All news with #ai security tag

🔒 Microsoft summarizes the top generative AI security risks and mitigation strategies in a new e-book, highlighting threats such as prompt injection, data poisoning, jailbreaks, and adaptive evasion. The post underscores cloud vulnerabilities, large-scale data exposure, and unpredictable model behavior that create new attack surfaces. It recommends unified defenses—such as CNAPP approaches—and presents Microsoft Defender for Cloud as an example that combines posture management with runtime detection to protect AI workloads.

🔒 Android applies layered Google AI to anticipate and block mobile scams before they reach users. Built-in protections—such as Google Messages spam filtering and on-device Scam Detection, plus Phone by Google automatic call blocking and Call Screen—identify conversational scam patterns and surface real-time warnings. Android blocks over 10 billion suspected malicious calls and messages monthly and recently stopped more than 100 million suspicious numbers from using RCS. Protections are ephemeral, on-device where possible, and continuously updated to adapt to evolving threats.

🔐 Autonomous AI agents are creating a new class of non-human identities that traditional, human-centric security models struggle to govern. These agents can persist beyond intended lifecycles, hold excessive permissions, and perform actions across systems without clear ownership, increasing risks like privilege escalation and large-scale data exfiltration. Security teams must adopt identity-first controls—unique managed identities, strict scoping, lifecycle management, and continuous auditing—to regain visibility and enforce least privilege.

🔒 Artificial intelligence is reshaping cybersecurity, creating both enhanced defensive capabilities and new risks that require broad AI literacy. The White House's America’s AI Action Plan and Fortinet’s 2025 Cybersecurity Global Skills Gap Report show strong adoption—97% of organizations use or plan AI in security—yet 48% cite lack of staff expertise as a major barrier. Fortinet recommends targeted training, policies for generative AI use, and its Security Awareness modules to help close the gap and reduce threat exposure.

🛡️ Organizations face an identity crisis as generative AI and vast troves of breached personal data enable realistic digital doppelgangers. Attackers now automate hyper-personalized phishing, smishing and vishing, clone voices, and run coordinated multi-channel campaigns that reference real colleagues and recent projects. The article urges a shift to “never trust, always verify,” with radical visibility, rapid detection and phishing-resistant authentication such as FIDO2. It also warns of emerging agentic AI and recommends strict least-privilege controls plus continuous red-teaming.

🛡️ The article explains how malicious SEO operations use keyword stuffing, purchased backlinks, cloaking and mass-produced content to bury legitimate sites in search results. It warns that generative AI now amplifies this threat by producing tens of thousands of spam articles, spinning up fake social accounts and enabling more sophisticated cloaking. Defenders must deploy AI-based detection, graph-level backlink analysis and network behavioral analytics to spot coordinated abuse. The piece emphasizes proactive, ecosystem-wide monitoring to protect trust and legitimate businesses online.

🔒 Check Point has made AI Cloud Protect powered by NVIDIA BlueField available for enterprise deployment, offering DPU-accelerated security for cloud AI workloads. The solution aims to inspect and protect GenAI traffic and prompts to reduce data exposure risks while integrating with existing cloud environments. It targets prompt manipulation and infrastructure attacks at scale and is positioned for organizations building AI factories.

🔒 Palo Alto Networks outlines a platform-centric approach to protect the enterprise AI Factory, announcing integration of Prisma AIRS with NVIDIA BlueField DPUs. The collaboration embeds distributed zero-trust security directly into infrastructure, delivering agentless, penalty-free runtime protection and real-time workload threat detection. Validated on NVIDIA RTX PRO Server and optimized for BlueField‑3, with BlueField‑4 forthcoming, the solution ties into Strata Cloud Manager and Cortex for end-to-end visibility and control, aiming to secure AI operations at scale without compromising performance.

🔒 Google announced 11 startups selected for the inaugural Google for Startups Accelerator: AI for Cybersecurity in Latin America, a ten-week program delivering mentorship, product support and technical resources to scale AI-driven security solutions. Participants from Brazil, Chile, Colombia and Mexico focus on threat detection, compliance automation, fraud prevention and AI-agent protection. Google will pair products and experts with teams to accelerate regional cybersecurity impact.

🔒 This Cybersecurity Awareness Month, Google is rolling out a set of updates designed to protect users and developers from increasingly sophisticated scams and AI-driven threats. Announcements include a cohesive AI security strategy, six new anti‑scam measures, and Recovery Contacts to help people regain access to accounts via trusted friends or family. Google also introduced CodeMender, an AI agent that helps identify and remediate code security issues, alongside safer learning initiatives, a video on its defense‑in‑depth approach, and support for startups developing AI cybersecurity solutions in Latin America.

