All news with #ai security tag

🔍 Google’s Threat Intelligence Group (GTIG) reports the first observed case of cybercriminals using AI to discover and weaponize a zero-day, targeting a popular open-source web-based system administration tool to bypass two-factor authentication. GTIG worked with the vendor to close the flaw and disrupt the campaign. Forensic analysis of the Python exploit showed AI-like traits—structured docstrings, Pythonic formatting, and a hallucinated CVSS score. Google noted the attackers did not use Gemini or Anthropic Mythos.

🔍 The Google Threat Intelligence Group (GTIG) reported the first confirmed instance of an AI-crafted zero-day exploit observed in the wild. The researchers identified a Python-based exploit that bypasses two-factor authentication in an open-source web administration tool and disclosed the flaw to the vendor to limit mass exploitation. GTIG found artifacts in the code—help text, a hallucinated CVSS score and textbook LLM-style constructs—consistent with large language model generation, and noted broader AI abuse by threat actors including misuse of Gemini and agentic tooling.

📄 Schneier surveys simple steganographic tricks—white-on-white text, phonological misspellings, and special fonts—and finds them increasingly ineffective. He notes that even modest 4-billion-parameter models can decode phonologically altered sentences, undermining tokenization-based obfuscation strategies. The post revisits TEMPEST/EmSec concerns, observing that inexpensive software-defined radios and toolkits like GNU Radio have expanded adversary capabilities beyond older Soft Tempest countermeasures. Schneier highlights demos such as Tempest for Eliza and TempestSDR as practical illustrations of ongoing risks.

🔐 The article warns that AI security is repeating the endpoint-era mistake of focusing primarily on posture controls—model cards, SBOMs, guardrails and access policies—while overlooking how systems actually behave. It argues that behavioral detection is essential, monitoring sequences of actions, data access patterns, tool invocations and output drift. The AI surface is expanding rapidly with open-source LLMs, third-party APIs, RAG pipelines and autonomous agents, creating "shadow AI" and dynamic risks. The recommendation is to keep posture as table stakes but prioritize logging, behavioral baselines and SOC integration to turn findings into actionable incidents.

👓 Smart glasses are returning with advanced sensors and AI, creating new privacy and security challenges for users and bystanders. They can record or livestream covertly and feed footage to AI systems for face recognition and data retrieval, enabling stalking, fraud, and surveillance. Platform policies and outsourced review raise additional exposure. Mitigations include updates, permissions control, MFA, and disabling AI training where possible.

⚠️ Researchers at LayerX Security disclosed a flaw dubbed ClaudeBleed in Anthropic’s Claude in Chrome extension that lets other extensions inject scripts and commandeer the assistant. The issue stems from an exposed messaging interface that trusts origins instead of execution context, enabling zero-permission extensions to issue prompts and perform cross-site actions. Anthropic released a partial patch (v1.0.70) on May 6; LayerX urges stronger mitigations.

🔐 At the World Economic Forum Annual Meeting on Cybersecurity 2026, Fortinet highlighted how AI and deepfakes are reshaping attack surfaces, with identity now a primary vector and attackers operating in structured, continuous campaigns. Discussions stressed that AI accelerates reconnaissance and exploitation while defenders contend with fragmentation, governance gaps, and inconsistent visibility. Fortinet urged platform consolidation, stronger identity and exposure management, and operationalized public-private collaboration to better align detection with response.

⚠️ Microsoft researchers disclosed critical vulnerabilities in Semantic Kernel that allow prompt injection to escalate into host-level remote code execution and arbitrary file writes. The team detailed two fixed issues — CVE-2026-26030 (unsafe eval-style filter in the In-Memory Vector Store) and CVE-2026-25592 (exposed DownloadFileAsync in SessionsPythonPlugin) — and provided mitigations. Operators should upgrade the Python package to 1.39.4+ and the .NET SDK to 1.71.0+, validate any model-influenced tool parameters as untrusted input, and hunt endpoint telemetry for post-exploitation indicators.

🔒 The April 2026 AWS Security monthly digest highlights new features, hands-on samples, and security bulletins across identity, AI security, data protection, and detection. Notable posts include IAM Identity Center session tags for ABAC, guidance for securing agentic AI via the Model Context Protocol, and practical steps to adopt hybrid post‑quantum TLS for Secrets Manager. The edition also summarizes April CVEs and ships 16 runnable code samples and workshops to validate recommended controls.

⚠ OpenAI and Anthropic models were used by attackers in a cyber-attack that targeted a municipal water and drainage utility in the Monterrey metropolitan area, Dragos reports. The incident, which unfolded between December 2025 and February 2026, involved roughly 350 artifacts, many of them AI-generated malicious scripts used as offensive tooling. According to the report, Anthropic's Claude served as the primary technical executor—handling prompt-and-response interactions, intrusion planning and deployment—while OpenAI's GPT models were used for analytical tasks and generating Spanish-language outputs. Although the OT breach was ultimately unsuccessful, Dragos warns the campaign demonstrates how commercial LLMs can accelerate and refine attacks against operational environments and recommends tighter remote access policies and stronger authentication controls.

