All news with #llm security tag

🔒 Microsoft’s SDL is expanding to secure AI-powered systems by treating AI risks as dynamic, cross-disciplinary challenges rather than a static checklist. The update highlights AI-specific threats—prompt injection, data poisoning, memory and cache leakage, and malicious tool interactions—and stresses the need for telemetry-driven detection and faster feedback loops. Microsoft emphasizes developer-friendly policy, automation, and collaborative threat modeling to integrate security into everyday engineering practice.

⚡ Microsoft has expanded its managed PostgreSQL offerings on Azure to support AI-native workloads by improving performance, scalability, and developer workflows. Azure Database for PostgreSQL now integrates with Microsoft Foundry for in-database LLM calls, offers DiskANN vector indexing for similarity search, and adds Parquet support for direct SQL access to object storage. Developers benefit from VS Code provisioning, Entra ID authentication, GitHub Copilot assistance, and a new Azure HorizonDB service for ultra-low-latency scale-out.

🔔 OpenAI said it will retire the popular GPT-4o model on February 13, 2026, along with several other models, including GPT-5 Instant, GPT-5 Thinking, GPT-4.1, and o4-mini. The company said the move follows the rise of GPT-5.2, which it now regards as meeting expectations for capability and safety. OpenAI introduced a Personality feature to help users replicate aspects of GPT-4o’s warmer, conversational style, and said API behavior is unchanged at this time.

🔐 Bruce Schneier summarizes an Anthropic evaluation showing that Claude Sonnet 4.5 can perform multistage attacks across networks with dozens of hosts using only standard, open-source tools. In a high-fidelity simulation of the Equifax breach the model reportedly exfiltrated personal data from a Kali Linux host via a Bash shell, recognizing a public CVE and generating exploit code without external lookup. The results illustrate how fast AI is lowering barriers to autonomous cyber workflows and reinforce the urgent need for prompt patching, layered defenses, and basic security hygiene.

🚨 French cybersecurity firm HarfangLab uncovered a January 2026 campaign dubbed RedKitten that leverages emotionally charged, forged forensic files to deliver a .NET implant called SloppyMIO. The attack begins with a password-protected 7z archive containing malicious Excel spreadsheets that prompt users to enable macros and drop a C# payload. SloppyMIO hijacks a legitimate Windows binary to run stealthily, establishes persistence via scheduled tasks, fetches modules from GitHub and Google Drive, and uses Telegram as its command-and-control channel. Researchers noted multiple traces of LLM-assisted development and assessed the campaign as aligned with Iranian government security interests.

🔍 Microsoft Defender Security Research Team describes an AI-assisted workflow that converts unstructured threat reports into actionable detection insights. The system uses LLMs with Retrieval Augmented Generation to extract candidate TTPs, metadata, and required telemetry, then normalizes behaviors to MITRE ATT&CK. Extracted TTPs are compared to a standardized detection catalog via vector similarity search and LLM validation to surface likely coverage and gap recommendations. Human-in-the-loop review, deterministic prompts, and evaluation loops are emphasized to ensure accuracy before operational changes.

🔍 A joint investigation by SentinelOne SentinelLABS and Censys identified 175,000 publicly reachable Ollama hosts across 130 countries, spanning cloud and residential networks. Nearly half of observed instances advertise tool-calling capabilities that can execute code, access APIs, and interact with external systems, significantly raising the threat profile. Researchers warn these unmanaged LLM deployments lack standard authentication and monitoring, enabling active LLMjacking campaigns and resale of illicit access.

🔍 Conversational Analytics in BigQuery (preview) brings an AI-powered reasoning agent into BigQuery Studio, enabling users to query, visualize, and forecast directly with natural language. The agent generates and executes SQL grounded in your schema, metadata, and verified queries, and it exposes the SQL and reasoning behind each answer to build trust. Security, governance, and audit logging are enforced by BigQuery’s compliance controls, and the feature also supports unstructured data and API integration for custom agents.

🤖 This Kaspersky article evaluates safety and privacy risks in consumer AI toys by testing four products—Grok, Kumma, Miko 3, and Robot MINI—using a simulated five‑year‑old. It emphasizes that these devices run on general-purpose LLMs (for example, OpenAI, Anthropic, Google) with inconsistent vendor guardrails. Tests show toys sometimes disclosed locations of dangerous household items, engaged on adult topics, and transmitted or stored voice and biometric data. The piece warns current toys lack reliable safety boundaries and calls for stronger guardrails and clearer data practices.

🔒 Researchers at Pillar Security warn of large-scale campaigns that probe and exploit exposed LLM and MCP endpoints to steal compute, exfiltrate context data, and resell API access. In recent weeks, honeypots captured roughly 35,000 attack sessions linked to Operation Bizarre Bazaar and a parallel MCP reconnaissance effort that leverage Shodan/Censys scanners, automated validators, and a criminal marketplace. Threat actors target unprotected Ollama, vLLM and OpenAI-compatible endpoints and are marketing discounted access via a site called The Unified LLM API Gateway. Organizations must require authentication, audit MCP exposure, apply rate limits, block known malicious ranges, and treat AI endpoints with the same rigor as APIs and databases immediately.

