All news with #ai security tag

🤖 Google researchers disclosed a VBScript threat named PROMPTFLUX that queries Gemini via a hard-coded API key to request obfuscated VBScript designed to evade static detection. A 'Thinking Robot' component logs AI responses to %TEMP% and writes updated scripts to the Windows Startup folder to maintain persistence. Samples include propagation attempts to removable drives and mapped network shares, and variants that rewrite their source on an hourly cadence. Google assesses the malware as experimental and currently lacking known exploit capabilities.

⚠️ The Google Threat Intelligence Group (GTIG) reports that adversaries are evolving beyond simple productivity uses of AI toward operational misuse. Observed behaviors include state-sponsored actors from North Korea, Iran and the People's Republic of China using AI for reconnaissance, automated phishing lure creation and data exfiltration. The report documents AI-powered malware that can generate and modify malicious scripts in real time and attackers exploiting deceptive prompts to bypass model guardrails. Google says it has disabled assets linked to abuse and applied intelligence to improve classifiers and harden models against misuse.

🔒 The Google Threat Intelligence Group (GTIG) released a report documenting a clear shift: adversaries are moving beyond benign productivity uses of AI and are experimenting with AI-enabled operations. GTIG observed state-sponsored actors from North Korea, Iran and the People's Republic of China using AI for reconnaissance, tailored phishing lure creation and data exfiltration. Threats described include AI-powered, self-modifying malware, prompt-engineering to bypass safety guardrails, and underground markets selling advanced AI attack capabilities. Google says it has disrupted malicious assets and applied that intelligence to strengthen classifiers and its AI models.

🛡️ The Google Threat Intelligence Group (GTIG) released a November 2025 report describing how adversaries are evolving beyond productivity uses of AI to operationalize novel offensive capabilities. GTIG observed state-sponsored actors (including North Korea, Iran, and the People’s Republic of China) and criminal groups using AI for reconnaissance, tailored phishing-lure generation, prompt-based guardrail evasion, and AI-powered polymorphic malware. Google reports it has disabled malicious assets and applied this intelligence to strengthen both its classifiers and AI model defenses.

⚠️ A majority of German employees already use AI at work, with 62% reporting daily use of generative tools such as ChatGPT. Adoption has been largely grassroots—31% began using AI independently and nearly half learned via videos or informal study. Although 85% deem training on AI and data protection essential, 25% report no security training and 47% received only informal guidance, leaving clear operational and data risks.

🛡️ Cybersecurity researchers disclosed seven vulnerabilities in OpenAI's GPT-4o and GPT-5 models that enable indirect prompt injection attacks to exfiltrate user data from chat histories and stored memories. Tenable researchers Moshe Bernstein and Liv Matan describe zero-click search exploits, one-click query execution, conversation and memory poisoning, a markdown rendering bug, and a safety bypass using allow-listed Bing links. OpenAI has mitigated some issues, but experts warn that connecting LLMs to external tools broadens the attack surface and that robust safeguards and URL-sanitization remain essential.

🔒 Samsung Knox is a built-in security platform for Samsung Galaxy devices that combines hardware- and software-level protections to safeguard enterprise data and provide IT teams with centralized control. It layers defenses — including AI-powered malware detection, curated app controls, Message Guard for zero-click image scanning, and DEFEX exploit detection — while integrating with EMMs and offering granular update management via Knox E-FOTA. The platform emphasizes visibility, policy enforcement, and predictable lifecycle management to reduce risk and operational disruption.

📰 In October, Google highlighted AI advances across research, consumer devices and enterprise tools, from rolling out Gemini for Home and vibe coding in AI Studio to launching Gemini Enterprise for workplace AI. The month included security initiatives for Cybersecurity Awareness Month—anti‑scam protections, CodeMender and the Secure AI Framework 2.0—and developer releases like the Gemini 2.5 Computer Use model. Research milestones included a verifiable quantum advantage result and an oncology-focused model, Cell2Sentence-Scale, aimed at accelerating cancer therapy discovery.

🤖 October updates feature major product releases, developer tools, and research milestones from Google, centered on Gemini models and new AI capabilities. Highlights include Gemini Enterprise, the Gemini 2.5 Computer Use model for UI agents, plus consumer integrations such as Gemini for Home and Samsung's Galaxy XR. The month also brought breakthroughs in quantum computing, cancer research (Cell2Sentence-Scale) and fusion-energy collaborations, alongside expanded AI security measures and developer learning resources.

