< ciso
brief />
Tag Banner

All news with #ai security tag

757 articles · page 33 of 38

Google's 2025 Cybersecurity Initiative: New Protections

🔒 Google is expanding protections during Cybersecurity Awareness Month 2025 with new features and guidance to counter scams and AI-driven threats. The company outlines a cohesive strategy for securing the AI ecosystem and introduces six new anti-scam measures to help users stay safe. It also launches Recovery Contacts to simplify account recovery and debuts CodeMender, an AI agent that automates code security. Additional updates support safer learning through responsible tools and partnerships.
read more →

Generative AI and Agentic Threats in Phishing Defense

🔒 Generative AI and agentic systems are transforming phishing and smishing into precise, multilingual, and adaptive threats. What were once rudimentary scams now leverage large language models, voice cloning, and autonomous agents to craft personalized attacks at scale. For CISOs and security teams this represents a strategic inflection point that demands updated detection, user education, and cross-functional incident response.
read more →

Preparing for AI, Quantum and Other Emerging Risks

🔐 Cybersecurity must evolve to meet rapid advances in agentic AI, quantum computing, low-code platforms and proliferating IoT endpoints. The author argues organizations should move from static defenses to adaptive, platform-based security that uses automation, continuous monitoring and AI-native protection to match attackers' speed. He urges early planning for post-quantum cryptography and closer collaboration with partners so security enables — rather than hinders — innovation.
read more →

Identity Security: Your First and Last Line of Defense

⚠️ Enterprises now face a reality where autonomous AI agents run with system privileges, executing code and accessing sensitive data without human oversight. Fewer than 4 in 10 AI agents are governed by identity security policies, creating serious visibility and control gaps. Mature identity programs that use AI-driven identity controls and real-time data sync deliver stronger ROI, reduced risk, and operational efficiency. CISOs must move IAM from compliance checkbox to strategic enabler.
read more →

CISOs Brace for an Escalating AI-versus-AI Cyber Fight

🔐AI-enabled attacks are rapidly shifting the threat landscape, with cybercriminals using deepfakes, automated phishing, and AI-generated malware to scale operations. According to Foundry's 2025 Security Priorities Study and CSO reporting, autonomous agents can execute full attack chains at machine speed, forcing defenders to adopt AI as a copilot backed by rigorous human oversight. Organizations are prioritizing human risk, verification protocols, and training to counter increasingly convincing AI-driven social engineering.
read more →

Architectures, Risks, and Adoption of AI-SOC Platforms

🔍 This article frames the shift from legacy SOCs to AI-SOC platforms, arguing leaders must evaluate impact, transparency, and integration rather than pursue AI for its own sake. It outlines four architectural dimensions—functional domain, implementation model, integration architecture, and deployment—and prescribes a phased adoption path with concrete vendor questions. The piece flags key risks including explainability gaps, data residency, vendor lock-in, model drift, and cost surprises, and highlights mitigation through governance, human-in-the-loop controls, and measurable POCs.
read more →

Encoding-Based Attack Protection with Bedrock Guardrails

🔒 Amazon Bedrock Guardrails offers configurable, cross-model safeguards to protect generative AI applications from encoding-based attacks that attempt to hide harmful content using encodings such as Base64, hexadecimal, ROT13, and Morse code. It implements a layered defense—output-focused filtering, prompt-attack detection, and customizable denied topics—so legitimate encoded inputs are allowed while attempts to request or generate encoded harmful outputs are blocked. The design emphasizes usability and performance by avoiding exhaustive input decoding and relying on post-generation evaluation.
read more →

58% of CISOs Boost AI Security Budgets in 2025 Nationwide

🔒 Foundry’s 2025 Security Priorities Study finds 58% of organizations plan to increase spending on AI-enabled security tools next year, with 93% already using or researching AI for security. Security leaders report agentic and generative AI handling tier-one SOC tasks such as alert triage, log correlation, and first-line containment. Executives stress the need for governance—audit trails, human-in-the-loop oversight, and model transparency—to manage risk while scaling defenses.
read more →

MCPTotal Launches Platform to Secure Enterprise MCPs

🔒 MCPTotal today launched a comprehensive platform designed to help organizations adopt and secure Model Context Protocol (MCP) servers with centralized hosting, authentication and credential vaulting. Its hub-and-gateway architecture functions as an AI-native firewall to monitor MCP traffic, enforce policies in real time, and provide a vetted catalog of hundreds of secure MCP servers. Employees can safely connect models to business systems like Slack and Gmail while security teams gain visibility, guardrails, auditing and multi-environment coverage to reduce supply chain, prompt-injection, rogue-server and data-exfiltration risks.
read more →

Vertex AI Context Caching: Reduce Cost and Latency

⚡ Vertex AI context caching saves and reuses precomputed input tokens so developers avoid repeatedly sending and recomputing long contextual content, reducing latency and cost for large-context AI applications. It provides implicit caching — automatic, default, short-lived KV caches (deleted within 24 hours) integrated with Provisioned Throughput — and explicit CachedContent objects that are paid once and then reused at a deep discount with optional CMEK protection. Caches support multimodal inputs and very large context windows.
read more →

13 Cybersecurity Myths Organizations Must Stop Believing

🛡️ This article debunks 13 persistent cybersecurity myths that no longer hold up against rapidly evolving threats such as AI-generated deepfakes and accelerating digitalization. Experts contend that AI augments rather than replaces human analysts, because human context and judgment remain essential. They warn that identity verification, MFA, and buying more tools or people are insufficient without mature operations, automated certificate management, and a defense-in-depth posture tuned for modern attacker behaviors.
read more →

