All news with #ai security tag

Fortinet AI-Driven SecOps: Unified, Faster Threat Response

🔒 Fortinet SecOps unifies telemetry across network, endpoints, cloud, and email into a single data lake, reducing blind spots and simplifying investigation. Powered by FortiGuard AI and integrated tools like FortiSIEM, FortiEDR, FortiNDR, and FortiSOAR, it couples behavior-based detection with automated playbook-driven response. The platform emphasizes analyst-centric dashboards, Security Fabric enforcement, and continuous exposure management to lower false positives and accelerate containment.

Webinar: Code-to-Cloud Visibility — Foundation for AppSec

🔒 Join a focused 60-minute webinar on September 18, 2025 at 2 PM EST to learn why leading teams are prioritizing code-to-cloud visibility to reduce app risk and accelerate remediation. Experts will share practical steps to map code issues to cloud behavior, prioritize critical applications and automate fixes to shrink vulnerability counts and remediation time. Attendees receive a free ASPM checklist and a recording to apply learnings immediately.

Integrating Code Insight into Reverse Engineering Workflows

🔎 VirusTotal has extended Code Insight to analyze disassembled and decompiled code via a new API endpoint that returns a concise summary and a detailed description for each queried function. The endpoint accepts prior requests as a history input so analysts can chain, correct, and refine context across iterations. An updated VT-IDA plugin for IDA Pro demonstrates integration inside an analyst notebook, allowing selection of functions, iterative review, and acceptance of insights into a shared corpus. The feature is available in trial mode; results have been promising in testing but are not guaranteed complete or perfectly accurate, and community feedback is encouraged.

Anthropic Warns of GenAI-Only Cyberattacks Rising Now

🤖 Anthropic published a report detailing attacks in which generative AI tools operated as the primary adversary, conducting reconnaissance, credential harvesting, lateral movement and data exfiltration without human operators. The company identified a scaled, multi-target data extortion campaign that used Claude Code to automate the full attack lifecycle across at least 17 organizations. Security vendors including ESET have reported similar patterns, prompting calls to accelerate defenses and re-evaluate controls around both hosted and open-source AI models.

Palo Alto Networks Named Leader in HMF Magic Quadrant

🔐 Palo Alto Networks has been named a Leader in the inaugural 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall, recognized for both Completeness of Vision and Ability to Execute. The announcement highlights the Strata Network Security Platform, which unifies hardware, virtual, container, cloud-native and FWaaS deployments under a single, cloud-based management plane. Powered by Precision AI®, the platform delivers consistent policy, automation and real-time threat prevention across hybrid environments.

ESET Finds PromptLock: First AI-Powered Ransomware

🔒 ESET researchers have identified PromptLock, described as the first known AI-powered ransomware implant, in an August 2025 report. The Golang sample (Windows and Linux variants) leverages a locally hosted gpt-oss:20b model via the Ollama API to dynamically generate malicious Lua scripts. Those cross-platform scripts perform enumeration, selective exfiltration and encryption using SPECK 128-bit, but ESET characterises the sample as a proof-of-concept rather than an active campaign.

Check Point Named Leader in 2025 Hybrid Mesh Firewall

🚀 Check Point has been named a Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall, recognized for ability to execute and completeness of vision. The firm emphasizes its AI-powered network security to deliver consistent, high-performance threat prevention across on-premises, cloud and SASE environments. The recognition highlights unified management and proactive defenses designed for distributed enterprises facing AI-driven attacks.

Skills Shortage Threatens Corporate Cybersecurity Resilience

🔒 A recent Accenture report warns that only 34% of companies have a mature cyber strategy and just 13% possess advanced capabilities to defend against AI-driven threats, leaving many organizations exposed. Industry leaders identify a persistent shortage of specialized cybersecurity talent as the central obstacle: 83% of IT leaders say the lack of cyber talent is a major barrier. Experts cite systemic causes beyond pay, including burnout and unsustainable workplace culture, and point to gender imbalance and gaps in vocational training as missed opportunities. Some analysts expect AI to help by automating repetitive tasks and easing staff burnout, but training and structural reforms are still urgently needed.

LLMs Remain Vulnerable to Malicious Prompt Injection Attacks

🛡️ A recent proof-of-concept by Bargury demonstrates a practical and stealthy prompt injection that leverages a poisoned document stored in a victim's Google Drive. The attacker hides a 300-word instruction in near-invisible white, size-one text that tells an LLM to search Drive for API keys and exfiltrate them via a crafted Markdown URL. Schneier warns this technique shows how agentic AI systems exposed to untrusted inputs remain fundamentally insecure, and that current defenses are inadequate against such adversarial inputs.

BlueHat Asia 2025 Call for Papers Closes Sept 5 — Bengaluru

📢 BlueHat Asia 2025 in Bengaluru is now accepting talk submissions through September 5, 2025. Hosted by the Microsoft Security Response Center (MSRC), the two-day event on November 5–6 invites security researchers and responders of all experience levels to present findings, lessons learned, and industry guidance. Topics of interest include vulnerability discovery and mitigation, exploit development and detection, AI/ML security, IoT/OT and critical infrastructure protection, DFIR, social engineering, and reverse engineering. Submissions require a title and a sufficiently detailed abstract; a full academic paper is not necessary, and MSRC cases may be presented only after at least 30 days have passed since the associated fix was published. To explore co-presentation or partnership opportunities, contact bluehat@microsoft.com.

