< ciso
brief />
Tag Banner

All news with #ai security tag

759 articles · page 26 of 38

When Quantum Computing Meets AI: The Next Cyber Battleground

🧠 The convergence of AI and quantum computing is poised to redefine computing, cybersecurity and geopolitical power. Quantum machine learning can accelerate model training and enable real-time simulation by exploiting qubits' parallelism, while quantum key distribution promises communication that is far more resistant to interception. At the same time, this synergy raises risks: quantum-capable adversaries could undermine current cryptography and enable advanced cyberattacks.
read more →

Gartner Urges Enterprises to Block AI Browsers Now

⚠️ Gartner analysts Dennis Xu, Evgeny Mirolyubov and John Watts strongly recommend that enterprises block AI browsers for the foreseeable future, citing both known vulnerabilities and additional risks inherent to an immature technology. They warn of irreversible, non‑auditable data loss when browsers send active web content, tab data and browsing history to cloud services, and of prompt‑injection attacks that can cause fraudulent actions. Concrete flaws—such as unencrypted OAuth tokens in ChatGPT Atlas and the Comet 'CometJacking' issue—underscore that traditional controls are insufficient; Gartner advises blocking installs with existing network and endpoint controls, restricting pilots to small, low‑risk groups, and updating AI policies.
read more →

Polymorphic AI Malware: Hype vs. Practical Reality Today

🧠 Polymorphic AI malware is more hype than breakthrough: attackers are experimenting with LLMs, but practical advantages over traditional polymorphic techniques remain limited. AI mainly accelerates tasks—debugging, translating samples, generating boilerplate, and crafting convincing phishing lures—reducing the skill barrier and increasing campaign tempo. Many AI-assisted variants are unstable or detectable in practice; defenders should focus on behavioral detection, identity protections, and response automation rather than fearing instant, reliable self‑rewriting malware.
read more →

Why AI Security Requires an Integrated Platform and Governance

🔒 Gartner and Palo Alto Networks argue that AI security must be treated as a platform problem to manage accelerating generative AI risk, cost and complexity. The post recommends a two‑phase path: start with AI usage control to govern third‑party GenAI consumption, then extend protections into AI application development and runtime. Prisma Browser, Prisma SASE and Prisma AIRS are presented as the integrated tooling to discover, govern and protect AI usage and models. Palo Alto highlights Unit 42, Huntr and autonomous red teaming as sources of continuous validation.
read more →

NCSC Warns Prompt Injection May Be Inherently Unfixable

⚠️ The UK National Cyber Security Centre (NCSC) warns that prompt injection vulnerabilities in large language models may never be fully mitigated, and defenders should instead focus on reducing impact and residual risk. NCSC technical director David C cautions against treating prompt injection like SQL injection, because LLMs do not distinguish between 'data' and 'instructions' and operate by token prediction. The NCSC recommends secure LLM design, marking data separately from instructions, restricting access to privileged tools, and enhanced monitoring to detect suspicious activity.
read more →

Gartner Urges Enterprises to Block AI Browsers Now

⚠️ Gartner has advised enterprises to block AI browsers until associated risks can be adequately managed. In its report Cybersecurity Must Block AI Browsers for Now, analysts warn that default settings prioritise user experience over security and list threats such as prompt injection, credential exposure and erroneous agent actions. Researchers and vendors have also flagged vulnerabilities and urged risk assessments and oversight.
read more →

Experts Warn AI Is Becoming Integrated in Cyberattacks

🔍 Industry debate is heating up over AI’s role in the cyber threat chain, with some experts calling warnings exaggerated while many frontline practitioners report concrete AI-assisted attacks. Recent reports from Google and Anthropic document malware and espionage leveraging LLMs and agentic tools. CISOs are urged to balance fundamentals with rapid defenses and prepare boards for trade-offs.
read more →

AWS unveils AI-driven security enhancements at re:Invent

🔒 AWS announced a suite of AI- and automation-driven security features at re:Invent 2025 designed to shift cloud protection from reactive response to proactive prevention. AWS Security Agent and agentic incident response add continuous code review and automated investigations, while ML enhancements in GuardDuty and near real-time analytics in Security Hub improve multi-stage threat detection. Agent-centric IAM tools, including policy autopilot and private sign-in routes, streamline permissions and enforce granular, zero-trust access for agents and workloads.
read more →

Chrome Adds Security Layer for Gemini Agentic Browsing

🛡️ Google is introducing a new defense layer in Chrome called User Alignment Critic to protect upcoming agentic browsing features powered by Gemini. The isolated secondary LLM operates as a high‑trust system component that vets each action the primary agent proposes, using deterministic rules, origin restrictions and a prompt‑injection classifier to block risky or irrelevant behaviors. Chrome will pause for user confirmation on sensitive sites, run continuous red‑teaming and push fixes via auto‑update, and is offering bounties to encourage external testing.
read more →

Gartner Urges Enterprises to Block AI Browsers Now

⚠️Gartner recommends blocking AI browsers such as ChatGPT Atlas and Perplexity Comet because they transmit active web content, open tabs, and browsing context to cloud services, creating risks of irreversible data loss. Analysts cite prompt-injection, credential exposure, and autonomous agent errors as primary threats. Organizations should block installations with existing network and endpoint controls and restrict any pilots to small, low-risk groups.
read more →

