All news with #llm security tag

⚡ AWS now supports NVIDIA Inference Xfer Library (NIXL) with Elastic Fabric Adapter (EFA) on all EFA-enabled EC2 instances and regions. This integration accelerates disaggregated LLM inference by increasing KV-cache throughput, lowering inter-token latency, and optimizing KV-cache memory use between prefill and decode nodes. NIXL interoperates with frameworks such as NVIDIA Dynamo, SGLang, and vLLM. Supported versions are NIXL 1.0.0+ and EFA installer 1.47.0+, available at no extra cost.

🛡️ Gartner warns custom-built AI applications will increasingly strain security teams unless defenders are engaged early. It predicts that by 2028 at least half of enterprise incident response work will handle fallout from AI app security issues. Analysts urge teams to "shift left" to embed controls during development, and expect AI security platforms to be widely adopted within two years to enforce guardrails and mitigate prompt injection, data misuse and related threats.

🔐 CISOs are updating data protection strategies as employees rapidly adopt AI tools that access and expose sensitive information. Leaders such as Scott Kopcha at Goodwin Procter and experts from SANS and Health-ISAC warn that traditional controls and many DLP tools are insufficient for the multiple ways AI can interact with data. Organizations are prioritizing data classification, identity and access management, continual monitoring, zero-trust, and ongoing vendor evaluations to close gaps and show due diligence.

🚀 Amazon OpenSearch Service now supports OpenSearch 3.5, introducing agentic AI enhancements, improved search relevance tooling, and expanded observability capabilities. The update adds persistent agentic conversation memory to capture multi-turn context and tool reasoning, plus context management that automatically truncates and summarizes inputs to reduce LLM token costs. A redesigned no-code agent interface with MCP integration and expanded search relevance workbench—including LLM-powered evaluation and scheduled experiments—helps teams tune and validate agent-driven search experiences without code.

🔒 The Pentera AI and Adversarial Testing Benchmark Report 2026, based on a survey of 300 US CISOs and senior security leaders, finds that most security teams lack the tools and skills to secure AI systems. 67% of respondents report limited visibility into AI usage, while half cite a lack of internal expertise. Organizations largely extend legacy security controls—75%—and only 11% use AI-specific tools.

🔒 A PowerShell backdoor called Slopoly, likely generated with an LLM, was used in an Interlock ransomware intrusion that allowed attackers to persist on a compromised server for over a week and exfiltrate data. IBM X-Force observed developer-style comments, structured logging, clear variable names, and robust error handling that suggest AI-assisted creation. Deployed to C:\ProgramData\Microsoft\Windows\Runtime\, Slopoly beacons to a C2 endpoint, polls for commands, executes them via cmd.exe, and establishes persistence as a scheduled task.

🤖 The open-source Landing Zone Accelerator (LZA) Model Context Protocol (MCP) Server enables management of LZA deployments via natural-language conversations with AI assistants. The containerized MCP endpoint provides 20 specialized tools to search documentation across LZA versions, manage configurations, monitor pipelines, and surface actionable failure insights. It integrates with IDEs such as Kiro, Amazon Q Developer, and Claude Code, uses temporary credentials per AWS security best practices, and is available now in supported commercial and GovCloud regions.

🛡️ IBM X-Force researchers have linked a PowerShell backdoor called Slopoly to financially motivated group Hive0163 and report indicators that portions of the script were likely produced with a large language model. The builder-delivered payload establishes persistence via a scheduled task named Runtime Broker and was used to maintain access for more than a week in a 2026 ransomware incident. Slopoly beacons system details every 30 seconds, polls for commands every 50 seconds, executes via cmd.exe and returns results to a C2 server. Although the script lacks true self-modifying polymorphism, its comments, logging and naming conventions demonstrate how AI can accelerate malware development.

⚠️ Building LLM applications on Vertex AI can trigger 429 errors when request rates exceed available throughput, degrading user experience and increasing retries. This article explains consumption options—Standard and Priority PayGo, Provisioned Throughput, Flex PayGo, and Batch—and prescribes five operational practices: smart retries, global model routing, context caching, prompt optimization, and traffic shaping. Combining these approaches (for example PT for critical real-time traffic and Batch for latency-tolerant jobs) helps preserve performance and control costs.

🔒 Researchers at Unit 42, Palo Alto Networks' lab, have demonstrated that LLM-based safety and evaluation systems — called AI Judges — can be manipulated via prompt-injection-style token sequences. Their custom fuzzer, AdvJudge-Zero, probes models in a black-box manner, finding low-perplexity formatting tokens that shift internal attention and increase the likelihood of an 'allow' decision. Unit 42 recorded a 99% bypass rate across multiple architectures, and showed that adversarial retraining on fuzzer-discovered examples can reduce that success rate to near zero.

