< ciso
brief />
Tag Banner

All news with #ai security tag

759 articles · page 19 of 38

How Attackers Use Generative AI to Exploit Systems

🔐 Cybercriminals increasingly employ generative AI to automate and scale established attack techniques, from highly convincing phishing and deepfakes to AI-assisted malware creation and accelerated vulnerability exploitation. Adversaries are building custom LLMs, hijacking cloud LLM resources, and orchestrating multi-agent campaigns that speed reconnaissance and weaponization. Organizations should adopt layered defenses, monitor API and AI usage, tighten identity and access, and leverage AI-based detection to mitigate these evolving threats.
read more →

Arkanix Stealer: Short-Lived AI-Assisted Info Stealer

🔍 Kaspersky researchers analyzed a short-lived information stealer called Arkanix, promoted on dark web forums in late 2025 and likely developed with LLM assistance. The project included a control panel, a Discord community, and two tiers: a Python-based basic build and a VMProtect-wrapped C++ premium variant with enhanced AV evasion and wallet injection. Arkanix features modular data theft from browsers, wallets, Telegram and Discord, plus optional post-exploitation modules; the author removed infrastructure within two months, complicating detection and tracking.
read more →

AI-Assisted Actor Uses Generative AI to Compromise FortiGate

🔐 A Russian-speaking, financially motivated actor used commercial generative AI to scale scans and credential guessing against exposed FortiGate management ports, compromising over 600 devices across 55 countries. Amazon Threat Intelligence observed the activity between January 11 and February 18, 2026, noting no FortiGate zero-day exploits were used — the campaign relied on internet-exposed interfaces and weak single-factor credentials. Post-compromise activity included Active Directory theft, credential harvesting, NTLM relay and attempts to target Veeam backup servers, consistent with ransomware preparation.
read more →

AI-Augmented Actor Compromises FortiGate Devices at Scale

🔐 Amazon Threat Intelligence observed a Russian-speaking, financially motivated actor using commercial generative AI to compromise over 600 FortiGate devices across 55+ countries from 2026-01-11 to 2026-02-18. The campaign did not exploit FortiGate vulnerabilities; it abused exposed management ports and weak single-factor credentials. The actor used AI-generated plans, scripts, and developer assistance to scale credential-based access and automate post-exploitation tasks.
read more →

Running OpenClaw Safely: Identity, Isolation, Runtime

🔒 Self-hosted agent runtimes such as OpenClaw shift the execution boundary by ingesting untrusted text, downloading third‑party skills, and acting with the host's credentials. This combination makes the runtime effectively untrusted code execution with persistent tokens and elevated access, unsuitable for standard workstations. Microsoft recommends evaluating OpenClaw only in isolated VMs or dedicated devices, using dedicated non‑privileged credentials, continuous monitoring, and a fast rebuild plan. Prioritize containment, least privilege, and monitoring with solutions like Microsoft Defender XDR.
read more →

How AI Collapses the Cybersecurity Response Window

⚠️ AI now compresses reconnaissance, simulation, and prioritization into a single automated sequence, allowing adversaries to discover and validate attack paths in minutes rather than weeks. The article explains how AI-driven scanning, identity-hopping and context-aware social engineering convert low- and medium-severity findings into practical chains of exploitation. It also highlights new risks introduced by connecting agents to internal data and by poisoning model memory, and recommends shifting to Continuous Threat Exposure Management (CTEM) to focus remediation on the exposures that materially enable attacks.
read more →

GTIG AI Threat Tracker: Distillation and Integration

🔐 Google’s newest GTIG AI Threat Tracker outlines rising adversarial misuse of AI, documenting how threat actors are distilling models, experimenting with agentic capabilities, and integrating AI into malware and social engineering. The report highlights activity from groups including APT31, North Korean and Iranian actors, and malware families such as HONESTCUE. It underscores growing risks from model extraction, the emergence of illicit jailbreak services like Xanthorox, and recommends that AI providers monitor API access and adopt robust defenses.
read more →

AI Assistants Exploited as Covert C2 Relay Channels

🛡️ AI assistants with web-browsing features can be abused as covert command-and-control (C2) relays. Check Point Research found that platforms such as Grok and Microsoft Copilot can be prompted to fetch attacker-controlled URLs and return embedded instructions, effectively acting as a proxy without requiring an API key or account. Attackers can tunnel encoded data via URL parameters and receive commands in the assistant's summary, disguising malicious traffic as routine AI usage.
read more →

Over-Privileged AI Drives 4.5x Higher Incident Rates

🔐 Teleport's 2026 report finds 69% of US infrastructure security leaders say identity management must evolve to address mounting AI risks. Respondents reported tangible AI-related incidents — 35% confirmed and a further 24% suspected — even as AI improved investigation times, documentation quality and engineering output. The report identifies over-privileged AI and reliance on static credentials as primary risk drivers and recommends least-privilege access, reduced use of long-lived secrets, and reorganizing identity teams to include platform and engineering stakeholders.
read more →

Agentic AI Boom: A CISO's Worst-Case Security Risk

🛡️ Late 2025 marked a decisive shift from brittle RAG deployments to autonomous, goal-oriented agents across the enterprise. While architectures like self-RAG and CRAG improved reliability, they also expanded the attack surface to include every document, memory store and integrated tool. New threats — indirect prompt injection, memory poisoning and agentic DoS — can exfiltrate data or drain budgets, forcing defenders to secure the full perception-reason-action loop.
read more →

