< ciso
brief />
Tag Banner

All news with #ai security tag

756 articles · page 7 of 38

Google’s Network Strategy for the AI Era

📡 Google details how its global network and new data center fabrics are being redesigned for AI workloads, describing a vertically integrated stack anchored by an AI Hypercomputer. The post highlights Virgo Network, campus-scale and WAN innovations, and AI-native Cloud Interconnect to meet extreme bandwidth, low latency, and burst tolerance requirements. It emphasizes co-design with accelerators, autonomous reliability features, and global footprint benefits for inference and cross-site training.
read more →

Check Point Frontier AI Readiness Jumbo Release

🛡️ This update describes Check Point’s Frontier AI Models Readiness Program and the resulting Jumbo Security Release. It outlines an AI-driven, multi-repository code-scanning initiative called BLAST that provides contextual, architecture-aware analysis to find exploitable vulnerabilities. The release includes dozens of hardening improvements and targeted fixes for multiple CVEs, and customers are urged to update to benefit from the protections.
read more →

2026 Cloud Security Report: Closing the AI Gap

🔒 The 2026 Cloud Security Report finds AI adoption has surged into production, but security architectures are lagging. While many organizations have updated strategies, few possess the architectural capability to enforce them, leaving AI systems and data exposed. The report calls for unified hybrid security architectures delivering consistent visibility, policy enforcement, and runtime controls across cloud, SaaS, and on-premises environments.
read more →

CERT-In mandates rapid patching to curb AI-enabled threats

🔒 CERT-In has issued a 38‑page blueprint urging organisations to remediate known exploited, internet‑facing critical vulnerabilities within 12 hours where feasible to counter AI‑assisted automation of vulnerability discovery and exploitation. The guidance emphasizes continuous, risk‑based vulnerability and patch management, Zero Trust, defence‑in‑depth, supply chain scrutiny, and secure‑by‑design practices. It also prescribes tiered remediation timeframes for critical and high‑severity flaws and recommends temporary mitigations when patches are unavailable.
read more →

Anthropic's Mythos model edging toward public release

🛡️ Anthropic appears to be preparing a public rollout of its restricted Mythos model, which the company warned poses major security risks by automating high-quality cyberattacks. Announced in April as an advanced frontier model, Mythos showed dramatic improvements in code reasoning and autonomy compared to Opus 4.7. References briefly appeared in Claude Code and Claude Security, suggesting a controlled preview, while Anthropic builds guardrails and works with partners through its Glasswing initiative.
read more →

Shift AI Security from Models to System-Level Controls

🛡️ Researchers argue enterprises must stop treating AI agents as trusted components and instead secure them as untrusted systems. The paper, authored by teams from Google, UC San Diego, UW–Madison and others, distills five systems-security principles—least privilege, tamper resistance, complete mediation, secure information flow, and human risk—and maps eleven real-world agent attacks to these violations. They caution that stacking ML guardrails is insufficient and propose research directions for separating instructions from data, verifiable least-privilege policies, and information-flow controls.
read more →

FBI Warns of Kali365 Phishing-as-a-Service Threat

🛡️ The FBI has identified a new phishing-as-a-service platform called Kali365, first seen in April 2026, that is being distributed primarily via Telegram. The service furnishes AI-generated lures, automated templates and real-time tracking dashboards to enable attackers — including low-skill actors — to capture OAuth tokens and bypass MFA for Microsoft 365 accounts. Victims are tricked into pasting device codes into the legitimate Microsoft verification page, unintentionally authorizing attacker devices and granting persistent access to services such as Outlook, Teams and OneDrive. The FBI recommends restricting or blocking device code flow, implementing conditional access policies, blocking authentication transfer and protecting emergency access accounts.
read more →

AI-Enabled Attacks Shift from Labs to Live Threats

🛡️ Check Point Research’s March–April 2026 Threat Landscape Digest documents that AI-powered attacks have moved from experimental and state-sponsored exercises into routine criminal deployment. The report details a campaign in Mexico where a single operator used commercial AI to compromise nine government agencies, leveraging persistent jailbreaks, weaponized agent configuration files, and commodified attack platforms like EvilTokens. It warns that stolen AI provider keys, rapid exploit timelines, and shadow AI use create urgent operational and supply-chain risks for organizations.
read more →

Why AI Security Strategies Fail at the OT Edge

🔧 Industrial AI initiatives collide with legacy OT realities: an AI-ready control room can still depend on an unpatched Windows 7 maintenance laptop that alone communicates with protection relays. The author reports pervasive visibility gaps across utilities and plants, noting fewer than 10% of OT networks have meaningful monitoring. AI trained on IT telemetry misclassifies normal industrial traffic and automated responses risk shutting down production; passive monitoring of Level 0–2 protocols and a focus on crown-jewel processes are essential before layering AI.
read more →

Microsoft Security updates and new capabilities — May 2026

🔒 Microsoft announced a set of security enhancements designed to protect agents, data, and identities as organizations scale AI. Highlights include the general availability of Microsoft Purview DSPM, expanded investigation capabilities with OCR and custom examinations, and a new Entra ID Account recovery flow for restoring organizational access. Public preview of Windows 365 for Agents and integration with Microsoft Agent 365 aim to govern and secure agent workloads in managed Cloud PCs.
read more →

