< ciso
brief />
Tag Banner

All news with #ai security tag

757 articles · page 8 of 38

Defense in Depth for Autonomous AI Agents

🛡️ Microsoft Security explains how rising agentic autonomy reorients security from models to how agents are assembled, constrained, and governed inside applications. The post identifies amplified risks—agent hijacking, intent breaking, data leakage, supply chain compromise—and shows why the application layer is decisive because builders fully control permissions, tool access, and failure handling. It recommends concrete design patterns: agents as microservices, least permissions, deterministic human-in-the-loop, and distinct agent identity to limit blast radius and preserve auditability.
read more →

Most Organizations Deploy AI Agents Despite Identity Risks

🔒 Semperis finds that 93% of global organizations use or plan to use AI agents for security tasks such as password resets and VPN access, while 92% report AI on endpoints with SSH and encryption key access. The survey of 1,100 organizations warns of over‑permissioned and abandoned 'zombie' non‑human identities that increase hijack risk. Semperis recommends treating agents as NHIs, enforcing least‑privilege, and improving observability and recovery readiness.
read more →

ICO issues five-step guidance on AI-driven cyber risk

🔐 The ICO has published a five-step guide urging organisations to prepare for AI-enhanced cyber threats, including deepfake social engineering, adaptive malware and automated exploitation. It points readers to the NCSC's updated Cyber Assessment Framework and expects baseline adoption of Cyber Essentials and the UK Cyber Governance Code. The guidance emphasises robust patching, MFA, least‑privilege, supply‑chain vetting, DPIAs for high‑risk AI and human oversight of AI-enabled defences.
read more →

Fired Employee Used AI to Hide Deletion of Federal Data

🔒 Two former hosting-company employees allegedly deleted dozens of customer and federal databases after being fired; one brother was convicted on computer-fraud and related charges. Investigators say one used a public AI chatbot to ask how to clear SQL and Windows logs, aiding evidence destruction. Experts warn this underscores failures in off-boarding and privileged access controls and call for stronger AI guardrails and real-time revocation.
read more →

Palo Alto Networks Expands Frontier AI Defense Alliance

🛡️ Palo Alto Networks is expanding its Frontier AI Alliance to scale delivery of autonomous, real-time defenses. Building on the Frontier AI Defense initiative and recent testing of frontier models (including Anthropic’s Mythos, Claude Opus 4.7, and OpenAI’s GPT-5.5-Cyber), the company has added a new cohort of strategic partners. By pairing Palo Alto Networks’ technology with partners’ consulting expertise, the program aims to deliver AI readiness at scale and machine-speed MTTR to customers.
read more →

Defender's Guide: Frontier AI Impact on Cybersecurity

🔒 Palo Alto Networks reports ongoing testing of frontier AI models, including Anthropic and OpenAI, finding they rapidly surface code vulnerabilities and potential exploit paths. In the May 'Patch Wednesday' advisories the majority of findings originated from these AI scans, prompting broad rescanning and remediation. The company warns of a narrow three-to-five-month window before AI-driven exploits spread and offers Unit 42 services to help organizations respond.
read more →

Building Resilient Transportation Systems with Google AI

🚦Google outlines a blueprint for safer, more resilient transportation systems powered by AI. Leaders from Utah DOT, CalSTA, and Deloitte describe tools like Roadway Safety Insights (RSI) that integrate dozens of datasets to predict and mitigate risks, shifting agencies from reactive fixes to proactive safety. The article stresses resolving fragmented data and creating trusted single sources of truth to maximize AI value. Readers are invited to a Best of Next Public Sector Webinar and live demos at ITS America in June.
read more →

Microsoft MDASH: Multi-Model AI for Vulnerability Discovery

🛡️ Microsoft introduced MDASH (multi-model agentic scanning harness), a model-agnostic AI system in limited private preview designed to discover, validate, and prove exploitable defects in large codebases. The system orchestrates more than 100 specialized agents across frontier and distilled models in a structured pipeline that builds threat models, runs auditor and debater stages, groups equivalent findings, and proves vulnerabilities. Microsoft reports MDASH uncovered 16 issues fixed in this month’s Patch Tuesday, including two critical Windows networking and authentication flaws.
read more →

From WarGames to Cyberwar: Nation-State Cyber Threats

🔍 In a RSA 2025 conversation, Allie Mellen, author of Code War, frames modern cyber conflict through historical doctrine, showing how nations' distinct strategies shape attacks and espionage. She cautions that attribution based solely on technical signals is insufficient because actors can forge signatures and deploy false flags, so motive and context matter. Mellen warns that AI will make attacks faster and more adaptive, and urges defenders to strengthen fundamentals and adopt automation and AI on the defensive side.
read more →

Autonomous Validation: Closing the AI-Speed Breach Gap

🛡️ In a post-Mythos environment, AI-driven attacks can weaponize vulnerabilities within hours or minutes, outpacing traditional defensive cycles. Picus Security argues defenders must pair continuous Breach and Attack Simulation (BAS) with autonomous pentesting to validate controls and reveal genuine attack paths. Operational friction — the "spaghetti handoff" between tools and teams —, not tooling alone, is the main cause of delayed response, so validation must be automated end-to-end.
read more →

