< ciso
brief />
Tag Banner

All news with #ai security tag

756 articles · page 6 of 38

Encryption Limits and AI’s Impact on Cybersecurity

🔒 Bruce Schneier reflects on his 2010 Dark Reading essay arguing that while cryptography provides strong mathematical advantages, it cannot by itself secure modern, interconnected systems. He traces how crypto has been applied since the 1990s and explains that computer security is an ongoing arms race of fragile defenses. Schneier warns that AI changes the landscape by automating vulnerability discovery and exploit creation, shifting the balance between attackers and defenders.
read more →

AI-assisted toolkit used to evade EDR defenses

🔍 Sophos X-Ops uncovered a lab where a threat actor used AI coding tools to develop and test malware aimed at evading EDR products. The files and Git repository showed Python scripts—many partially AI-generated—used to build and iterate evasion modules against vendors including Sophos, CrowdStrike and Microsoft. Humans retained control of the workflow, using AI to accelerate building, testing and refinement while operating inside an AI-native environment.
read more →

UK Firms Prioritise AI Threats and Preparedness

🔍 New research from ManageEngine reveals UK IT and business leaders view AI-powered cyber-attacks as their top risk over the next 12 months, with 43% identifying it as the single biggest threat. The survey of 1,500 decision-makers across five European markets shows 41% of UK respondents plan to prioritise spending on tackling AI and advanced threats. Despite strong detection rates, UK organisations report increasing incidents, skills gaps and recovery challenges, alongside rising investment in resilience and governance.
read more →

Responsible Vulnerability Disclosure in the AI Era

🛡️ Responsible Disclosure in the Age of AI argues that frontier AI systems now autonomously discover software vulnerabilities at unprecedented speed and scale, exposing long-standing technical debt in the software industry. The piece traces the evolution of assurance practices and disclosure frameworks and highlights growing tension between offensive and defensive cyber equities, particularly in the U.S. and China. It calls for coordinated national and international efforts to accelerate remediation, patch management, and investment in automated repair capabilities to close the narrowing window before adversaries exploit these advances.
read more →

AWS PCS launches PCS‑ready Deep Learning AMI

🔧 AWS Parallel Computing Service (AWS PCS) now offers a PCS‑ready Deep Learning AMI, an AWS‑maintained Amazon Machine Image based on the Deep Learning Base GPU AMI (Ubuntu 24.04). It provides a production‑quality foundation for AI/ML training and HPC with preinstalled, compatibility‑tested infrastructure components such as NVIDIA drivers, CUDA, EFA, Lustre client, PCS Agent, Slurm for PCS, and EFS utilities. Multiple Slurm versions are supported and activate automatically based on cluster configuration, and AWS will regularly update the AMIs for security patches and driver updates. The AMI is available at no additional cost for x86_64 and arm64 in all Regions where AWS PCS is offered.
read more →

AlloyDB Remote MCP Server Now Generally Available

🛡️ The Remote Model Context Protocol (MCP) Server for AlloyDB is now generally available, providing a secure HTTP endpoint that lets AI agents access real-time operational data. This fully managed service simplifies production deployments by centralizing discovery, offering fine-grained IAM-based authorization, audit logging, and integration with Model Armor for prompt and response protection. Developers can join AlloyDB operational data with analytics in BigQuery and use built-in AI functions for low-latency agentic experiences.
read more →

AI Won’t Replace SOCs, It Will Reshape Analyst Roles

🛡️ Vendors at Infosecurity Europe 2026 agree that AI will not eliminate security operations centers but will automate repetitive triage and ticketing. Experts urge treating AI as a glass box, ensuring transparency and human-in-the-loop validation. The shift accelerates junior analysts into supervisory tier-1.5 roles and creates demand for cyber defense engineers who build and tune detection systems.
read more →

OWASP launches Agentic Research Council for AI risks

🧭 At Infosecurity Europe 2026, OWASP will unveil the Agentic Research Council to better align fast‑moving agentic AI capabilities with security research and operational practice. Launched from the GenAI Security Project’s Agentic Security Initiative, the council will prioritize a public research pipeline, convene working groups and connect academic outputs to deployable mitigations. The initiative aims to accelerate runtime‑focused defenses against multi‑agent threats.
read more →

The Great Messaging Heist: Organized Scam Ecosystem

📩 Kaspersky examines how everyday messaging channels like SMS, WhatsApp, and email are being exploited by organized scam cartels that use speed, familiarity, and AI to trick victims. The research shows average losses of $733 per victim, rapid attack timelines often under 30 minutes, and widespread emotional damage eroding trust in digital communications. The post highlights common schemes, platform distribution, and recommendations to protect yourself.
read more →

Six critical security gaps every CISO must address

🔒 CISOs admit many organizations remain underprotected, with surveys showing gaps in data protection, incident preparedness, and resourcing. As adversaries adopt automation and AI, security programs must close six core gaps: perception, speed versus attackers, business‑security alignment, skills, AI security, and legacy systems. Experts urge CISOs to shift toward resilience, accelerate operations with automation and CTEM, and invest in workforce and governance.
read more →

