< ciso
brief />
Tag Banner

All news with #ai security tag

759 articles · page 22 of 38

AWS Network Firewall Adds Web Category-Based Filtering

🔍 AWS Network Firewall now provides web category–based filtering and visibility into generative AI (GenAI) application traffic. Administrators can reference pre-defined URL categories—such as GenAI services, social media, and streaming—to allow, block, or log traffic via stateful rule groups. When combined with TLS inspection, the service can inspect full URL paths for granular control. The feature is available across AWS commercial regions.
read more →

Gartner: Half of Organizations to Adopt Zero-Trust Data

🔒 Gartner warns that the surge of AI-generated data threatens the reliability of large language models and predicts that 50% of organizations will adopt a zero-trust stance for data governance by 2028. A 2026 survey found 84% of CIOs expect increased generative AI funding, accelerating AI-produced outputs and raising the risk of model crash. Gartner advises authentication, verification, and proactive metadata tagging to identify AI-generated data and meet evolving regulatory demands.
read more →

Top Agentic AI Risks 2026: Governance and Defenses

⚠️ Agentic AI systems introduce acute governance and security challenges because autonomous agents can plan, execute tools, and process sensitive data without human oversight. The OWASP Foundation's Top 10 catalog identifies threats such as goal hijack, tool misuse, privilege abuse, supply chain compromise, RCE, memory poisoning, insecure inter-agent communication, cascading failures, human-trust exploitation, and rogue agents, each with examples and mitigations. Kaspersky condenses those findings and emphasizes a layered, near-Zero Trust defense: least autonomy and privilege, short-lived credentials, human-in-the-loop for critical actions, execution isolation, intent gates, continuous logging, behavioral monitoring, supply chain controls, and targeted training.
read more →

Combined NDR and EDR Strategy Against AI-Based Attacks

🛡️AI-driven attacks are rapidly evolving, with adversaries using LLMs to conceal code and generate malicious scripts that can shape-shift to evade traditional defenses. Recent disclosures, including Google's threat intelligence and Anthropic's November 2025 report of an AI-orchestrated espionage campaign, highlight automation across intrusion lifecycles. The piece emphasizes that pairing NDR and EDR enables correlation of network anomalies and endpoint telemetry, and cites Corelight's Open NDR Platform as an example of layered, behavioral detection to surface threats that slip past EDR alone.
read more →

Konni Uses AI-Generated PowerShell Backdoor on Devs

⚠️ Konni, a North Korea–linked threat actor, has deployed an AI-assisted PowerShell backdoor against blockchain developers in Japan, Australia, and India. The campaign uses spear-phishing ZIP archives hosted on WordPress and Discord CDN that drop LNK files which launch an AutoIt loader and extract a modular PowerShell implant. Check Point observed AI-style code structure and comments in the backdoor while attackers leverage UAC bypass, Defender exclusions, scheduled tasks, and a C2 encryption gate to maintain stealth and persistence.
read more →

AI-Generated Honeypot Reveals Risks of Overtrusting

🧰 Intruder used AI to draft a honeypot for its Rapid Response service and deployed it as intentionally vulnerable infrastructure. Weeks later logs revealed attacker payloads where IP addresses should be, exposing that the AI trusted client-supplied IP headers. Static tools like Semgrep and Gosec did not flag the issue; the flaw required contextual human judgement. The incident underscores risks of over-relying on AI-generated code and the need to adapt code review and CI/CD practices.
read more →

AI Models Now Automate Finding and Exploiting Vulnerabilities

🔍 Anthropic reports that recent Claude models, notably Sonnet 4.5, can now carry out multistage network attacks using only standard open-source tools instead of bespoke cyber toolkits. In high-fidelity simulations, Sonnet 4.5 recognized a public CVE and exploited a Kali Linux host via a plain Bash shell to exfiltrate simulated personal data. Bruce Schneier highlights these findings as a major change, stressing the urgency of timely patching and basic security hygiene.
read more →

Microsoft Security Success Stories: Integrated AI Foundation

🔒 Three global organizations—Ford, Icertis, and TriNet—illustrate how embedding security into every layer of the stack enables safer AI adoption and operational agility. Each moved from fragmented point solutions to a unified, Zero Trust platform built on Microsoft Security technologies such as Defender, Sentinel, Purview, Entra, and Security Copilot, using AI-powered telemetry and automation to accelerate detection and response. The result: fewer incidents, faster triage, improved compliance, and measurable cost savings that position them to scale AI responsibly.
read more →

Why AI Keeps Falling for Prompt Injection: Context Limits

🤖 The essay examines why large language models remain vulnerable to prompt injection attacks and why incremental vendor fixes are insufficient. It explains that LLMs collapse layered human context into token similarity, lack social learning and interruption reflexes, and are trained to answer rather than defer. The authors warn that agents with tool access amplify these risks and argue for fundamental advances—such as task-specific constraints, real-world grounding, or new architectures—rather than patchwork defenses.
read more →

VoidLink: Malware Largely Created by AI in Record Time

⚠️ Check Point Research says VoidLink, a modular Linux malware framework, appears to have been planned, structured, and largely written by AI rather than solely by human developers. Analysts found programmatically generated sprint-style plans, detailed technical specifications, and repetitive code patterns consistent with automated generation. The project reportedly grew to tens of thousands of lines of code in under a week, compressing months of work into days. That speed and planning raise concerns that AI can significantly lower the barrier to producing sophisticated, cloud- and container-focused threats.
read more →