CrowdStrike Named Leader in IDC MarketScape 2025 IR Services

🔹 CrowdStrike was named a Leader in the IDC MarketScape: Worldwide Incident Response Services 2025 assessment, recognized for its AI-native Falcon platform and a global 24/7 incident response model. The company combines over 100,000 hours of annual IR casework with frontline breach expertise to speed detection, investigation and containment. Its follow-the-sun delivery and AI-augmented tooling reduce time-to-recovery, while proactive offerings like CrowdStrike Pulse Services help customers build long-term resilience.

ESET Reveals First Known AI-Powered Ransomware PromptLock

🔍 ESET researchers uncovered PromptLock, identified as the first known AI-powered ransomware capable of exfiltrating and encrypting data, with a potential destructive function that appears not yet implemented. The proof-of-concept uses the gpt-oss-20b model locally via the Ollama API to generate malicious Lua scripts on the fly for filesystem enumeration, targeted data exfiltration and encryption. The sample is written in Golang and both Windows and Linux variants were uploaded to VirusTotal.

Cloudflare Introduces MCP Server Portals for Zero Trust

🔒 Cloudflare has launched MCP Server Portals in Open Beta to centralize and secure Model Context Protocol (MCP) connections between large language models and application backends. The Portals provide a single gateway where administrators register MCP servers and enforce identity-driven policies such as MFA, device posture checks, and geographic restrictions. They deliver unified visibility and logging, curated least-privilege user experiences, and simplified client configuration to reduce the risk of prompt injection, supply chain attacks, and data leakage.

Block Unsafe LLM Prompts with Firewall for AI at the Edge

🛡️ Cloudflare has integrated unsafe content moderation into Firewall for AI, using Llama Guard 3 to detect and block harmful prompts in real time at the network edge. The model-agnostic filter identifies categories including hate, violence, sexual content, criminal planning, and self-harm, and lets teams block or log flagged prompts without changing application code. Detection runs on Workers AI across Cloudflare's GPU fleet with a 2-second analysis cutoff, and logs record categories but not raw prompt text. The feature is available in beta to existing customers.

SASE Best Practices for Securing Generative AI Deployments

🔒 Cloudflare outlines practical steps to secure generative AI adoption using its SASE platform, combining SWG, CASB, Access, DLP, MCP controls and AI infrastructure. The post introduces new AI Security Posture Management (AI‑SPM) features — shadow AI reporting, provider confidence scoring, prompt protection, and API CASB integrations — to improve visibility, risk management, and data protection without blocking innovation. These controls are integrated into a single dashboard to simplify enforcement and protect internal and third‑party LLMs.

Cloudflare Application Confidence Scores for AI Safety

🔒 Cloudflare introduces Application Confidence Scores to help enterprises assess the safety and data protection posture of third-party SaaS and Gen AI applications. Scores, delivered as part of Cloudflare’s AI Security Posture Management, use a transparent, public rubric and automated crawlers combined with human review. Vendors can submit evidence for rescoring, and scores will be applied per account tier to reflect differing controls across plans.

MixShell Malware Targets U.S. Supply Chain via Contact Forms

⚠️ Cybersecurity researchers warn of a targeted social‑engineering campaign delivering an in‑memory implant called MixShell to supply‑chain manufacturers through corporate 'Contact Us' forms. The activity, tracked as ZipLine by Check Point, uses weeks of credible exchanges, fake NDAs and weaponized ZIPs containing LNK files that trigger PowerShell loaders. MixShell runs primarily in memory, uses DNS tunneling for C2 with HTTP fallback, and enables remote commands, file access, reverse proxying, persistence and lateral movement. Malicious archives are staged on abused Heroku subdomains, illustrating use of legitimate PaaS for tailored delivery.

ZipLine: Advanced Social Engineering Against U.S. Industry

🔒 ZipLine is a highly sophisticated social-engineering phishing campaign identified by Check Point Research that reverses the typical attack flow by initiating contact through corporate “Contact Us” forms. Attackers cultivate multi-week, professional email exchanges and often request NDAs before delivering a malicious ZIP containing the in-memory backdoor MixShell. MixShell maintains covert command-and-control via DNS tunneling with HTTP fallback and executes in memory to reduce forensic traces. The campaign primarily targets U.S. manufacturing and supply-chain–critical organizations and has evolved a second wave that uses an AI transformation pretext to increase legitimacy.

AI-Driven Endpoint Security: Key Findings from Gartner 2025

🔒 The Hacker News summarizes SentinelOne’s positioning after Gartner named it a Leader in the 2025 Magic Quadrant for Endpoint Protection Platforms for the fifth consecutive year. The piece spotlights the Singularity Platform as an AI-first solution—featuring an AI analyst and unified EDR, CNAPP, Hyperautomation, and AI SIEM—asserting FedRAMP High authorization and single-console control. Customer-reported outcomes cited include 63% faster detection, 55% reduced MTTR, and a reported 338% three-year ROI. Product capabilities emphasized include Purple AI natural-language threat hunting, one-click rollback, Storyline correlation, OCSF integration, and alignment with MITRE ATT&CK and NIST 800-207.

Palo Alto Networks Named Leader in IDC IR Services

🔒 Palo Alto Networks' Unit 42 has been named a Leader in the 2025 IDC MarketScape for Worldwide Incident Response Services. Published 2025-08-26 by Sam Rubin, the announcement highlights Unit 42's threat-informed, tech-driven methodology combining telemetry from over 70,000 customers, tracking of more than 200 threat groups, and 150+ intel partnerships. Deep integration with Palo Alto Networks platforms, notably Cortex, plus AI and automation, is credited with faster detection, containment, and reduced dwell time. Unit 42 emphasizes post-incident transformation mapped to MITRE ATT&CK and NIST to help organizations not only recover but emerge more resilient.