< ciso
brief />
Tag Banner

All news with #ai security tag

759 articles · page 16 of 38

CrowdStrike Extends AI Security Across Endpoint, SaaS, Cloud

🔒 CrowdStrike announced a suite of innovations that expand AI detection and response across endpoints, SaaS, and cloud environments. New capabilities include runtime monitoring for desktop AI applications and Copilot Studio agents, unified discovery and classification of AI agents across SaaS, and data-flow visibility for cloud-hosted AI workloads. Several features are in pre-beta or early beta with staged GA rollouts planned over upcoming quarters.
read more →

Behavioral Analytics for Defending Against AI Attacks

🛡️ AI-enabled cyber attacks increasingly mimic legitimate users, rendering signature- and rule-based defenses insufficient. Modern identity security must adopt continuous, context-aware risk modeling that evaluates identity, device and session context in real time to detect subtle deviations. Organizations should extend monitoring across cloud, endpoints and privileged accounts, enforce Just-in-Time (JIT) access and consolidate behavioral analytics with session monitoring and granular controls to limit credential abuse and insider misuse.
read more →

Microsoft Announces Zero Trust for AI: New Tools and Guidance

🔒 Microsoft announced Zero Trust for AI, extending proven Zero Trust principles across the AI lifecycle and shipping new tools and guidance to help security teams deploy AI with confidence. The update adds an AI pillar to the Zero Trust Workshop, expands the Zero Trust Assessment to include Data and Networking, and introduces a Zero Trust for AI reference architecture. Microsoft also published practical patterns for threat modeling and AI observability to help teams verify agents, apply least privilege, and assume breach.
read more →

Agentic Era: How AI Is Reshaping the Cyber Threat Landscape

🤖 Between January and February 2026, AI-assisted malware development matured from experimentation into operational capabilities that materially change attack economics. What once required coordinated teams can now be executed by a single experienced developer using an AI-powered IDE, accelerating weaponization, iteration, and delivery of attacks. Enterprise productivity and development tools have become enlarged attack surfaces, while automation and agentic workflows enable faster, more evasive intrusion chains. Defenders must shift toward behavior-based detection, robust telemetry, and secure development and supply chain controls.
read more →

Analyzing Current Use of AI in Malware: Unit 42 Report

⚠️ Unit 42 examines real-world instances where malware calls external LLMs for decision making or cosmetic effect. The researchers present two representative cases: a trio of obfuscated .NET infostealers that call OpenAI GPT-3.5-Turbo but largely perform "AI theater" by logging model outputs without functional integration, and a Go dropper that queries GPT-4 to gate Sliver payload execution. The report highlights detection opportunities and recommends Advanced Threat Prevention, Advanced WildFire, and Cortex XDR/XSIAM to monitor telemetry and IOCs.
read more →

Five Priorities CISOs Must Address at RSAC 2026 Summit

🤖RSA Conference 2026 reframes AI from a single track to the event itself, with roughly 40% of sessions AI-weighted and artificial intelligence woven across identity, cloud, threat intelligence and human-focused tracks. CISOs face a dual mandate: accelerate AI adoption to remain competitive while protecting the enterprise from new attack surfaces such as RAG pipelines, vector databases, prompt injection and model inversion. Key priorities at RSAC include securing the AI stack, defining AI governance and compliance (including preparation for the EU AI Act), managing non‑human identities, mitigating shadow AI and AI-assisted coding risks, and preparing SOCs for autonomous remediation.
read more →

Custom AI Apps to Dominate Incident Response Workloads

🛡️ Gartner warns custom-built AI applications will increasingly strain security teams unless defenders are engaged early. It predicts that by 2028 at least half of enterprise incident response work will handle fallout from AI app security issues. Analysts urge teams to "shift left" to embed controls during development, and expect AI security platforms to be widely adopted within two years to enforce guardrails and mitigate prompt injection, data misuse and related threats.
read more →

CISOs Reevaluate Data Protection Amid Rapid AI Use

🔐 CISOs are updating data protection strategies as employees rapidly adopt AI tools that access and expose sensitive information. Leaders such as Scott Kopcha at Goodwin Procter and experts from SANS and Health-ISAC warn that traditional controls and many DLP tools are insufficient for the multiple ways AI can interact with data. Organizations are prioritizing data classification, identity and access management, continual monitoring, zero-trust, and ongoing vendor evaluations to close gaps and show due diligence.
read more →

Google and Industry Pledge $12.5M for Open Source Security

🔒Google and industry partners are committing $12.5 million through the Linux Foundation's Alpha-Omega Project and OpenSSF to strengthen open source security for the AI era. The funding targets maintainer support, moving beyond vulnerability discovery to accelerated deployment of fixes and equipping projects with advanced AI-driven tooling to triage and remediate AI-generated findings. Google highlights internal tools such as Big Sleep and CodeMender, and research like Sec-Gemini, as examples of AI that can autonomously find and fix deep vulnerabilities.
read more →

Font-rendering trick hides malicious commands from AIs

🔍 LayerX researchers demonstrated a font-rendering technique that can hide malicious commands from AI assistants by encoding the payload in HTML while visually rendering a different, benign string to users. The proof-of-concept combines custom fonts with glyph substitution and CSS concealment (tiny fonts, color/opacity tricks) so the DOM appears harmless while the browser displays an executable instruction. In tests across many popular assistants, automated analyzers that read the DOM missed the hidden commands; LayerX urges assistants to compare rendered output with DOM text and to treat fonts, color/opacity matches, and unusually small fonts as potential attack surfaces.
read more →

