. Treat AI-driven features as first-class risk surfaces and assign clear owners for model behavior, prompt safety and misuse prevention.
read more →

NCSC Urges Safeguards for AI 'Vibe Coding' Adoption

🔐 The UK NCSC's chief executive Richard Horne told the RSA Conference (March 24) to 'seize the disruptive vibe coding opportunity' while urgently developing safeguards. He warned AI-assisted development can either reduce systemic vulnerability or propagate new flaws depending on model design and controls. NCSC CTO David C published Secure Vibe Coding Commandments advocating secure-by-default models, provable provenance, AI-powered audits, deterministic guardrails and sandboxed hosting.
read more →

Dynamic Workers: Cloudflare's Fast JavaScript Sandboxes

🚀 Cloudflare's Dynamic Worker Loader API enables Workers to instantiate isolated JavaScript sandboxes at runtime, letting LLM-generated code run securely and on-demand. Using lightweight V8 isolates rather than containers, Dynamic Workers start in milliseconds, are far more memory efficient, and scale across Cloudflare's edge. The feature supports TypeScript RPC interfaces, credential injection for outbound HTTP, and helper libraries for bundling, virtual filesystems, and Code Mode integration.
read more →

Programmatic Physical Security for AI-Scale Data Centers

🔒 AI-driven demand is reshaping data center security and requires a programmatic, repeatable approach to scale without sacrificing quality. Providers must turn projects into standardized programs, reuse templates and BIM/digital-twin assets, and automate design and QA to sustain precision at hyperscale. Strategic partners should engage early, operate as collaborative owners, and help translate evolving regulatory, identity/access, drone and device risks into repeatable controls.
read more →

GKE and OSS Innovation Highlights at KubeCon EU 2026 Updates

🚀 Google Cloud previews GKE and open-source innovations at KubeCon Europe 2026, focusing on making Kubernetes the best platform for AI and agentic workloads. Autopilot compute classes can now be enabled per workload on Standard clusters, and GKE Cluster Autoscaler will be open-sourced to advance vendor-neutral provisioning. GKE is certified for the CNCF Kubernetes AI Conformance program, and projects like llm-d, DRA drivers for TPUs, and DRANET aim to standardize inference and resource management. Features such as the Model Context Protocol, Kubernetes Agent Sandbox, and GKE Pod Snapshots target secure, fast startup and manageability for agents.
read more →

Microsoft Open Source and AKS at KubeCon Europe 2026

🚀 At KubeCon + CloudNativeCon Europe 2026, Microsoft outlined coordinated open-source and AKS enhancements designed to bring AI workloads to Kubernetes with enterprise-grade operational patterns. Upstream work includes DRA reaching GA, Workload Aware Scheduling for Kubernetes 1.36, DRANet Azure RDMA compatibility, and new projects such as AI Runway, HolmesGPT (CNCF Sandbox), and Dalec. AKS platform updates add identity-aware networking with Azure Kubernetes Application Network, meshless Istio routing, WireGuard and Cilium-based encryption, built-in GPU telemetry into managed Prometheus/Grafana, per-flow L3/L4 and L7 observability, a managed Cilium cluster mesh via Fleet Manager, Elastic SAN shared storage, AKS Desktop GA, and safer upgrades with blue-green agent pool upgrades and agent pool rollback.
read more →

Why CISOs Should Embrace AI-Powered Honeypots Today

🛡️ AI-driven honeypots pair large language models with deception servers to create dynamic, realistic environments that keep attackers engaged longer and collect richer threat intelligence. Academic research by Dr. M. Abdullah Canbaz and others showed LLMs can parse traffic and handle complex Linux commands, prompting open-source and commercial efforts such as Beelzebub and Deutsche Telekom’s T-Pot. These systems significantly lower the cost and engineering effort of high-interaction deception while enabling deployment in novel locations like APIs and AI agents. However, defenders must balance benefits with risks—attackers are using AI to automate attacks and may develop countermeasures such as deception-detection services or data poisoning—so CISOs should view AI honeypots as a complement to existing sensors and an important tool for improved visibility and hunting.
read more →

Palo Alto Updates Prisma AIRS and Browser for AI Agents

🔒 Palo Alto Networks updated Prisma AIRS and its Prisma Browser to discover and map AI agents, models and connections across cloud, SaaS and endpoints, scan agent artifacts for vulnerabilities, and simulate agent-targeted attacks. Prisma AIRS 3.0 — contingent on the planned acquisition of Koi Security — will add an AI Agent Gateway to enforce agent runtime and identity security. Prisma Browser now detects user-generated AI activity, enforces content-aware boundaries, prevents sensitive data from leaking to unmanaged LLMs, and blocks prompt-injection attacks. Separately, following its CyberArk deal, Palo Alto introduced Next Generation Trust Security (NGTS) to automate certificate discovery and lifecycle management.
read more →

Prisma SASE: Enabling Secure Agentic AI Workspaces

🔒 Palo Alto Networks announces the next evolution of Prisma SASE, engineered to secure the emerging era of agentic AI by treating autonomous agents as first-class identities. The platform reimagines Prisma Browser as a secure AI workspace, extending AI-powered data protection across endpoints, network, SaaS and GenAI apps while detecting prompt injection and agent hijacking. It also adds autonomous operations and resilient deployment options, including SASE Private Location and hyperscaler integration, to ensure always-on performance for machine-speed workflows.
read more →

Varonis Atlas: End-to-End AI Security for Enterprises

🔒 Varonis today announced general availability of Varonis Atlas, an end-to-end AI security platform that discovers, assesses, tests, and enforces controls across AI systems and the data they access. The platform integrates AI inventory, AI-SPM, pentesting, runtime guardrails, monitoring, AIDR, and third-party risk into a single solution built on the Varonis Data Security Platform. Atlas emphasizes data-aware security, customer-owned telemetry, and compliance reporting to help enterprises govern AI at scale.
read more →

Blueprint for Securing AI Data Centers and Factories

🧠 This article presents a blueprint architecture for securing AI data centers and AI factories as enterprises shift from consuming AI to producing it. It explains how organizations can protect LLMs, data pipelines, and compute infrastructure against emerging, AI-specific threats by combining network segmentation, identity and access controls, data governance, and advanced threat prevention. Check Point emphasizes operational practices and industrial-grade security controls to enable secure, revenue-generating AI deployments.
read more →

Securing Enterprise AI: Check Point at RSAC 2024 Summit

🔒 At RSAC, Check Point outlined how enterprises can secure their AI transformation by protecting sensitive data, models, and communications from emerging attack vectors. The company emphasized integrated controls—data loss prevention, access governance, model protection and runtime threat detection—paired with unified visibility across cloud and on‑prem environments. Check Point shared practical steps for safe AI adoption, from discovery and policy enforcement to automated response, helping organizations reduce leakage and compliance risk while enabling productive AI use.
read more →

Eight Validated Attack Vectors Targeting AWS Bedrock

🔒 XM Cyber researchers identified eight validated attack vectors inside AWS Bedrock, showing that integrations and permissions — not the foundation models themselves — are the primary risk. The team highlights log manipulation, knowledge base compromise, agent hijacking, flow injection, guardrail degradation, and prompt poisoning as practical paths to data exfiltration and operational abuse. Their findings show how a single over-privileged identity can redirect logs, steal credentials, or subvert agents and prompts. Security teams should inventory AI workloads, enforce least privilege, and map cross-environment attack paths to reduce exposure.
read more →