🔐 Google selected 11 startups for its inaugural Google for Startups Accelerator: AI for Cybersecurity in Latin America, a ten-week program that pairs founders with Google's technical resources, mentorship, and product support. The cohort — drawn from Brazil, Chile, Colombia, and Mexico — focuses on AI-driven solutions across threat detection, compliance automation, fraud prevention, and protections for AI agents. Participants will receive hands-on guidance to scale, validate, and deploy tools that reduce cyber risk across the region.

🔐 Google Cloud outlines a pragmatic framework to secure the emerging agentic web while preserving smooth user experiences. The post details how reCAPTCHA and Google Cloud combine agent and user identity, continuous behavior analysis, and AI-resistant mitigations such as mobile-device attestations. It highlights enabling safe agentic commerce via protocols like AP2 and tighter integration with cloud AI services.

🔒 Palo Alto Networks presents a unified, AI-driven approach to network security that consolidates browser, AI, and quantum defenses into the Strata Network Security Platform. New offerings include Prisma Browser, a SASE-native secure browser that blocks evasive attacks and brings LLM-augmented data classification to the endpoint, and Prisma AIRS 2.0, a full-lifecycle AI security platform. The company also outlines a pragmatic path to quantum-readiness and centralizes control with Strata Cloud Manager to simplify operations across hybrid environments.

🔒 Prisma AIRS 2.0 is a unified AI security platform that delivers end-to-end visibility, risk assessment and automated defenses across agents, models and development pipelines. It consolidates Protect AI capabilities to provide posture and runtime protections for AI agents, model scanning and API-first controls for MLOps. The platform also offers continuous, autonomous red teaming and a managed MCP Server to embed threat detection into workflows.

🔐 Microsoft has patched an indirect prompt injection vulnerability in Microsoft 365 Copilot that could have been exploited to exfiltrate recent enterprise emails via clickable Mermaid diagrams. Researcher Adam Logue demonstrated a multi-stage attack using Office documents containing hidden white-text instructions that caused Copilot to invoke an internal search-enterprise_emails tool. The assistant encoded retrieved emails into hex, embedded them in Mermaid output styled as a login button, and added an attacker-controlled hyperlink. Microsoft mitigated the risk by disabling interactive hyperlinks in Mermaid diagrams within Copilot chats.

⚠️ Researchers at LayerX Security disclosed a vulnerability in OpenAI’s Atlas browser that allows attackers to inject hidden instructions into a user’s ChatGPT memory via a CSRF-style flow. An attacker lures a logged-in user to a malicious page, leverages existing authentication, and taints the account-level memory so subsequent prompts can trigger malicious behavior. LayerX reported the issue to OpenAI and advised enterprises to restrict Atlas use and monitor AI-driven anomalies. Detection relies on behavioral indicators rather than traditional malware artifacts.

🚀 Amazon announces general availability of Amazon Nova Multimodal Embeddings, a unified embedding model designed for agentic RAG and semantic search across text, documents, images, video, and audio. The model handles inputs up to 8K tokens and video/audio segments up to 30 seconds, with segmentation for larger files and selectable embedding dimensions. Both synchronous and asynchronous APIs are supported to balance latency and throughput, and Nova is available in Amazon Bedrock in US East (N. Virginia).

⚠️ Researchers disclosed a CSRF-based vulnerability in ChatGPT Atlas that can inject malicious instructions into the assistant's persistent memory, potentially enabling arbitrary code execution, account takeover, or malware deployment. LayerX warns that corrupted memories persist across devices and sessions until manually deleted and that Atlas' anti-phishing defenses lag mainstream browsers. The flaw converts a convenience feature into a persistent attack vector that can be invoked during normal prompts.

🔒 Organizations worldwide are rapidly adopting AI across enterprises, delivering efficiency gains while introducing new security risks. Cybersecurity is at a turning point where AI fights AI, and today's phishing and deepfakes are precursors to autonomous, self‑optimizing AI threat actors that can plan, execute, and refine attacks with minimal human oversight. In September 2025, Check Point Research found that 1 in 54 GenAI prompts from enterprise networks posed a high risk of sensitive-data exposure, underscoring the urgent need to harden defenses and govern model use.

🛡️ In a short video for Cybersecurity Awareness Month, ESET Chief Security Evangelist Tony Anscombe explains how unsanctioned hardware and software — commonly called shadow IT — is creating security gaps in the remote and hybrid work era. He warns that growing employee use of generative AI further increases risk by exposing sensitive corporate data outside IT control. The video outlines practical steps IT teams can take to discover, govern and mitigate these hidden risks and points to related guidance on authentication, patching and ransomware resilience.