Check Point and NVIDIA Secure AI Factory Infrastructure

🔒 At GTC Taipei during COMPUTEX 2026, NVIDIA highlighted its Vera BlueField-4 STX and DOCA innovations designed to secure enterprise AI infrastructure. Modern AI factories combine high-performance compute, distributed storage, Kubernetes, APIs, GPU farms, and sensitive data, creating new security needs. Check Point integrates its AI Factory Firewall with NVIDIA BlueField and DOCA to provide visibility, segmentation, runtime protections, and infrastructure-level policy enforcement across distributed AI environments.
read more →

Building an AI-Ready Security Program for Public Sector

🛡️ This Cloud CISO Perspectives post by Usman Chaudhary, Field CISO for Google Public Sector, outlines a pragmatic roadmap for public-sector CISOs to adopt AI-driven security. It emphasizes immediate quick wins in the first 90 days, tactical actions within six months, and strategic initiatives for months six to 12, combining internal automation, commercial AI capabilities, and vendor solutions like Gemini for Government. The guidance targets threat triage, talent augmentation, posture elevation, and governance to reduce toil and accelerate proactive defense.
read more →

Monthly security roundup: May 2026 highlights

🎥 ESET Chief Security Evangelist Tony Anscombe reviews major cybersecurity stories from May 2026, focusing on industrial control system intrusions, an AI-directed data theft, a Google-reported AI-developed zero-day, and crypto kiosk scams. He outlines attack vectors such as weak passwords and internet-exposed systems, notes the partial failure of an IT-to-OT escalation, and previews mitigation advice for defenders. Watch Tony’s video for practical recommendations and refer to the April edition for additional context.
read more →

AWS announces next-generation OpenSearch Serverless GA

🚀 The next generation of Amazon OpenSearch Serverless is now generally available, offering a fully managed search and vector engine optimized for agentic workflows. It auto-scales up to 20x faster and provisions resources in seconds, supports scale-to-zero and pay-per-usage pricing, and can reduce costs by up to 60% versus provisioning clusters for peak loads. New features include a shared storage layer that decouples compute and storage, two resource-based endpoints for simplified network connectivity, and native integrations with AI development platforms and OpenSearch Agent Skills.
read more →

CERT-In urges tighter remediation timelines amid AI risks

🔒 India’s cybersecurity agency, CERT-In, has issued a framework urging organizations to patch, mitigate, or isolate known exploited internet-facing “crown jewel” systems within 12 hours where feasible, citing AI-assisted attacks that compress exploitation timelines. The 38-page blueprint prescribes tiered remediation windows—one day for externally exposed critical flaws, three days for critical internal issues, and five days for high-severity vulnerabilities—while emphasizing temporary mitigations and continuous exposure management over periodic assessments.
read more →

Industrialized exploitation and defenders’ response

🔎 Adversarial AI has transformed targeted attacks into high-speed, automated campaigns that no longer require elite technical operators. Existing security architectures—fragmented, tool-heavy, and visibility-poor—fail to show defenders the chained attack paths attackers can exploit. The author argues for shifting from vulnerability counting to Exposure Management, prioritizing remediation by real exploitability and mapping environments as attacker-seen networks. Defenders retain an advantage if they synthesize cross-boundary telemetry and continuously assess validated attack paths to critical assets.
read more →

Data-Only Extortion Rising in the Cyber Threat Economy

🔍 This Unit 42 report examines the growing shift from ransomware encryption to data-theft and extortion-only attacks, profiling threat actors, techniques, and sectors most affected. It highlights drivers such as improved backups, faster exfiltration, and regulatory pressures that make disclosure risk financially coercive. The briefing also warns of AI-accelerated attacks and offers prioritized defensive recommendations for DLP, SaaS posture, identity resilience, supply chain integrity, and AI preparedness.
read more →

Google launches AI Threat Defense for enterprises

🔒 Google announces AI Threat Defense, an integrated, automated security system that uses Gemini, Mandiant, Wiz, and CodeMender to detect, prioritize, and remediate AI-powered threats. The platform combines multi-model scanning, live exposure mapping, and AI agents to validate exploitability, generate fixes, and accelerate remediation. It emphasizes machine-speed monitoring, autonomous response, and consolidated visibility across development and runtime environments to reduce attack surface and speed patching.
read more →

The quiet emergence of AI cyber doctrine

🛡️ Recent developments show AI moving from automation to autonomous cyber operations, shifting how offense and defense interact. The Anthropic Mythos Preview and related incidents illustrate models discovering and chaining vulnerabilities with limited human direction, prompting coordinated defensive responses from major vendors. Policy and procurement are adapting, and security leaders must treat AI agents as principals, invest in adaptive defenses, and reframe risk models for continuous compromise.
read more →

Microsoft warns of AI‑assisted cryptojacking campaign

🛡️ Microsoft warns of an active cryptojacking campaign that leverages AI chatbot interactions to surface malicious download sites. The attacks impersonate legitimate utilities and target high-performance GPU systems, using ZIP archives with sideloaded rogue DLLs to install ScreenConnect and deliver GPU miners. The campaign establishes persistent remote access, configures Defender exclusions, and supports multiple miners while evading analysis tools.
read more →