Three-Quarters Admit Shipping Vulnerable Code

🛡️ New studies reveal that 75% of organizations often or sometimes deploy code they know is vulnerable, down from 81% last year but still alarmingly high. Checkmarx warns that AI-augmented attackers are dramatically shortening time-to-exploit, while Verizon’s DBIR links increased initial access to vulnerability exploitation aided by AI. A QBE survey found UK firms are worried about suppliers' AI use, yet few audit third-party AI or maintain formal AI governance.
read more →

AI Becomes SOC Imperative to Counter Emerging Threats

🛡️ Security professionals at DTX argued that integrating AI into SOCs is now essential to counter autonomous attacker tooling and AI-accelerated threats. Panelists stressed sustaining core cyberdefence fundamentals—system hardening, patching, access control and monitoring—before deploying AI, and preserving human oversight to manage model risk. They noted role shifts toward validation, prompt engineering and GRC, and urged rigorous testing and SDLC-like deployment controls.
read more →

Measuring AI Security: Limits of Benchmarks and Assurance

🔒 AI security cannot be reduced to a single benchmark. Over the past 30 years software security evolved from black‑box penetration testing to white‑box analysis and process-driven standards such as BSIMM, and the report argues that AI requires a similar assurance-first approach. Benchmarks fail to capture emergent, systemic properties, so organizations should clean up their WHAT piles, adopt risk-based processes, and accept that there is no simple security meter for AI.
read more →

AI-Driven Scanning Raises Vulnerability Expectations

🔍 ENISA chief Hans de Vries told ESET World that AI-powered vulnerability scanners mean firms can no longer claim ignorance of software bugs. He warned that the Cyber Resilience Act and emerging AI tools require security by design and that failure to use AI coherently risks exploitation and litigation. The NCSC also expects AI to expose poorly coded systems while vendors adopt AI to remove flaws.
read more →

AI Attack Capability Rising Faster Than Expected Per UK Tests

🔍 New benchmarks from the UK’s AI Security Institute (AISI) show leading AI models rapidly improving at multi-stage penetration testing, with the difficulty of tasks solvable by models doubling every 4.7 months as of early 2026. The tests measure the longest task an AI can complete with 80% success relative to human work-hours, emphasizing autonomous chaining of steps rather than raw speed. While there are caveats — token limits and inconsistent model performance — the findings highlight growing offensive and defensive implications for enterprise security.
read more →

UK Regulators Warn Financial Firms on Frontier AI Risks

⚠️ On May 15 the UK government, the Financial Conduct Authority and the Bank of England issued a joint warning about cybersecurity threats from frontier AI. They noted models can outperform skilled practitioners at greater speed, scale and lower cost, amplifying risks to firms, customers and financial stability. The statement urges firms to strengthen governance, vulnerability management, third-party controls, protection and response capabilities and points to NCSC resources and prior resilience guidance.
read more →

AWS AI Security Framework: Controls by Layer and Phase

🔒 The AWS AI Security Framework presents a structured model that helps security and business leaders align the right controls to the right use case, at the right layer, and at the right phase so AI can move from prototype to production securely. Its core principle is that you build AI on top of security, not add security later. The post maps controls across three layers—infrastructure, identity and data, and AI application—and across four use cases from answering to agentic and physical AI. It highlights Amazon Bedrock and AgentCore as pillars that decouple model choice from security infrastructure.
read more →

Preparing for an Imminent Surge in Software Patching

🔧 Cisco Talos argues that rapid advances in AI-driven code analysis will soon expose decades of latent software defects, triggering a likely surge in vulnerability disclosures and urgent patches. While AI can augment human reviewers by scanning code at scale, threat actors will also use these tools to find exploits. Organizations should reassess patch prioritization, scale deployment processes, and plan for systems that cannot be quickly patched. Talos recommends zero trust, centralized logging, PowerShell script block logging, and updated incident response playbooks.
read more →

Threatsday Bulletin: PAN-OS RCE, AI Risks, Supply-Chain

🔥 Palo Alto released fixes for CVE-2026-0300, a critical PAN-OS buffer-overflow exploited in the wild to drop payloads like EarthWorm and ReverseSocks5. The bulletin also highlights new and recurring threats including zero-auth API data leaks at an AI training vendor, an FCC extension for router updates, supply-chain contests, and sophisticated phishing campaigns. Several incidents employ weaponized attachments, tokenizer tampering in AI models, and open-source tools to achieve stealthy remote access and long-term persistence.
read more →

Defense in Depth for Autonomous AI Agents

🛡️ Microsoft Security explains how rising agentic autonomy reorients security from models to how agents are assembled, constrained, and governed inside applications. The post identifies amplified risks—agent hijacking, intent breaking, data leakage, supply chain compromise—and shows why the application layer is decisive because builders fully control permissions, tool access, and failure handling. It recommends concrete design patterns: agents as microservices, least permissions, deterministic human-in-the-loop, and distinct agent identity to limit blast radius and preserve auditability.
read more →