CISOs Struggle to Secure AI as Adoption Outpaces Defenses

🔒 The Pentera AI and Adversarial Testing Benchmark Report 2026, based on a survey of 300 US CISOs and senior security leaders, finds that most security teams lack the tools and skills to secure AI systems. 67% of respondents report limited visibility into AI usage, while half cite a lack of internal expertise. Organizations largely extend legacy security controls—75%—and only 11% use AI-specific tools.
read more →

AI Prompts Changes in Cyber Insurance Pricing and Coverage

🤖 Insurers are reshaping cyber policies as AI proliferates in business operations. Many carriers are tightening language, adding exclusions, and requiring evidence of active controls rather than relying on checkbox attestations. At the same time, firms that deploy AI-driven defenses and continuous monitoring can receive premium discounts. Brokers and policyholders must clarify AI usage and coverage before renewals to avoid gaps.
read more →

Perplexity's Comet AI Browser Tricked Into Phishing Scam

🔒 Researchers demonstrated that an AI-powered browser, Perplexity's Comet, can be manipulated into executing a phishing scam in under four minutes. By intercepting the agent's explanatory traffic and training a GAN on those signals, attackers iteratively optimized a malicious page until the agent reliably performed fraudulent steps. The exploit leverages intent collision and prompt-injection weaknesses, shifting the target from users to the AI agent itself.
read more →

Cloudflare AI Security for Apps Now Generally Available

🛡️ Cloudflare’s AI Security for Apps is now generally available, providing discovery, detection, and mitigation tailored for AI-powered web endpoints. The release introduces custom topics detection and enhanced prompt extraction to spot business-specific sensitive content across varied JSON payloads. Cloudflare is making AI endpoint discovery free for all plans and couples detections with the WAF rule engine so teams can block, log, or return custom responses at the edge. Integrations with IBM Cloud and Wiz extend procurement and unified posture visibility for customers.
read more →

ESET Threat Intelligence Emerges as Strategic Game-Changer

🔍 ESET positions its threat intelligence and telemetry as essential tools for organizations facing increasingly sophisticated cyber threats, including AI-enabled attacks and convincing deepfakes. ESET Telemetry reports a 12% decline in overall detections in India (Jan–Aug 2025), but ransomware surged 70% from H2 2024 to H1 2025 and phishing remains the most common vector. The vendor bundles endpoint, XDR, identity protection, MDR, and analyst-driven APT reporting to help CIOs and CISOs stay ahead.
read more →

CISO Role Evolves Rapidly with AI in Cyber Defense

🔐 AI is reshaping cyber defense strategies and executive responsibilities. Organizations face a dual-use threat where AI empowers attackers and defenders; security teams must combine human expertise with automated capabilities. Human + AI approaches, informed by threat intelligence and comprehensive asset mapping, are critical. Vendors like ESET emphasize global, 24/7 coverage and say CISOs must secure board-level buy-in, regulatory alignment, and a clear, cost-effective AI roadmap to improve detection, response, and remediation.
read more →

AWS at RSAC 2026: Unifying Security and Data for AI

🔒 Visit AWS at booth S-0466 in South Expo to experience interactive demos, partner integrations, and an AI-powered Humanoid Security Guardian that generates customized well-architected guides via QR code. AWS security specialists will present sessions on privacy-by-design, trusted identity for autonomous agents, container supply-chain protection, and preparing for AI-native incidents. Join hands-on workshops and CTF challenges in Cloud Village, March 23–26, and use a Partner Passport to collect booth stamps, earn swag, and enter daily raffles.
read more →

OpenAI Acquires Promptfoo to Boost Agentic AI Security

🔐OpenAI has acquired Promptfoo, a startup that provides open source tools to test and evaluate LLMs and AI agents. The deal aims to close a growing security gap in agentic AI by integrating automated testing, red‑teaming and traceability directly into OpenAI Frontier. Promptfoo's suite — used by over 25% of Fortune 500 firms — will remain open source. The move follows warnings from security advisors about 'human‑language malware' and complements OpenAI's recent security hires and tools.
read more →

Amazon Connect boosts AI predictive insights for CX

🤖 Amazon Connect has enhanced its AI-powered predictive insights to support up to 40 million product catalog items (an 8× increase), integrate recommendations into message templates for trigger-based campaigns, and improve model accuracy by up to 14%. These updates, built on the five recommendation algorithms from re:Invent 2025, reduce training and deployment time so businesses can deliver automated, personalized outreach faster. Public preview is available across multiple AWS regions and Amazon Connect Customer Profiles remains pay-as-you-go.
read more →

Amazon Connect Adds AI-Powered Manager Assistance (Preview)

🤖 Amazon Connect introduces a preview AI assistant that enables contact center managers to ask operational questions in natural language and receive answers in seconds. The assistant supports queries across 150+ Connect metrics with historical context, eliminating hours of manual data gathering. It can also diagnose issues—such as queues at risk of missing service levels—and recommend targeted recovery actions. Preview access is limited; customers must request access through their AWS account team.
read more →