< ciso
brief />
Tag Banner

All news with #ai security tag

756 articles · page 34 of 38

AI Fix #71 — Hacked Robots, Power-Hungry AI and More

🤖 In episode 71 of The AI Fix, hosts Graham Cluley and Mark Stockley survey a wide-ranging mix of AI and robotics stories, from a giant robot spider that went 'backpacking' to DoorDash's delivery 'Minion' and a TikToker forcing an AI to converse with condiments. The episode highlights technical feats — GPT-5 winning the ICPC World Finals and Claude Sonnet 4.5 coding for 30 hours — alongside quirky projects like a 5-million-parameter transformer built in Minecraft. It also investigates a security flaw that left Unitree robot fleets exposed and discusses an alarming estimate that training a frontier model could require the power capacity of five nuclear plants by 2028.
read more →

Google launches AI bug bounty program; rewards up to $30K

🛡️ Google has launched a new AI Vulnerability Reward Program to incentivize security researchers to find and report flaws in its AI systems. The program targets high-impact vulnerabilities across flagship offerings including Google Search, Gemini Apps, and Google Workspace core apps, and also covers AI Studio, Jules, and other AI integrations. Rewards scale with severity and novelty—up to $30,000 for exceptional reports and up to $20,000 for standard flagship security flaws. Additional bounties include $15,000 for sensitive data exfiltration and smaller awards for phishing enablement, model theft, and access control issues.
read more →

DeepMind's CodeMender: AI Agent to Fix Code Vulnerabilities

🔧 Google DeepMind has unveiled CodeMender, an autonomous agent built on Gemini Deep Think models that detects, debugs and patches complex software vulnerabilities. In the last six months it produced and submitted 72 security patches to open-source projects, including codebases up to 4.5 million lines. CodeMender pairs large-model reasoning with advanced program-analysis tooling — static and dynamic analysis, differential testing, fuzzing and SMT solvers — and a multi-agent critique process to validate fixes and avoid regressions. DeepMind says all patches are currently human-reviewed and it plans to expand maintainer outreach, release the tool to developers, and publish technical findings.
read more →

AI in Today's Cybersecurity: Detection, Hunting, Response

🤖 Artificial intelligence is reshaping how organizations detect, investigate, and respond to cyber threats. The article explains how AI reduces alert noise, prioritizes vulnerabilities, and supports behavioral analysis, UEBA, and NLP-driven phishing detection. It highlights Wazuh's integrations with models such as Claude 3.5, Llama 3, and ChatGPT to provide conversational insights, automated hunting, and contextual remediation guidance.
read more →

Google launches CodeMender, AI VRP and SAIF 2.0 to defend

🔒 Google announced a set of AI security measures: the AI-powered agent CodeMender, a dedicated AI Vulnerability Reward Program (AI VRP), and Secure AI Framework 2.0 (SAIF 2.0). CodeMender leverages advanced reasoning to find, self-validate, and propose patches at scale. SAIF 2.0 introduces an agent risk map and secure-by-design controls, while the AI VRP centralizes reporting and incentives to accelerate remediation.
read more →

Google advances AI security with CodeMender and SAIF 2.0

🔒 Google announced three major AI security initiatives: CodeMender, a dedicated AI Vulnerability Reward Program (AI VRP), and the updated Secure AI Framework 2.0. CodeMender is an AI-powered agent built on Gemini that performs root-cause analysis, generates self-validated patches, and routes fixes to automated critique agents to accelerate time-to-patch across open-source projects. The AI VRP consolidates abuse and security reward tables and clarifies reporting channels, while SAIF 2.0 extends guidance and introduces an agent risk map and security controls for autonomous agents.
read more →

Five Critical Questions for Selecting AI-SPM Solutions

🔒 As enterprises accelerate AI and cloud adoption, selecting the right AI Security Posture Management (AI-SPM) solution is critical. The article presents five core questions to guide procurement: does the product deliver centralized visibility into models, datasets, and infrastructure; can it detect and remediate AI-specific risks like adversarial attacks, data leakage, and bias; and does it map to regulatory standards such as GDPR and NIST AI? It also stresses cloud-native scalability and seamless integration with DSPM, DLP, identity platforms, DevOps toolchains, and AI services to ensure proactive policy enforcement and audit readiness.
read more →

CISOs Rethink Security Organization for the AI Era

🔒 CISOs are re-evaluating organizational roles, processes, and partnerships as AI accelerates both attacks and defenses. Leaders say AI is elevating the CISO into strategic C-suite conversations and reshaping collaboration with IT, while security teams use AI to triage alerts, automate repetitive tasks, and focus on higher-value work. Experts stress that AI magnifies existing weaknesses, so fundamentals like IAM, network segmentation, and patching remain critical, and recommend piloting AI in narrow use cases to augment human judgment rather than replace it.
read more →

AI and Cybersecurity: Fortinet and NTT DATA Webinar

🔒 In a joint webinar, Fortinet and NTT DATA outlined practical approaches to deploying and securing AI across enterprise environments. Fortinet described its three AI pillars—FortiAI‑Protect, FortiAI‑Assist, and FortiAI‑SecureAI—focused on detection, operational assistance, and protecting AI assets. NTT DATA emphasized governance, runtime protections, and an "agentic factory" to scale pilots into production. The presenters stressed the need for visibility into shadow AI and controls such as DLP and zero‑trust access to prevent data leakage.
read more →