The Promptware Kill Chain: A Framework for AI Threats

🛡️ The authors present a seven-step “promptware kill chain” to reframe prompt injection as a multistage malware paradigm targeting modern LLM-based systems. They describe how Initial Access can be direct or indirect—via web pages, emails, shared documents, or multimodal inputs—and how LLMs’ lack of separation between data and executable instructions enables escalation. The paper catalogs stages from jailbreaking and reconnaissance to persistence, C2, lateral movement, and harmful Actions on Objective, urging defenses that assume initial compromise and break the chain at later steps.
read more →

AI Assistants as Covert Command-and-Control Channels

🤖 Check Point Research warns that AI assistants with web-browsing capabilities could be abused as covert command-and-control (C2) channels. As AI services are increasingly trusted and adopted, their traffic blends into normal enterprise activity, making malicious communications harder to detect. This abuse pattern could enable AI-driven malware that informs targeting and operational choices while evading traditional defenses.
read more →

Lithuania’s Mission for a Safe and Inclusive E‑Society

🔒 The Lithuanian government, coordinated by the Innovation Agency Lithuania, has launched a national initiative to strengthen e-security and digital resilience across public services and critical infrastructure. One of three strategic missions, Safe and Inclusive E-Society, led by Kaunas University of Technology (KTU), unites universities and cybersecurity firms under a €24.1 million program to develop and pilot AI-driven defenses, threat sensors, automated cyber threat intelligence, and disinformation detection. Researchers warn that Generative AI and LLMs are transforming fraud into highly realistic, scalable, multilingual social engineering attacks, requiring a shift from pattern-based defenses to adaptive, AI-enhanced protection and cross-sector collaboration.
read more →

CISO Julie Chatman on Leadership, Liability, and AI

🔐 Julie Chatman, a former Navy hospital corpsman and FBI cybersecurity leader, explains how security leaders can reclaim authority amid rising risks. She identifies persistent issues—getting buy-in and funding—and new pressures like AI-enabled adaptive attacks and growing personal liability for CISOs. Chatman recommends negotiating D&O or individual coverage, shifting formal risk ownership to business owners, and communicating in plain language to build partnerships. She also emphasizes mentoring, practical leadership, and evolving awareness training for AI threats.
read more →

Google Detects Large-Scale Attempt to Clone Gemini

🔒 Google detected and blocked a coordinated campaign of more than 100,000 prompts it says were designed to extract the proprietary reasoning capabilities of its Gemini model. The requests resembled model-extraction or distillation efforts intended to reproduce internal reasoning traces across multiple languages, and Google says it intervened in real time to reduce the immediate risk. The company cautioned that systematic extraction can amount to intellectual property theft and said it will pursue takedowns and legal remedies while trying to balance legitimate research and evaluation needs.
read more →

Democratization of AI and the Rising Data Poisoning Threat

⚠️ Recent research shows that as few as 250 fabricated documents or images can measurably alter large language model behavior, making data poisoning accessible to non-experts. Online communities and influencers are already seeding false content that may be ingested during public-model training or fine-tuning. Organizations should maintain a clean 'gold' model, monitor input streams for anomalous patterns, and perform regular adversarial testing to detect drift and backdoors before deployment.
read more →

Why Key Management Is the Weakest Link in Crypto Operations

🔐 Key management — the lifecycle discipline governing key generation, storage, rotation and destruction — has become the weakest operational link as organizations race toward post-quantum and AI-driven systems. While public debate centers on algorithms, real failures stem from long-lived keys, unclear ownership, manual rotation and untested recovery. AI pipelines and autonomous agents amplify these risks, so teams must adopt short-lived, purpose-bound keys, automated rotation and practiced cryptographic incident response.
read more →

Google: State-Backed Hackers Use Gemini for Recon Support

⚠️ Google’s Threat Intelligence Group (GTIG) says the North Korea-linked actor UNC2970 and other state-aligned groups abused Gemini for target profiling, reconnaissance, and campaign planning. GTIG found use cases ranging from synthesizing OSINT and crafting tailored phishing personas to automating vulnerability analysis and debugging exploit code. Researchers identified malware such as HONESTCUE, which queries Gemini’s API to generate C# stage-two loaders compiled in memory, and an AI-built phishing kit called COINBAIT. Google also reported and mitigated large-scale model extraction activity aimed at replicating Gemini’s behavior.
read more →

GTIG AI Threat Tracker: Distillation and Integration

🛡️ Google Threat Intelligence Group (GTIG) reports rising adversarial use of AI in Q4 2025, including widespread model extraction, AI-augmented reconnaissance, social engineering, and trials of agentic tooling. GTIG and Google DeepMind detected and mitigated numerous extraction attempts, protected internal reasoning traces, and disabled abusive assets in real time. The update describes AI-enabled proofs-of-concept (for example HONESTCUE and COINBAIT), abuses of shareable chat outputs, underground proxy toolkits, and published IOCs to support defenders.
read more →

When Security Becomes an Afterthought During AI Adoption

🔒 In the 100th episode of the Threat Vector podcast, Nikesh Arora warns that the biggest risk from AI is organizational: teams rush to deploy models and treat security as an afterthought. He describes leaders jerry-rigging controls while massive infrastructure and energy spend accelerates adoption. Arora urges building security in from day one with platform-level visibility and real-time detection rather than bolting it on later.
read more →