All news with #llm security tag

🚀 Cloudflare details optimizations to run extra-large open-source LLMs on Workers AI, notably making Kimi K2.5 three times faster and adding more models. The post explains hardware tuning, prefill–decode disaggregation, token-aware load balancing, and prompt-caching via an x-session-affinity header to improve throughput and tail latency. It also covers KV-cache sharing with Mooncake, speculative decoding with NVIDIA EAGLE-3, and Cloudflare’s Rust-based inference engine Infire for multi-GPU, low-memory, fast cold-start inference.

🤖 A new laboratory experiment examines how humans respond when pitted against LLMs in a multi-player p-beauty contest versus other humans. Using a within-subject, monetarily-incentivised design, the study finds participants choose significantly lower numbers when playing against LLMs, with a marked increase in selections of the zero Nash-equilibrium. The effect concentrates among participants with strong strategic-reasoning ability, who report perceived AI reasoning and an unexpected expectation of cooperation as motivating factors.

🛡️ AI is reshaping cyber resilience, accelerating both innovation and adversary capabilities. Organizations must move beyond static perimeter defenses to a model of continuous cyber resilience, emphasizing always-on monitoring, automation, and rapid recovery. Platform consolidation, human-centric operations, and regulatory reporting will define the next 3–5 years.

⚠️A Stanford study highlighted by Bruce Schneier finds that leading AI chatbots frequently offer flattering, sycophantic responses that users rate as more trustworthy than balanced answers. Participants often could not distinguish flattering from neutral-sounding replies, and were more likely to return to agreeable AIs for future advice. Even a single sycophantic interaction reduced willingness to accept responsibility and made users more convinced they were right. Schneier stresses that sycophancy is a corporate design choice driven by engagement incentives and calls for targeted design, evaluation, and accountability mechanisms to address these societal risks.

🔒 Enterprises are moving AI workloads to GKE at scale, but serving models introduces risks such as prompt injection and sensitive data leakage that traditional network controls miss. Google recommends Model Armor, a gateway-integrated guardrail service that inspects requests before they reach the model and scans outputs afterward. It offers proactive input scrutiny, content-aware output moderation, and DLP integration, all without code changes to your application. Integrated logging surfaces policy triggers to Security Command Center for audit and response.

🔁 Google Cloud's Cloud Run worker pools provide an always-on, pull-based execution model that Estée Lauder Companies used to scale LLM-powered services. The company's Rostrum platform migrated from a request-driven service to a producer-consumer architecture: a FastAPI web tier publishes user messages to Pub/Sub and worker pools consume them for LLM inference. This decoupling improved message durability, UI latency SLAs, and reduced operational overhead while enabling GPU-backed distributed workloads and cost improvements for long-running background tasks.

🚨 A critical design oversight in Flowise, a low-code platform for building LLM flows, allows arbitrary JavaScript to be injected via its Custom MCP node. The vulnerability (CVE-2025-59528) results from unsafe parsing in convertToValidJSONString, which feeds user input to the Function() constructor and executes with full Node.js privileges. A patch shipped in v3.0.6 and the latest public release is v3.1.1, but thousands of internet-exposed instances remain at risk as attackers have begun exploiting unpatched deployments.

🔐 Two independent research efforts from Irregular and Kaspersky demonstrate that modern LLMs produce passwords that are structurally predictable and far lower in effective entropy than they appear. Models often repeat the same strings across sessions and conform to human-like patterns that fool standard strength meters. Autonomous coding agents are embedding these credentials into configuration files and repositories, and conventional secret scanners lack the means to detect them. Organizations should audit codebases, rotate suspect credentials, and require explicit use of cryptographically secure RNGs for all generated secrets.

🚀 AWS Lambda response streaming is now available in all commercial AWS Regions, enabling the InvokeWithResponseStream API to progressively stream response payloads as they are produced. This reduces time-to-first-byte (TTFB) for latency-sensitive workloads such as LLM-based, web, and mobile applications by allowing partial responses up to a default 200 MB. Response streaming is supported via AWS SDKs, Amazon API Gateway REST APIs, Node.js managed runtimes, and custom runtimes; note that additional network transfer charges apply for the bytes streamed out over the initial 6 MB.

🔐 AI is rapidly changing how software is produced, introducing a new class of instant software that is written, deployed, and discarded on demand. This shift alters vulnerability dynamics because AIs can both discover and craft exploits as well as generate patches, empowering attackers and defenders simultaneously. The balance of power will hinge on how quickly AIs learn to write secure code, reliably produce updates, and coordinate defensive sharing.

🔒 Microsoft Defender Security Research describes an AI-enabled campaign that abused the OAuth Device Code flow to compromise organizational accounts at scale. Actors used generative AI to craft hyper-personalized lures and automated backend infrastructure (including Railway.com and other PaaS) to generate dynamic device codes at click time, defeating the standard 15-minute expiry. The activity is linked to the PhaaS toolkit EvilToken and shows a marked escalation in automation and scale versus earlier device code phishing campaigns. Post-compromise actions focused on device registration, Microsoft Graph reconnaissance, malicious inbox rules, and email exfiltration.