Architecting Security for Agentic Browsing in Chrome

🛡️ Chrome describes a layered approach to secure agentic browsing with Gemini, focusing on defenses against indirect prompt injection and goal‑hijacking. A new User Alignment Critic — an isolated, high‑trust model — reviews planned agent actions using only metadata and can veto misaligned steps. Chrome also enforces Agent Origin Sets to limit readable and writable origins, adds deterministic confirmations for sensitive actions, runs prompt‑injection detection in real time, and sustains continuous red‑teaming and monitoring to reduce exfiltration and unwanted transactions.
read more →

Agentic BAS AI Translates Threat Headlines to Defenses

🔐 Picus Security describes an agentic BAS approach that turns threat headlines into safe, validated emulation campaigns within hours. Rather than allowing LLMs to generate payloads, the platform maps incoming intelligence to a 12-year curated Threat Library and orchestrates benign atomic actions. A multi-agent architecture — Planner, Researcher, Threat Builder, and Validation — reduces hallucinations and unsafe outputs. The outcome is rapid, auditable testing that mirrors adversary TTPs without producing real exploit code.
read more →

AI Creates New Security Risks for OT Networks, Warn Agencies

⚠️ CISA and international partner agencies have issued guidance warning that integrating AI into operational technology (OT) for critical infrastructure can introduce new security and safety risks. The guidance highlights threats such as prompt injection, data poisoning, data collection issues, AI drift and hallucinations, as well as human de‑skilling and cognitive overload. It urges adoption of secure design principles, cautious deployment, operator education and consideration of in‑house development to retain long‑term control.
read more →

Weekly Cyber Recap: React2Shell, AI IDE Flaws, DDoS

🛡️ This week's bulletin spotlights a critical React Server Components flaw, CVE-2025-55182 (React2Shell), that was widely exploited within hours of disclosure, triggering emergency mitigations. Researchers also disclosed 30+ vulnerabilities in AI-integrated IDEs (IDEsaster), while Cloudflare mitigated a record 29.7 Tbps DDoS attributed to the AISURU botnet. Additional activity includes espionage backdoors (BRICKSTORM), fake banking apps distributing Android RATs in Southeast Asia, USB-based miner campaigns, and new stealers and packer services. Defenders are urged to prioritize patching, monitor telemetry, and accelerate threat intelligence sharing.
read more →

NSA Warns AI Introduces New Risks to OT Networks, Allies

⚠️ The NSA, together with the Australian Signals Directorate and allied security agencies, published the Principles for the Secure Integration of Artificial Intelligence in Operational Technology to highlight emerging risks as AI is applied to safety-critical OT networks. The guidance flags adversarial prompt injection, data poisoning, AI drift, hallucinations, loss of explainability, human de-skilling and alert fatigue as primary concerns. It urges operators to adopt CISA secure design practices, maintain accurate asset inventories, consider in-house development tradeoffs, and apply rigorous oversight before deploying AI in OT environments.
read more →

Year-End Infosec Reflections and GenAI Impacts Review

🧭 William Largent’s year-end Threat Source newsletter combines career reflection with a practical security briefing, urging professionals to learn from mistakes while noting rapid changes in the threat landscape. He highlights a Cisco Talos analysis of how generative AI is already empowering attackers—especially in phishing, coding, evasion, and vulnerability discovery—while offering powerful advantages to defenders in detection and incident response. The newsletter recommends immediate, measured experimentation with GenAI tools, training teams to use them responsibly, and blending automation with human expertise to stay ahead of evolving risks.
read more →

US, International Agencies Issue AI Guidance for OT

🛡️ US and allied cyber agencies have published joint guidance to help critical infrastructure operators incorporate AI safely into operational technology (OT). Developed by CISA with the Australian Signals Directorate and input from the UK's NCSC, the document covers ML, LLMs and AI agents while remaining applicable to traditional automation systems. It recommends assessing AI risks, protecting sensitive OT data, demanding vendor transparency on embedded AI and supply chains, establishing governance and testing in controlled environments, and maintaining human-in-the-loop oversight aligned with existing cybersecurity frameworks.
read more →

AI Security and Elevated Zero Trust for Hybrid Networks

🔒 Check Point's new Quantum Firewall Software release, R82.10, extends a prevention-first security model across CloudGuard Network and Quantum Force Firewalls. The update unifies management, strengthens Zero Trust controls for hybrid mesh environments, and adds enforcement and telemetry designed to protect MCP servers, AI workloads, cloud assets and on-prem systems. It simplifies policy consistency and supports responsible AI adoption through data-aware controls and centralized governance.
read more →

Cyber Agencies Urge Provenance Standards for Digital Trust

🔎 The UK’s National Cyber Security Centre and Canada’s Centre for Cyber Security (CCCS) have published a report on public content provenance aimed at improving digital trust in the AI era. It examines emerging provenance technologies, including trusted timestamps and cryptographically secured metadata, and identifies interoperability and usability gaps that hinder adoption. The guidance offers practical steps for organisations considering provenance solutions.
read more →

Securing the AI Frontier: GSA OneGov Accelerates Secure AI

🔒 Palo Alto Networks explains why the GSA OneGov agreement matters for federal AI adoption and cybersecurity. Author Eric Trexler cites Unit 42 research showing new risks—particularly AI Agent Smuggling via indirect prompt injection and agent session smuggling—and argues AI must be defended as an attack surface. The post highlights platform protections including Prisma AIRS, FedRAMP High CNAPP, and Prisma SASE to secure AI workloads, edge users, and data. It positions OneGov as a procurement shortcut for agencies to deploy AI securely and notes promotional offers through 31 January 2028.
read more →