UK Executives Warn They May Not Survive Cyber Attacks

🔒 Vodafone Business polled 1,000 senior UK leaders and found 89% are more alert to cyber threats after high-profile breaches, yet 10% said their organisations would likely not survive a similar incident. The survey highlights poor preparedness — only 45% confirmed basic cyber-awareness training and staff commonly reuse passwords across personal accounts. Leaders also warned that AI-enabled deepfakes complicate detection and response. Policymakers and telcos have introduced a second Fraud Sector Charter to harden networks, verify SMS sender IDs, enable traceback for suspicious calls and improve threat sharing and victim support.
read more →

73% of CISOs Now Prefer AI-Enabled Security Solutions

🛡️Foundry’s Security Priorities Study finds 73% of security decision-makers are now more likely to consider a security solution that uses artificial intelligence, up from 59% a year earlier. CISOs plan to deploy AI for malware and threat detection, anomaly detection, real-time risk prediction, IAM, DLP, automation of responses, and improved visibility. Respondents cited faster detection of unknown threats, accelerated response times, and lower analyst workload. Experts caution against vendor hype, data-quality issues, hallucinations, and governance gaps, and recommend building AI-ready security data platforms.
read more →

Android Click-Fraud Malware Uses AI to Tap Hidden Ads

🤖 Researchers at Doctor Web discovered an Android click‑fraud trojan family that leverages TensorFlow.js to visually detect and interact with advertisement elements inside a hidden WebView. In a 'phantom' mode the malware renders a virtual screen, captures screenshots, and feeds them to an ML model to identify and tap the correct UI element, avoiding DOM-based click routines. A separate 'signalling' mode streams the virtual browser to attackers via WebRTC, permitting real-time tapping, scrolling, and text entry. Infected apps were distributed through Xiaomi's GetApps, third‑party APK sites, and messaging channels.
read more →

A New Era of AI Agents: Posture and Risk Management

🛡️ Microsoft outlines why the rise of autonomous AI agents requires a new security posture. Microsoft Defender delivers AI Security Posture Management across multi-cloud environments to provide visibility, risk prioritization, and tailored remediation for agent-specific threats such as data-connected exposures, indirect prompt injection (XPIA), and compromised coordinator agents. The guidance emphasizes hardening, attack path analysis, and human-in-the-loop controls to reduce blast radius.
read more →

VoidLink: AI-Generated Linux Malware Targets Cloud Servers

🧠 Check Point researchers say VoidLink, a modular Linux malware family targeting cloud servers, appears to have been largely generated and orchestrated by AI. The toolkit contains over 30 plugins for persistence, stealth and remote control. An exposed development plan and timestamps suggest a single operator used AI agents to plan sprints, generate design documents, probe guardrails and iteratively produce working code within weeks.
read more →

Webinar: How MSSPs Use AI to Double Margins and Cut Staff

🧠 This webinar explains how managed security service providers can apply AI to eliminate repetitive tasks, accelerate onboarding, and preserve margins with leaner teams. Cynomi CEO David Primor and Chad Robinson, CISO at Secure Cyber Defense, outline how automation handles assessments, benchmarking, and reporting in minutes, turning junior analysts into effective virtual CISOs and enabling consistent, repeatable CISO-grade delivery.
read more →

VoidLink: AI-Assisted Linux Malware Framework Revealed

🛡️ Check Point Research and Sysdig examined a sophisticated Linux malware framework called VoidLink and concluded a single developer used an AI coding agent to accelerate development. The Zig-based project grew to over 88,000 lines by December 2025 and exhibits systematic artifacts — consistent debug formatting, placeholder data like "John Doe", uniform _v3 API patterns, and exhaustive JSON templates — that suggest heavy LLM involvement. No real-world infections have been observed, but researchers warn this case demonstrates how AI can rapidly lower the barrier to creating advanced offensive tooling.
read more →

AI 'Fifth Wave' Supercharges Cybercrime Operations

🔍 Group-IB's January report argues that AI has created a new 'fifth wave' of cybercrime by turning advanced skills into inexpensive, scalable services that make attacks cheaper and faster. Analysts documented low-cost synthetic identity kits, deepfake-as-a-service subscriptions and biometric datasets sold for as little as $5, plus subscription dark LLMs. The firm highlights agentized phishing that automates lure creation, delivery and campaign adaptation and the rise of self-hosted dark LLMs used to generate scams, malware and exploit code.
read more →

Gemini calendar flaw reveals new prompt injection risk

📅 A newly disclosed weakness in Google’s Gemini demonstrates how routine calendar invites can be weaponized to influence model behavior. Miggo researchers found that Gemini ingests full event context — titles, times, attendees and descriptions — and may treat that content as actionable instructions. The issue reframes calendar entries from inert data into a potential prompt‑injection vector, highlighting risks as enterprises embed generative AI into day‑to‑day workflows.
read more →

VoidLink Signals a New Era in AI-Generated Malware

🤖 Check Point Research's analysis of VoidLink describes one of the first advanced malware families largely generated using artificial intelligence. Unlike earlier AI-assisted samples, which were often low-quality or derivative, VoidLink exhibits clear sophistication, modularity, and rapid evolution. AI appears to have enabled a single actor to plan, build, and iterate a complex malware framework in days rather than months, compressing development cycles and increasing operational tempo. Security teams must adapt detection, attribution, and incident response to meet this emerging threat class.
read more →