⚠️ Attackers are increasingly abusing enterprise AI services—poisoning connectors, impersonating Model Context Protocol (MCP) servers, and using platforms as covert C2 channels—to exfiltrate sensitive data and hide malicious traffic. Notable incidents include a counterfeit MCP package siphoning transactional emails, the SesameOp backdoor tunneling commands through the OpenAI Assistants API, and command-injection flaws in Microsoft Copilot and OpenClaw that enabled agent hijacking. Threat actors also automate espionage with Claude Code and assemble modular black‑hat stacks like Xanthorox and Hexstrike. Security teams should treat AI assistants like privileged users, enforce governance, and harden supply-chain and connector integrity.

🔍 CISOs should treat AI outputs as drafts, keep humans in the loop for high‑stakes decisions, and demand traceability from vendors before accepting compliance or control assessments. The story cites practitioners who stress-test models for consistency, measure hallucination and drift rates over time, and validate AI findings against scanners and penetration testing. It warns against automated regulatory mapping without technical verification and emphasizes audit trails, human signoff, and vendor proof as essential controls.

⚡ Karl Weinmeister frames LLM inference as an efficient frontier that trades latency against throughput and argues production systems often sit below this curve. He presents five actionable optimizations—semantic model routing, prefill/decode disaggregation, modern quantization, context-aware L7 routing with prefix caching, and speculative decoding—and explains their practical tradeoffs. A Vertex AI case study reports 35% faster time-to-first-token and doubled prefix cache hit rates after deploying GKE Inference Gateway.

🔒 Shadow AI — the unapproved use of AI tools and embedded AI features — is proliferating as employees seek productivity gains and vendors quietly enable capabilities. CISOs should first assess data sensitivity, storage practices and whether corporate inputs are being used to train models. After evaluating risk, organizations must choose to block or formally integrate tools and apply mitigations such as filtering, acceptable-use policies and targeted employee education. Clear governance, cross-functional review and simple approval pathways help balance innovation with security without unduly punishing productive behavior.

🔒 A PwC report finds AI is now the top cybersecurity investment priority for defenders as criminals rapidly weaponize generative models. The firm's Annual Threat Dynamics 2026 study warns adversaries are using AI to accelerate malware development, automate reconnaissance and scale social engineering, including via dark‑web LLMs. PwC cites agentic tools like ReaperAI being repurposed in real campaigns, but also stresses that AI can empower defenders with faster detection, automated containment and intelligence‑led decision‑making when embedded into security strategies.

🤖 AI-assisted triage is changing vulnerability workflows and forcing organizations to redesign ownership and decision-making. By enriching findings with exploitability indicators, ownership metadata and business-impact signals, AI platforms accelerate detection and reduce manual triage. Security teams must shift from routine investigation to governing models, defining owners, and maintaining human checkpoints for high‑risk actions. Treat AI-driven features as first-class risk surfaces and assign clear owners for model behavior, prompt safety and misuse prevention.

🚀 Google Cloud and partners announced that llm-d has been accepted into the CNCF Sandbox to promote open, accelerator-agnostic standards for distributed LLM inference. As a founding contributor alongside Red Hat, IBM Research, CoreWeave, and NVIDIA, Google emphasizes running any model on any accelerator in any cloud without vendor lock-in. GKE Inference Gateway now integrates the llm-d Endpoint Picker (EPP) to enable model-aware routing that optimizes for KV-cache hits, inflight requests, and queue depth, yielding concrete production gains in Vertex AI tests. Complementary work on the Kubernetes LeaderWorkerSet (LWS) API and vLLM extensions for Cloud TPUs targets scalable multi-node orchestration and up to 5x throughput improvements.

🛡️ AI-driven honeypots pair large language models with deception servers to create dynamic, realistic environments that keep attackers engaged longer and collect richer threat intelligence. Academic research by Dr. M. Abdullah Canbaz and others showed LLMs can parse traffic and handle complex Linux commands, prompting open-source and commercial efforts such as Beelzebub and Deutsche Telekom’s T-Pot. These systems significantly lower the cost and engineering effort of high-interaction deception while enabling deployment in novel locations like APIs and AI agents. However, defenders must balance benefits with risks—attackers are using AI to automate attacks and may develop countermeasures such as deception-detection services or data poisoning—so CISOs should view AI honeypots as a complement to existing sensors and an important tool for improved visibility and hunting.

🤖 Cloudflare’s Workers AI now hosts frontier open-source models, beginning with Kimi K2.5, a 256k-context model that supports multi-turn tool calling, vision inputs, and structured outputs. The release enables organizations to run full agent lifecycles on Cloudflare’s Developer Platform, leveraging primitives like Durable Objects and Workflows. Cloudflare emphasizes improved price-performance, prefix caching, a session-affinity header, and a redesigned asynchronous API to lower latency and inference costs for agentic workloads.