📈 The February 2026 Check Point Global Threat Intelligence report found UK organisations saw fewer weekly attacks per organisation (1,504) than the global average (2,086), but a 36% year‑on‑year increase — nearly four times the global 9.8% rise. Education, energy & utilities, government, healthcare and financial services were among the most frequently targeted UK sectors. Ransomware remained acute, with 49 active groups and a plurality of victims attributed to Qilin, Clop and The Gentlemen. The report also warned that widespread, unmanaged GenAI use is elevating inadvertent data‑exposure risk, with one in 31 prompts judged high risk.

🛡️ Organizations are adopting agentic AI—autonomous, task-driven systems powered by LLMs—to streamline processes and boost throughput. These agents can plan, act, and iterate, but their non-deterministic behavior creates gaps in traceability, auditability, and access control. Apply strong role-based access, threat modeling, and oversight (human or independent evaluators) to limit exposure and ensure safe deployment.

🔍 This research introduces AdvJudge-Zero, an automated fuzzer that discovers stealthy input sequences capable of flipping AI judge decisions and bypassing safety gates. Tests show low-perplexity, benign-looking tokens—such as markdown markers, role labels, and context-shift phrases—can reliably convert block outcomes into allows. The report documents a roughly 99% attack success rate across diverse models and recommends adversarial fuzzing, retraining with discovered examples, and operational monitoring using products like Prisma AIRS and Cortex AI-SPM.

🤖 The World Economic Forum’s Global Cybersecurity Outlook 2026 warns that AI is accelerating the cyber arms race: 94% of leaders expect it to be the top change driver and 87% say AI vulnerabilities are the fastest‑growing risk. The report notes organizations are improving AI tool security evaluation (from 37% to 64%), yet CEOs and CISOs display different risk priorities. It also highlights widening resilience gaps across organization sizes and calls for harmonized regulation and stronger public‑private collaboration.

⚠️ Threat actors are integrating AI across the cyberattack lifecycle to speed and scale operations, using LLMs to draft phishing, generate and debug malware, fabricate identities, and maintain persistent fraudulent access. Microsoft observed groups such as Jasper Sleet and Coral Sleet abusing generative models and jailbreaking techniques to bypass safeguards. Early experiments with agentic AI could enable semi‑autonomous workflows, increasing operational resilience. Defenders should combine identity controls, telemetry, and AI‑aware detection tools to mitigate risk.

🔒 Microsoft Defender investigated malicious Chromium browser extensions that impersonated legitimate AI assistant tools to collect LLM chat histories and browsing telemetry. Distributed via the Chrome Web Store and compatible with both Google Chrome and Microsoft Edge, the extensions captured full URLs and chat snippets from platforms such as ChatGPT and DeepSeek, reaching roughly 900,000 installs and activity in over 20,000 enterprise tenants. Microsoft provides detections, hunting queries, and mitigation guidance to contain exposure and remediate affected devices.

🚗 BMW Group and Google Cloud present a proof-of-concept pipeline to compress, fine-tune, evaluate, and deploy domain-specific small language models (SLMs) for in-vehicle voice commands. They position SLMs as a practical compromise between full cloud-based LLMs and constrained onboard hardware, reducing latency and network dependence. Using Vertex AI Pipelines, the automated workflow explores quantization, pruning, distillation, LoRA fine-tuning, and RL-based alignment, and validates models on Android/AOSP head-unit environments. The team publishes the pipeline code to encourage reuse and reproducible experimentation.

🔒 FortiAIGate provides dedicated runtime protection for private AI and LLM deployments by monitoring every input and output between applications and models. It detects and blocks threats such as prompt injection, jailbreaking, model poisoning, data exfiltration, and excessive compute abuse while enforcing governance policies in real time. Built for Kubernetes and hybrid environments, it integrates with Fortinet Security Fabric, offers dashboards mapping OWASP Top 10 LLM risks, and uses multi‑GPU and SmartNIC acceleration to preserve performance and control costs.

⚠️ Unit 42 researchers describe web-based indirect prompt injection (IDPI), where adversaries embed hidden or obfuscated instructions in webpages that are later consumed by LLMs and agentic systems. The report catalogs 22 payload engineering techniques, presents a taxonomy of attacker intents from low to critical, and details multiple in-the-wild detections, including the first observed AI ad-review bypass. It emphasizes detection, intent analysis and web-scale defenses to protect automated pipelines.

☁️ Cloudflare’s new Cloudy layer uses LLMs to translate complex security telemetry into concise, human-readable guidance inside Cloudflare One. It generates plain-language explanations for Email Security detections and structured Risk + Guidance summaries for CASB findings to help teams act faster. Phishnet reporting will surface real-time Cloudy summaries via Workers AI to reduce SOC noise and guide end users. Microsoft beta starts soon, with wider rollouts and Google Workspace support planned.