All news with #ai security tag

🧠 Across dark web forums, Telegram channels, and underground marketplaces, criminals are framing AI as a shortcut to profit rather than a technical revolution. The rise of "vibe hacking" — an intuition-driven, AI-guided approach — and branded tools like FraudGPT, PhishGPT, and WormGPT lower the skill barrier and package familiar scams as turnkey services. AI jailbreaking, prompt-injection techniques, and "Hacking-GPT" offerings are openly bought and sold, amplifying volume over sophistication. Flare monitors those signals to give defenders earlier visibility.

🔒 Researchers propose a defensive data-poisoning tool called AURA to protect proprietary knowledge graphs that feed LLMs. The method injects plausible but false entries that authorized users can filter out with a secret key, while stolen graphs become unreliable for attackers. The authors report degrading unauthorized accuracy to 5.3% and preserving 100% fidelity for key-holders with under 14% max latency overhead.

🔍 This special report helps IT leaders align near-term planning with 2026 priorities by emphasizing greater agility, flexibility, and measurable business outcomes. It stresses the need to automate, streamline, and modernize IT operations to counter skills shortages and meet rising demand. Four feature pieces examine strategy beyond AI, the cost of cloud fragility, how AI agents reshape supply chains, and AI's implications for cybersecurity.

🔐 Generative AI is accelerating password attacks against Active Directory, making cracking cheaper, faster, and more targeted than traditional techniques. Models like PassGAN learn real-world password patterns and can predict employee passwords when trained on breach data or public company content. Combined with readily available GPU cloud rentals, attackers can test vastly more candidates and tailor guesses using org-specific reconnaissance. Vendors such as Specops recommend longer, random passphrases and breached-password screening to reduce exposure.

🔍 Microsoft pushed back after security engineer John Russell disclosed multiple prompt injection and sandbox-related issues in Copilot, which the company says do not meet its vulnerability criteria. Russell reported indirect and direct prompt injection that could leak the system prompt, a file-upload bypass via base64-encoding, and the execution of commands inside Copilot's isolated Linux environment. Microsoft told BleepingComputer it reviewed the reports against its public bug bar and assessed them as out of scope when they did not cross clear security boundaries or impacted only the requesting user's environment. The exchange highlights differing definitions of AI risk between vendors and researchers.

🔒 Palo Alto Networks announced that Prisma AIRS, accelerated on the NVIDIA BlueField DPU, is now part of the NVIDIA Enterprise AI Factory validated design. The integration embeds zero trust runtime security into AI infrastructure by running Prisma AIRS Network Intercept on BlueField and extending enforcement to cloud environments. It leverages NVIDIA DOCA and DOCA Argus telemetry to feed Cortex XSIAM and Cortex XSOAR for AI-driven detection and response, and recommends hyperscale firewall clusters for defense-in-depth and improved TCO.

🔒 Check Point and NVIDIA announced an integrated security capability to protect AI "factories" across the entire AI lifecycle, from data ingestion and model training to deployment and inference. The effort targets growing risks such as prompt manipulation and attacks on GenAI infrastructure, which Gartner and other industry surveys identify as rising threats. The collaboration focuses on unified visibility, real-time detection, runtime protection, and centralized policy enforcement to reduce operational risk and help organizations meet compliance and governance requirements.

👁 Flock’s exposed livestreams show that its AI-enabled Condor pan-tilt-zoom (PTZ) cameras can automatically zoom in on and track people in public spaces. Reporters observed high-resolution footage capturing individuals on bike paths, in parking lots, at playgrounds, and at stoplights, with cameras following faces and recording close-up detail. These exposures underscore privacy and security risks from networked AI surveillance and inadequate access controls.

🔒 2025 saw a convergence of large-scale breaches, state-aligned intrusions, and rapidly maturing AI-enabled attacks that reshaped the threat landscape. High-profile incidents included the ByBit $1.5B Ethereum heist, Clop exploitation of Oracle zero-days, and mass data-theft campaigns targeting Salesforce and adult platforms. Attackers amplified impact with terabit-scale DDoS, developer supply-chain abuse, and social-engineering techniques such as ClickFix and help-desk compromises. Organizations raced to patch zero-days, lock down developer pipelines, and defend against AI-powered malware and novel prompt-injection vectors.

🔒 Many SOC teams are experimenting with AI but fail to operationalize it, treating models as shortcuts for broken processes rather than engineering solutions. Christopher Crowley summarizes 2025 SANS SOC findings and identifies five practical SOC workflows—detection engineering, threat hunting, software development, automation, and reporting—where narrowly scoped, testable AI can add reliable value. He stresses rigorous validation, human accountability, and ongoing tuning to avoid overreliance on out-of-the-box models.