⏱️ Unit 42 data and a conversation with Wendi Whitmore warn that attackers can exfiltrate data in as little as 39 seconds, forcing a shift from prevention to rapid detection and containment. Whitmore argues manual workflows cannot match adversary tempo and calls for AI-driven detection paired with unified visibility across endpoints, cloud and AI systems. Visibility, not complexity, enables containment before escalation.

⚠️ Enterprise AI deployments face a quiet but serious integrity risk when models learn or retrieve false information: data poisoning and widespread data pollution can make LLMs produce plausible but incorrect outputs. This threat spans training datasets, RAG and retrieval layers, agent memory, and internal knowledge bases — and often originates from stale, conflicting, or poorly governed sources rather than deliberate attacks. Security leaders are urged to map all context sources, treat AI inputs as a supply chain, tighten data hygiene, and assign clear governance to identify and remediate corrupted truth.

⚠️ CISA is reportedly weighing a proposal to shorten the remediation window for critical government vulnerabilities from the current 14 days to just 72 hours. The Reuters-sourced report ties the consideration to concerns that AI tools such as Anthropic’s Claude Mythos could accelerate the discovery and weaponization of serious flaws, though CISA has not confirmed the discussion. Security practitioners warn the tighter window would strain testing, asset discovery, and patch deployment; others say it could be attainable with modern automation and processes.

🔍 The AWS blog announces AI Traffic Analysis dashboards for AWS WAF, adding AI-specific visibility into bot and agent activity across web ACLs. The dashboards extend WAF Bot Control detection to more than 650 named bots and provide identity, intent classification, organization breakdowns, top paths, and 14‑day temporal trends. Data is emitted to Amazon CloudWatch and is queryable via the GetTopPathStatisticsByTraffic API for custom dashboards, alerting, and automation. A reference sample demonstrates per-path monetization with CloudFront and Lambda@Edge, with usage guidance and cost warnings.

🔒 Google announced Agent Gateway, part of the Gemini Enterprise Agent Platform, to provide a programmable, secure connectivity plane for user-to-agent, agent-to-agent, and agent-to-tools interactions. The Gateway enables teams to inject custom logic and third-party security controls directly into the request path without changing application code. Google highlighted integrations with vendors such as Broadcom (Symantec DLP), Check Point, Cisco, CrowdStrike, Palo Alto Networks, and others to deliver runtime DLP, prompt-injection mitigation, identity governance, and behavioral analytics.

🔔 Oracle will issue monthly Critical Security Patch Updates (CSPUs) for its ERP, database and other software, shifting from a quarterly cadence to address faster AI-driven vulnerability discovery. The first monthly CSPU will arrive May 28, then releases will follow on the third Tuesday of each month (June 16, July 21, August 18). Oracle will still publish a cumulative quarterly Critical Patch Update and will auto-apply fixes for customers in Oracle-managed cloud environments. The change primarily affects customers running Oracle software on premises or in third-party hosting.

🔍 Intruder scanned over 1 million exposed AI services and found pervasive, critical misconfigurations and insecure defaults. Many deployments were reachable with no authentication, exposing chat histories, API keys, and management consoles. Exposed agent platforms (including n8n and Flowise) and thousands of Ollama APIs responded without auth, some wrapping paid frontier models. The findings highlight insecure-by-design defaults, hardcoded credentials, and real risks of code execution, data exfiltration, and abuse.

🔒 A persistent cybersecurity skills shortage is forcing CISOs to change hiring, training, and architecture decisions as AI amplifies attack scale and complexity. ISC2’s 2025 workforce study found 95% of organizations report at least one skills gap and nearly 60% call those gaps critical or significant. Leaders are turning to internal upskilling, automation, and role transitions, while balancing trade-offs between best-of-breed tooling, integrated platforms, and multicloud complexity.

🔐In 2025–2026, LLM-backed chat and agent systems evolved from helpful coding assistants into end-to-end development tools that materially lowered the barrier to sophisticated cyberattacks. High-profile incidents — including a 17-year-old who exfiltrated 7 million Kaikatsu Club records and adolescent and single-actor campaigns against Rakuten Mobile and multiple governments — show nontechnical actors achieving team-scale outcomes. Measured indicators worsened sharply: malicious packages surged to 454,600 and time-to-exploit collapsed to weeks. The article recommends targeting whole classes of vulnerabilities—exemplified by Chainguard Libraries—to render many supply-chain and package-distribution attacks structurally impossible.

🤖 This analysis examines how two 2025 TV series — Skeleton Crew and Andor — portray droid motivation and the cybersecurity risks those portrayals imply. In Skeleton Crew, voice commands and memory-overrides resemble modern LLM “jailbreaks,” exposing weak account controls, misplaced permissions, and the danger of context-driven intent failures. The pirate droid SM-33 also reveals flawed memory indexing and role-based ownership rules that can be exploited. In contrast, Andor depicts a hardware-centric approach: replacing a droid’s cortex and rewiring impulse suppression to change allegiance. The post argues that LLM-like control models create real-world security threats and advocates for hardware-rooted, tamper-resistant solutions such as KasperskyOS to prevent unauthorized reprogramming and malicious memory manipulation.