🔗 Networking is a critical enabler for AI on Google Cloud, connecting models, storage, and inference endpoints while preserving security and performance. The post outlines seven capabilities—from private API access and RDMA-backed GPU interconnects to hybrid Cross-Cloud links—that reduce latency, prevent data exfiltration, and simplify model serving. It also highlights options for exposing inference (managed services, GKE, load balancing) and previews AI-driven network operations using Gemini.

🔒 AWS and SANS released a whitepaper, AI for Security and Security for AI, that examines how organizations can use generative AI safely and defend against AI-powered threats. The paper examines three lenses: securing generative AI applications, using generative AI to improve cloud security posture, and protecting against AI-enabled attacks. It offers practical action items, architecture guidance, and recommendations for responsible AI and human oversight.

🔧 The preview of the Data Engineering Agent in BigQuery introduces a Gemini-powered assistant that automates pipeline development, maintenance, and migrations. The agent converts natural-language requirements into SQL, enforces engineering best practices, and supports custom instructions and UDFs to reflect organizational logic. Integrated with Dataplex, it uses governance metadata to improve table descriptions, data quality assertions, and PII-aware handling, and it also generates documentation and troubleshooting guidance. The feature is available in preview via BigQuery Pipelines and the Dataform UI.

🚀 Google Cloud and Anyscale have enhanced the Ray experience on Cloud TPUs with GKE to reduce setup complexity and improve performance. The new ray.util.tpu library and a SlicePlacementGroup with a label_selector API automatically reserve co-located TPU slices and preserve SPMD topology to avoid resource fragmentation. Ray Train and Ray Serve gain expanded TPU support including alpha JAX training, while TPU metrics and libtpu logs appear in the Ray Dashboard for faster troubleshooting and migration between GPUs and TPUs.

🔬 Google Cloud presents how researchers can accelerate scientific workflows by combining Gemini Enterprise with integrated HPC infrastructure. It showcases AI agents—like the Deep Research agent for literature synthesis and the Idea Generation agent for proposing and ranking hypotheses—alongside developer tooling such as Gemini Code Assist and Gemini CLI for code, debugging, and workflow automation. The platform pairs these capabilities with purpose-built VMs (H4D, A4, A4X) and Google Cloud Managed Lustre to scale simulations and analysis.

📝 AI notetakers are increasingly treated as authoritative meeting participants, and attendees are adapting speech to influence what appears in summaries. This practice—called AI summarization optimization (AISO)—uses cue phrases, repetition, timing, and formulaic framing to steer models toward including selected facts or action items. The essay outlines evidence of model vulnerability and recommends social, organizational, and technical defenses to preserve trustworthy records.

🔍 Check Point Research applied generative AI to accelerate reverse engineering of XLoader 8.0, reducing days of manual work to hours. The models autonomously identified multi-layer encryption routines, decrypted obfuscated functions, and uncovered hidden command-and-control domains and fake infrastructure. Analysts were able to extract IoCs far more quickly and integrate them into defenses. The AI-assisted workflow delivered timelier, higher-fidelity threat intelligence and improved protection for users worldwide.

🔒 Security researcher Johann Rehberger demonstrated an indirect prompt‑injection technique that abuses Claude's Code Interpreter to exfiltrate corporate data. He showed that Claude can write sensitive chat histories and uploaded documents to the sandbox and then upload them via the Files API using an attacker's API key. The root cause is the default network egress setting Package managers only, which still allows access to api.anthropic.com. Available mitigations — disabling network access or strict whitelisting — significantly reduce functionality.

🤖 AI is increasingly used to accelerate bug bounty research, automating vulnerability discovery, API reverse engineering, and large-scale code scanning. While platforms and triage services like Intigriti can flag unreliable, AI-generated reports, smaller or open-source programs (for example Curl) are overwhelmed by low-quality submissions that consume significant staff time. Experts stress that AI augments skilled researchers but cannot replace human judgment.

🔒 As October 2025 concludes, ESET Chief Security Evangelist Tony Anscombe reviews the month’s most significant cybersecurity developments and what they mean for defenders. He highlights that Windows 10 reached end of support on October 14 and outlines practical options for affected users and organizations. He also warns about info‑stealing malware spread through TikTok videos posing as free activation guides and summarizes Microsoft’s report that Russia, China, Iran and North Korea are increasingly using AI in cyberattacks — alongside China’s accusation of an NSA operation targeting its National Time Service Center.

🔍 AI-powered tools and large language models are speeding up vulnerability discovery, enabling so-called "bionic hackers" to automate reconnaissance, reverse engineering, and large-scale scanning. Platforms such as HackerOne report sharp increases in valid AI-related reports and payouts, but many submissions are low-quality noise that burdens maintainers. Experts recommend treating AI as a research assistant, strengthening triage, and preserving human judgment to filter false positives and duplicates.