🛡️ Cybersecurity frameworks require ongoing reassessment; this article highlights seven warning signs that your program may need substantial revision. Industry experts recommend adopting a dynamic detection-and-response model, integrating AI, and aligning frameworks to NIST while avoiding purely compliance-driven designs. Common problems include failing continuous monitoring, reactive alert triage, declining KRIs/KPIs, and recent incidents. Practical advice: schedule structured reviews, add interim check-ins, and rebuild when incremental fixes no longer suffice.

🛡️ OWASP published the Agentic Applications Top 10 for 2026 to classify risks unique to autonomous AI agents. Koi Security summarizes multiple real incidents from the past year — malicious MCP servers, poisoned assistants, and RCEs in Claude Desktop extensions — that show how autonomy expands attack surfaces. The report stresses inventorying runtime dependencies, enforcing least privilege, and monitoring agent behavior to detect and contain attacks.

🔒 Check Point announced multiple 2025 recognitions from leading analyst firms and independent research labs, underscoring its focus on securing AI-driven environments and distributed networks. The company emphasized a prevention-first philosophy that unifies security management and strengthens Zero Trust frameworks. These honors reflect validation of its strategy to enable safe enterprise AI adoption amid growing cyber threats.

🔒 2025 exposed major, real-world risks across the AI ecosystem as rapid adoption of agentic AI expanded enterprise attack surfaces. Researchers documented pervasive Shadow AI and vulnerable vendor tools, AI supply-chain poisoning, credential theft (LLMjacking), prompt-injection attacks, and rogue or misconfigured MCP servers. These incidents affected popular frameworks and cloud services and resulted in data breaches, remote-code execution, and costly fraud.

🔒 Traditional security frameworks like NIST CSF, ISO 27001, and CIS Controls were designed for legacy IT assets and do not map cleanly to AI-specific risks. Recent incidents — including the December 2024 Ultralytics compromise, ChatGPT memory-extraction flaws across 2024, and August 2025 malicious Nx packages — show organizations can meet compliance yet remain exposed. The article argues security teams must adopt AI-tailored controls such as prompt validation, model integrity verification, semantic DLP, and AI-focused red teaming.

🔒 NIST is investing $20m to fund two new AI security research centers run by nonprofit MITRE: the AI Economic Security Center for US Manufacturing Productivity and the AI Economic Security Center to Secure US Critical Infrastructure from Cyber Threats. The centers will develop technology evaluations and advancements to protect US AI leadership, counter adversarial AI uses, and reduce risks from insecure systems. NIST says the effort will drive applied science breakthroughs and support commercialization of new technologies.

🤖 Trend Micro's Rachel Jin warns that the rapid evolution of AI is outpacing static security controls and forcing defenders to embrace automation and context-aware defenses. She notes LLMs update frequently and attackers leverage that pace to craft tailored phishing, automate tasks and scale operations. Jin stresses that visibility into AI usage, agents and infrastructure is essential and recommends an AI security blueprint to map risk, consolidate tooling and prioritize scarce budgets.

🤖 The editorial teams of Computerwoche, CIO and CSO reflect on a turbulent 2025 shaped by the rapid rise of AI, economic uncertainty and geopolitical friction. They call out major flops such as widespread AI‑justified layoffs (Surfshark estimates 200,000+ jobs lost) and the growing use of AI by cybercriminals, while noting positive trends: pragmatic CIOs focusing on data quality, innovative change management like Mobilezone, and sizable sovereignty investments such as Schwarz IT.

🔒 Kaspersky outlines eight practical cybersecurity resolutions to take into 2026 after a transformative 2025 marked by sweeping internet laws and widespread AI adoption. The guidance covers legal awareness, safer access methods, and mitigation against document-leak risks. It also warns about new scam tactics, urges cautious AI use, subscription audits, longevity practices for devices, and strengthened smart‑home security.

🔐 CISOs are rethinking how they spend reclaimed time, prioritizing innovation and transformation over constant firefighting. Leaders want to eliminate tactical debt—closing out lingering POAMs, patching unpatched systems and remediating misconfigurations—to free resources for strategic foresight. They plan to break down silos between AppSec, CloudSec and GRC with automation and AI, creating a unified view of risk and on-demand compliance evidence. Above all, CISOs aim to make security a human-led business enabler that empowers teams, reduces burnout and embeds privacy-by-design into engineering.