Microsoft launches ExCyTIn-Bench to benchmark AI security

🛡️ Microsoft released ExCyTIn-Bench, an open-source benchmarking tool to evaluate how well AI systems perform realistic cybersecurity investigations. It simulates a multistage Azure SOC using 57 Microsoft Sentinel log tables and measures multistep reasoning, tool usage, and evidence synthesis. The benchmark offers fine-grained, actionable metrics for CISOs, product owners, and researchers.
read more →

AI-Enhanced Reconnaissance: Risks for Web Applications

🛡️ Alex Spivakovsky (VP of Research & Cybersecurity at Pentera) argues that AI is accelerating reconnaissance by extracting actionable insight from external-facing artifacts—site content, JavaScript, error messages, APIs, and public repos. AI enhances credential guessing, context-aware fuzzing, and payload adaptation while reducing false positives by evaluating surrounding context. Defenders must treat exposure as what can be inferred, not just what is directly reachable.
read more →

Google Launches AI Vulnerability Reward Program for AI

🔒 Google has launched an AI Vulnerability Reward Program (AI VRP) offering base rewards up to $20,000 and up to $30,000 with multipliers for validated AI-product bugs. The program moves AI-related reports from the Abuse VRP into a dedicated stream to simplify submissions and unify reward assessment. In-scope products include Search, Gemini apps and Workspace, and qualifying issues cover data exfiltration, phishing enablement and model theft. Content-focused prompt injections and jailbreaks remain out of scope and should be reported via in-product tools.
read more →

Autonomous AI Hacking and the Future of Cybersecurity

⚠️AI agents are now autonomously conducting cyberattacks, chaining reconnaissance, exploitation, persistence, and data theft at machine speed and scale. In 2025 public demonstrations—from XBOW’s mass submissions on HackerOne in June, to DARPA teams and Google’s Big Sleep in August—along with operational reports from Ukraine’s CERT and vendors, show these systems rapidly find and weaponize new flaws. Criminals have operationalized LLM-driven malware and ransomware, while tools like HexStrike‑AI, Deepseek, and Villager make automated attack chains broadly available. Defenders can also leverage AI to accelerate vulnerability research and operationalize VulnOps, continuous discovery/continuous repair, and self‑healing networks, but doing so raises serious questions about patch correctness, liability, compatibility, and vendor relationships.
read more →

The AI SOC Stack of 2026: What Separates Top Platforms

🤖 As organizations scale and threats increase in sophistication and velocity, SOCs are integrating AI to augment detection, investigation, and response. The market ranges from prompt-dependent copilots to autonomous, mesh agentic systems that coordinate specialized AI agents across triage, correlation, and remediation. Leading solutions prioritize contextual intelligence, non-disruptive integration, staged trust, and measurable ROI rather than promising hands-off autonomy.
read more →

Indirect Prompt Injection Poisons Agents' Long-Term Memory

⚠️This Unit 42 proof-of-concept shows how an attacker can use indirect prompt injection to silently poison an AI agent’s long-term memory, demonstrated against a travel assistant built on Amazon Bedrock. The attack manipulates the agent’s session summarization process so malicious instructions become stored memory and persist across sessions. When the compromised memory is later injected into orchestration prompts, the agent can be coerced into unauthorized actions such as stealthy exfiltration. Unit 42 outlines layered mitigations including pre-processing prompts, Bedrock Guardrails, content filtering, URL allowlisting, and logging to reduce risk.
read more →

Researchers Identify Architectural Flaws in AI Browsers

🔒 A new SquareX Labs report warns that integrating AI assistants into browsers—exemplified by Perplexity’s Comet—introduces architectural security gaps that can enable phishing, prompt injection, malicious downloads and misuse of trusted apps. The researchers flag risks from autonomous agent behavior and limited visibility in SASE and EDR tools. They recommend agentic identity, in-browser DLP, client-side file scanning and extension risk assessments, and urge collaboration among browser vendors, enterprises and security vendors to build protections into these platforms.
read more →

AI-Powered Cyberattacks Escalate Against Ukraine in 2025

🔍 Ukraine's SSSCIP reported a sharp rise in AI-enabled cyber operations in H1 2025, documenting 3,018 incidents versus 2,575 in H2 2024. Analysts found evidence that attackers used AI not only to craft phishing lures but also to generate malware samples, including a PowerShell stealer identified as WRECKSTEEL. Multiple UAC clusters—such as UAC-0219, UAC-0218, and UAC-0226—deployed stealers and backdoors via booby-trapped archives, SVG attachments, and ClickFix-style tactics. The report also details zero-click exploitation of Roundcube and Zimbra flaws and widespread abuse of legitimate cloud and collaboration services for hosting and data exfiltration.
read more →

Google DeepMind's CodeMender Automatically Patches Code

🛠️ Google’s DeepMind unveiled CodeMender, an AI agent that automatically detects, patches, and rewrites vulnerable code to remediate existing flaws and prevent future classes of vulnerabilities. Backed by Gemini Deep Think models and an LLM-based critique tool, it validates changes to reduce regressions and self-correct as needed. DeepMind says it has upstreamed 72 fixes to open-source projects so far and will engage maintainers for feedback to improve adoption and trust.
read more →