All news with #ai security tag

🔊 A recent study by researchers at the University of California, Irvine shows that very high-resolution optical sensors in some mice can detect minute desk vibrations produced by speech. The theoretical attack, labeled Mic-E-Mouse, requires mice with extremely high DPI (≈10,000+) and very high polling rates (≈4,000 Hz+) and malware to exfiltrate raw sensor frames. The raw signals are extremely noisy, but Wiener filtering and ML-based denoising allowed partial speech recovery under controlled lab conditions. Significant practical limitations — few qualifying models, controlled setups with speakers inches from the sensor, and steep drops in accuracy with common barriers — plus straightforward mitigations make the attack largely a proof of concept for now.

🔐 The Hacker News is promoting a free webinar that presents a practical framework to secure AI at scale while preserving speed of adoption. Organizers warn of a growing “quiet crisis”: rapid proliferation of unmanaged AI agents and identities that lack lifecycle controls. The session focuses on embedding security by design, governing AI agents that behave like users, and stopping credential sprawl and privilege abuse from Day One. It is aimed at engineers, architects, and CISOs seeking to move from reactive firefighting to proactive enablement.

📝 In many organizations the most consequential meeting attendee is the AI notetaker, whose summaries often become the authoritative meeting record. Participants can tailor their speech—using cue phrases, repetition, timing, and formulaic phrasing—to increase the chance their points appear in summaries, a behavior the author calls AI summarization optimization (AISO). These tactics mirror SEO-style optimization and exploit model tendencies to overweight early or summary-style content. Without governance and technical safeguards, summaries may misrepresent debate and confer an invisible advantage to those who game the system.

🤖 ChatGPT Atlas previews a future where AI becomes the primary interface for computing, letting users describe outcomes while the system orchestrates apps, data, and web services. Atlas demonstrates an context-aware assistant that understands a user’s digital life and can act on their behalf. This prototype points to productivity and accessibility gains, but it also creates new security, privacy, and governance challenges organizations must prepare for.

🔒 The Microsoft Digital Defense Report 2025 warns that cyber threats are accelerating in speed, scale, and sophistication, driven by AI and coordinated, cross-border operations. Attack windows have shrunk—compromises can occur within 48 hours in cloud containers—while AI-powered phishing and credential theft have grown markedly more effective. For CISOs this requires reframing security as a business enabler, prioritizing resilience, automation, and modern identity controls such as phishing-resistant MFA. The Secure Future Initiative provides practitioner-tested patterns to operationalize these priorities.

🛡️ Meta is rolling out new anti-scam features for Messenger and WhatsApp to help users detect and avoid fraud. Messenger testing includes AI-assisted scam detection that warns about suspicious new contacts and offers options to block, report, or submit messages for review. WhatsApp will display warnings about screen-sharing with unknown callers. These protections are enabled by default.

📱 The 2025 Verizon Mobile Security Index underscores growing danger as mobile devices account for the majority of global internet traffic and increasingly serve as primary attack surfaces. Check Point highlights the rise of AI-powered threats, persistent phishing, and human error that expand exposure. Organizations must rethink security architectures, strengthen endpoint controls, and adopt AI-aware defenses across apps, devices, and identities to reduce risk.

🔒 The average ransomware payment climbed to $3.6m in 2025, up from $2.5m in 2024, as attackers shift to fewer but more lucrative, targeted campaigns. ExtraHop's Global Threat Landscape Report found 70% of affected organisations paid ransoms, with healthcare and government incidents averaging nearly $7.5m each. The study highlights expanding risks from public cloud, third‑party integrations and generative AI, and urges organisations to map their attack surface, monitor internal traffic for lateral movement and prepare for AI‑enabled tactics.

🛡️ CrowdStrike’s 2025 ransomware survey finds that AI is compressing attacker timelines and enhancing phishing, malware creation, and social engineering, forcing defenders to react in minutes rather than hours. 78% of respondents reported a ransomware incident in the past year, yet fewer than 25% recovered within 24 hours and paying victims often faced repeat compromise and data theft. CISOs rank AI-enabled ransomware as their top AI-related security concern, and many organizations are accelerating adoption of AI detection, automated response, and improved training.