Microsoft's MDASH AI Finds 16 Windows Vulnerabilities

🔍 Microsoft disclosed MDASH, an AI-driven vulnerability discovery system that found 16 previously unknown Windows flaws, including four critical remote code execution bugs that were patched as part of the May 12 Patch Tuesday release. Built by the Autonomous Code Security and Windows Attack Research teams, the platform orchestrates more than 100 specialized AI agents across multiple models to scan, validate and construct triggering inputs before human review. Microsoft said MDASH is intentionally model-agnostic and will enter private enterprise preview next month.
read more →

UK Cyber Sector Revenue Rises as Cyber Resilience Grows

📈The UK cybersecurity sector generated £14.7bn in revenue last year and contributed £9.1bn in gross value added, the government reported on 13 May. Employment rose to nearly 70,000 and the number of firms climbed to 2,603, with AI-focused cybersecurity vendors growing sharply. The government unveiled the Cyber Resilience Pledge and plans legislation via the Cyber Security and Resilience Bill to tighten standards. Experts warn that advances in AI increase risks and call for stronger, harmonized incident reporting and defences.
read more →

2026 CSO Award Winners: Business-Enabling Cyber Innovation

🔒 The 2026 CSO Awards recognize 64 security organizations whose projects deliver measurable business value and stronger enterprise resilience. CSO profiles six standout initiatives that illustrate trends such as zero trust, AI-driven automation, gamified awareness, and shift-left cloud security. Examples include Copart’s adaptive phishing and gamification that lifted reporting rates from ~20% to over 55%, HMSA’s Zero Trust Data Governance that removed confidential member information from nonproduction environments, and Hensel Phelps’ automation program saving more than 1,250 work hours annually.
read more →

Google outlines five AI-driven measures to fight fraud

🔒 Google describes five coordinated approaches to reduce scams and fraud, presented at the EMEA Anti-Scams and Fraud Summit hosted by the Google Safety Engineering Center in Zurich. The company highlights AI-powered defenses that block spam, malware and policy-violating ads, plus on-device scam detection in Phone by Google. It also emphasizes user tools, education through Be Scam Ready, cross-platform threat-data sharing via the Global Signal Exchange, and partnerships with law enforcement to disrupt criminal networks.
read more →

Microsoft's MDASH: Multi-Model Agentic Security System for Windows

🔒 Microsoft announced MDASH, a multi-model agentic scanning harness that orchestrates over 100 specialized AI agents to discover, validate, and prove exploitable bugs in Windows. In internal tests it found 21 of 21 seeded driver vulnerabilities with zero false positives and achieved an industry-leading 88.45% score on the CyberGym benchmark. The harness produced 16 CVEs in today’s Patch Tuesday across networking and authentication stacks, including four Critical remote code execution flaws, and is in limited private preview with select customers.
read more →

May 2026 Patch Tuesday: Major Vendor Fix Waves and AI

🔒 Microsoft’s May Patch Tuesday updates address at least 118 security flaws across Windows and other products, including 16 rated critical. This release is notable as the first Patch Tuesday in nearly two years without fixes for known exploited zero-days or previously disclosed vulnerabilities. Other major vendors — Apple, Google, Mozilla and Oracle — have accelerated patch cadences after collaborative AI evaluations. Administrators are advised to apply updates promptly and back up data before upgrading.
read more →

AI Coding Agents Expand Developer Threat Surface Risks

🔍 AI coding agents now operate across IDEs, terminals, and extension runtimes, so defenders must expand focus beyond source code to repository files, instruction and runtime settings, and third‑party extensions that shape agent behavior. VirusTotal Code Insight and agentic threat intelligence apply semantic analysis to detect malicious intent in syntactically valid artifacts and link findings to broader campaigns and supply‑chain risks. Examples—weaponized tasks.json, malicious Skill.md, redirected settings.json endpoints, and sabotaged extensions—illustrate how semantics can enable exfiltration, privilege escalation, and stealthy attacker control.
read more →

OpenAI Daybreak: Secure-by-Design LLMs for Developers

🔒 OpenAI has launched Daybreak, an initiative built on its frontier LLMs and the Codex assistant to help developers embed security throughout the software development lifecycle. Announced on May 12, Daybreak extends the Trusted Access for Cyber (TAC) program and includes GPT‑5.5, TAC-enabled GPT‑5.5, GPT‑5.5‑Cyber and a Codex Security research preview. The initiative supports code scanning, vulnerability triage, automated detection and response while pairing defensive capabilities with verification, proportional safeguards and accountability.
read more →

OpenAI Launches Daybreak: New AI Cyber Defense Platform

🔒 OpenAI has unveiled Daybreak, an enterprise-focused cyber-defense platform that combines its large language models with Codex-style agent capabilities and broad integrations across the security ecosystem. The initiative aims to accelerate vulnerability discovery, generate and test fixes within repositories, and deliver audit-ready evidence back into enterprise workflows. Daybreak will be offered in tiers including GPT-5.5, Trusted Access, and GPT-5.5-Cyber, and is being developed with major vendors and government partners.
read more →

CISOs Step into AI Spotlight: Risk, Governance and Trust

🔒 CISOs are shifting from a primarily technical control function to strategic business partners as AI reshapes risk, operations, and product delivery. Leaders such as Barry Hensley, Shaun Khalfan, and Jeff Trudeau stress publishing AI security frameworks, embedding security early in development, and aligning controls to business outcomes. They warn of AI-enabled threats — including advanced phishing, voice/video impersonation, and automated vulnerability discovery — and call for continuous controls, stronger identity and data governance, and near-real-time patching. Growing board engagement and changing reporting lines reflect the elevated role of security in enterprise strategy.
read more →