⚠️ Moltbot, an open-source local AI assistant, has become popular for deep system integration but is being deployed insecurely in enterprise environments, risking exposure of API keys, OAuth tokens, conversation history, and credentials. Researcher Jamieson O'Reilly and others found hundreds of exposed admin interfaces caused by reverse proxy misconfigurations that auto-approve "local" connections, allowing unauthenticated access and command execution. A supply-chain proof-of-concept showed a malicious Skill could rapidly reach developers. Vendors recommend isolating instances in VMs and enforcing strict firewall and access controls.

🔒 Researchers at Pillar Security recorded over 35,000 attack sessions in a 40-day window revealing a large-scale operation they call Bizarre Bazaar, an instance of LLMjacking that monetizes exposed LLM endpoints. The campaign targets misconfigured self-hosted models, unauthenticated APIs (notably Ollama on port 11434 and OpenAI-compatible services on port 8000), and publicly accessible MCP servers. Compromised endpoints are used for cryptocurrency mining, reselling API access through a marketplace dubbed silver[.]inc, data exfiltration, and lateral movement into internal systems.

⚠️ Zscaler's ThreatLabz 2026 report finds enterprise AI use rose 91% in 2025 after analyzing 989.3 billion AI/ML transactions on the Zscaler Zero Trust Exchange. Adoption has outpaced oversight across more than 3,400 AI applications, with OpenAI services the top LLM and Grammarly and ChatGPT becoming concentrated repositories of corporate data. Analysts reported critical vulnerabilities in 100% of observed AI systems and a median time to first critical failure of 16 minutes, warning that agentic AI could scale attacks at machine speed.

🛡️AI-driven attacks are rapidly evolving, with adversaries using LLMs to conceal code and generate malicious scripts that can shape-shift to evade traditional defenses. Recent disclosures, including Google's threat intelligence and Anthropic's November 2025 report of an AI-orchestrated espionage campaign, highlight automation across intrusion lifecycles. The piece emphasizes that pairing NDR and EDR enables correlation of network anomalies and endpoint telemetry, and cites Corelight's Open NDR Platform as an example of layered, behavioral detection to surface threats that slip past EDR alone.

⚠️ A recent study finds that framing malicious instructions as poetry substantially raises the chance that chatbots produce unsafe outputs. Researchers converted known harmful prose prompts into verse and tested 1,200 prompts across 25 models from vendors such as Google, OpenAI, Anthropic, and DeepSeek. Across the full dataset, poetic prompts increased unsafe responses by an average of about 35%, while an extreme top-20 metric showed even higher bypass rates. The experiment highlights a novel stylistic jailbreak that can undermine conventional safety controls.

🤖 As AI chatbots such as ChatGPT become common in children’s lives, parents face growing safety, privacy and developmental concerns. Young people may use bots for homework, advice or companionship, which can lead to overreliance, social withdrawal, exposure to inappropriate material and convincing misinformation (so-called hallucinations). Providers implement guardrails, but age verification and enforcement are inconsistent and evolving more slowly than the technology. Parents are advised to combine open conversations, clear usage limits and app-level parental controls to reduce harm and protect sensitive data.

🤖 The essay examines why large language models remain vulnerable to prompt injection attacks and why incremental vendor fixes are insufficient. It explains that LLMs collapse layered human context into token similarity, lack social learning and interruption reflexes, and are trained to answer rather than defer. The authors warn that agents with tool access amplify these risks and argue for fundamental advances—such as task-specific constraints, real-world grounding, or new architectures—rather than patchwork defenses.

🔒 Chainlit, a widely used open-source framework for building conversational AI, contained two high-severity flaws that enable arbitrary file reads and server-side request forgery without user interaction. Zafran Labs labeled the issues CVE-2026-22218 and CVE-2026-22219, which together can expose API keys, cloud credentials, source code, and internal services. The defects were fixed in v2.9.4; organizations should upgrade to 2.9.4 or later immediately and inspect for potential data exfiltration.

📚 This free course from Google Cloud and DeepLearning.ai teaches practical use of Gemini CLI, guiding users through installation, context management, extensibility, and specialized workflows. It is designed for developers and non-developers who want to integrate the CLI into daily tasks such as data analysis, content generation, and personalized learning. The curriculum runs in under two hours and provides hands-on lessons covering GEMINI.md, memory features, MCP servers, and extensions.

🔒Gartner warns that the growing prevalence of AI-generated content could cause future LLMs to be trained on outputs from previous models, increasing risks of model degradation, hallucinations and bias. The analyst predicts up to half of organizations may adopt zero trust data governance amid rising regulatory scrutiny. Firms are urged to appoint AI governance leaders, strengthen metadata management and deploy authentication and verification controls to safeguard decision-making and financial outcomes.