🔐 AI promises stronger cyber defense but expands the attack surface if not governed properly. Organizations must secure models, data pipelines, and agentic systems with the same rigor applied to critical infrastructure. Identity is central: treat every model or autonomous agent as a first‑class identity with scoped credentials, strong authentication, and end‑to‑end audit logging. Adopt layered controls for access, data, deployment, inference, monitoring, and model integrity to mitigate threats such as prompt injection, model poisoning, and credential leakage.

🔒 CSO's 2025 Security Priorities Study finds security leaders are juggling expanding responsibilities while facing greater complexity in selecting the right tools. Seventy-six percent say solution selection is more complex and 57% had trouble finding incident root causes in the past year. Top focuses are protecting sensitive data, securing cloud systems, and simplifying IT infrastructure, with 73% now more likely to consider AI-enabled security. Many plan to rely on managed service providers and maintain level budgets while driving strategic AI and governance initiatives.

🎞️ Amazon Bedrock Data Automation now supports AVI, MKV, and WEBM video formats and the AV1 and MPEG-4 Visual (Part 2) codecs, expanding coverage for archival, multi-track, and web-based videos. The service also delivers up to 50% faster image processing to accelerate extraction of visual insights. BDA is available in eight AWS Regions, enabling organizations to process native formats and streamline GenAI workflows.

⚠️ The CrowdStrike State of Ransomware Survey reveals a sizable gap between organizational confidence and actual ransomware readiness. Half of 1,100 security leaders say they are "very well prepared," yet 78% were attacked in the past year and fewer than 25% recovered within 24 hours. The report warns that AI-accelerated attacks deepen this gap and recommends AI-native detection and response such as Falcon to regain the advantage.

🛡️ Check Point introduces a continuously trained AI engine that analyzes website content, structure, and authentication flows to detect phishing with high accuracy. Integrated with ThreatCloud AI, it delivers protection across Quantum gateways, Harmony Email, Endpoint, and Harmony Mobile. The model learns from millions of domains and real-time telemetry to adapt to new evasion techniques. Early results indicate improved detection of brand impersonation and credential-harvesting pages.

🔎 Moloco’s AI-native retail media platform, integrated with Vertex AI Vector Search on Google Cloud, delivers semantic, real-time ad retrieval and personalized recommendations. The joint architecture uses TPUs and GPUs for model training and scoring while vector search runs efficiently on CPUs, enabling outcomes-based bidding at scale. Internal benchmarks report ~10x capacity, up to ~25% lower p95 latency, and a ~4% revenue uplift. The managed service reduces operational overhead and accelerates time-to-value for retailers.

🔒 Google is expanding protections during Cybersecurity Awareness Month 2025 with new features and guidance to counter scams and AI-driven threats. The company outlines a cohesive strategy for securing the AI ecosystem and introduces six new anti-scam measures to help users stay safe. It also launches Recovery Contacts to simplify account recovery and debuts CodeMender, an AI agent that automates code security. Additional updates support safer learning through responsible tools and partnerships.

🔒 Generative AI and agentic systems are transforming phishing and smishing into precise, multilingual, and adaptive threats. What were once rudimentary scams now leverage large language models, voice cloning, and autonomous agents to craft personalized attacks at scale. For CISOs and security teams this represents a strategic inflection point that demands updated detection, user education, and cross-functional incident response.

🔐 Cybersecurity must evolve to meet rapid advances in agentic AI, quantum computing, low-code platforms and proliferating IoT endpoints. The author argues organizations should move from static defenses to adaptive, platform-based security that uses automation, continuous monitoring and AI-native protection to match attackers' speed. He urges early planning for post-quantum cryptography and closer collaboration with partners so security enables — rather than hinders — innovation.

⚠️ Enterprises now face a reality where autonomous AI agents run with system privileges, executing code and accessing sensitive data without human oversight. Fewer than 4 in 10 AI agents are governed by identity security policies, creating serious visibility and control gaps. Mature identity programs that use AI-driven identity controls and real-time data sync deliver stronger ROI, reduced risk, and operational efficiency. CISOs must move IAM from compliance checkbox to strategic enabler.

🔐AI-enabled attacks are rapidly shifting the threat landscape, with cybercriminals using deepfakes, automated phishing, and AI-generated malware to scale operations. According to Foundry's 2025 Security Priorities Study and CSO reporting, autonomous agents can execute full attack chains at machine speed, forcing defenders to adopt AI as a copilot backed by rigorous human oversight. Organizations are prioritizing human risk, verification protocols, and training to counter increasingly convincing AI-driven social engineering.