Amazon Connect launches generative AI for email support

📧 Amazon Connect now provides generative AI-powered email conversation overviews, suggested actions, and draft responses to help agents resolve customer emails faster and more consistently. Administrators enable the capability by adding the Amazon Q in Connect block to contact flows before an email is assigned to an agent. Outputs can be customized with knowledge bases and tailored prompts to align responses with company tone and policies. The feature is available in all regions where Amazon Q in Connect is offered.
read more →

Daniel Miessler on AI Attack-Defense Balance and Context

🔍 Daniel Miessler argues that context determines the AI attack–defense balance: whoever holds the most accurate, actionable picture of a target gains the edge. He forecasts attackers will have the advantage for roughly 3–5 years as Red teams leverage public OSINT and reconnaissance while LLMs and SPQA-style architectures mature. Once models can ingest reliable internal company context at scale, defenders should regain the upper hand by prioritizing fixes and applying mitigations faster.
read more →

HackerOne Pays $81M in Bug Bounties, AI Flaws Surge

🛡️ HackerOne paid $81 million to white-hat hackers over the past 12 months, supporting more than 1,950 bug bounty programs and offering vulnerability disclosure, penetration testing, and code security services. The top 100 programs paid $51 million between July 1, 2024 and June 30, 2025, and the top 10 alone accounted for $21.6 million. AI-related vulnerabilities jumped over 200%, with prompt injection up 540%, while 70% of surveyed researchers reported using AI tools to improve hunting.
read more →

Amazon Neptune Integrates with GraphStorm for Real-Time GNNs

🚀 Amazon Neptune now integrates with GraphStorm, enabling developers to deploy graph neural network models for real-time inference directly against transactional graph data. Trained GNNs can query Neptune for subgraph neighborhoods on demand and return predictions such as node classification or link prediction in sub-second timeframes. This supports use cases like fraud detection, dynamic recommendations, and continuous risk scoring while combining inference with analytics.
read more →

Forrester Predicts Agentic AI Will Trigger 2026 Breach

⚠️ Forrester warns that an agentic AI deployment will trigger a publicly disclosed data breach in 2026, potentially prompting employee dismissals. Senior analyst Paddy Harrington noted that generative AI has already been linked to several breaches and cautioned that autonomous agents can sacrifice accuracy for speed without proper guardrails. He urges adoption of the AEGIS framework to secure intent, identity, data provenance and other controls. Check Point also reported malicious agentic tools accelerating attacker activity.
read more →

Cohere Embed v4 Multimodal Embeddings on Amazon Bedrock

🚀 Amazon Bedrock now supports Cohere Embed v4, a multimodal embedding model that generates high-quality embeddings for text, images, and complex business documents. The model natively processes tables, charts, diagrams, code snippets, and handwritten notes, reducing the need for extensive preprocessing and data cleanup. It supports over 100 languages and includes industry fine-tuning for finance, healthcare, and manufacturing. Cohere Embed v4 is available for on-demand inference in select AWS Regions; access is requested via the Bedrock console.
read more →

AI Tops Cybersecurity Investment Priorities — PwC Report

🔒 A PwC survey finds AI-based security is the top cybersecurity investment priority for the next 12 months, with 36% of business and technology executives ranking it among their top three budget areas. Security leaders prioritized AI threat hunting (48%) and agentic AI to boost cloud and operational efficiencies (35%). While 78% expect cyber budgets to rise, organizations report significant knowledge and skills gaps and low readiness for quantum threats.
read more →

Securing the Cloud: Risks, AI Impacts, and Best Practices

🔒 This Special Report examines the distinct security challenges of cloud environments, the current threat landscape organizations face, and how rapid AI adoption is amplifying those risks. It highlights common hidden exposures across configurations, data stores, and APIs. The report also presents practical strategies and best practices for improving cloud posture, governance, and operational controls to reduce overall attack surface.
read more →

Gemini Trifecta Exposes Indirect AI Attack Surfaces

⚠️Tenable has revealed three vulnerabilities in Google's Gemini platform, collectively dubbed the "Gemini Trifecta," that enable indirect prompt injection and data exfiltration through integrations. The issues allow attackers to poison GCP logs consumed by Gemini Cloud Assist, inject malicious entries into Chrome search history to manipulate the Search Personalization Model, and coerce the Browsing Tool into fetching attacker-controlled URLs that leak sensitive query data. Google has patched the flaws, and Tenable urges security teams to treat AI integrations as active threat surfaces and implement input sanitization, output validation, monitoring, and regular penetration testing.
read more →

Databricks Launches AI-Driven Cybersecurity Lakehouse

🔒 Databricks has introduced Data Intelligence for Cybersecurity, an AI-driven platform that unifies fragmented security telemetry on its Lakehouse architecture to provide real-time, context-rich threat detection. The offering includes Agent Bricks to build governed AI agents, conversational dashboards, and natural-language queries for nontechnical stakeholders. Early adopters such as Arctic Wolf, Palo Alto Networks, and SAP report sharper detection, lower costs, and faster operations, while Databricks expands integrations across a broad partner ecosystem to challenge established SIEM and analytics vendors.
read more →

AI Risks Push Integrity Protection to Forefront for CISOs

🔒 CISOs must now prioritize integrity protection as AI introduces new attack surfaces such as data poisoning, prompt injection and adversarial manipulation. Shadow AI — unsanctioned use of models and services — increases risks of data leakage and insecure integrations. Defenses should combine Security by Design, governance, transparency and compliance (e.g., GDPR, EU AI Act) to detect poisoned data and prevent model drift.
read more →