#ai-security

#ai-security

But like everything else in life, there will always be a more powerful AI waiting in the wings to take out both protagonists and open a new chapter in the fight. Acclaimed author and enthusiastic Mac user Douglas Adams once posited that Deep Thought, the computer, told us the answer to the ultimate question of life, the universe, and everything was 42, which only made sense once the question was redefined. But in today's era, we cannot be certain the computer did not hallucinate.

The National Institute of Standards and Technology (NIST) recently released NIST IR 8596, the Initial Preliminary Draft of the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile). The document establishes a structured approach for managing cybersecurity risk related to AI systems and the use of AI in cyber defense, organised around three focus areas: Securing AI System Components (Secure), Conducting AI-Enabled Cyber Defense (Defend), and Thwarting AI-Enabled Cyber Attacks (Thwart).

The organization puts on the prominent annual gathering of cybersecurity experts, vendors, and researchers that started in 1991 as a small cryptography event hosted by the corporate security giant RSA. RSAC is now a separate company with events and initiatives throughout the year, but its conference in San Francisco is still its flagship offering with tens of thousands of attendees each spring.

Critical workloads from the security company are migrating to Google's cloud service, and customers will have access to broad protection for their AI deployments. The combination should provide end-to-end security, "from code to cloud" as Palo Alto Networks describes it. Customers can protect their AI workloads and data on Google Cloud with both Prisma AIRS and built-in security options from the hyperscalers.

Founded in 2011, Chatterbox Labs focuses on AI security, transparency about AI activity, and quantitative risk analysis. The company's technology provides automated security and safety tests that generate risk metrics for enterprise implementations. This is an important piece of the puzzle in providing the necessary stability for the advance of AI. IDC predicts AI spending of $227 billion in the enterprise market by 2025, but scaling up pilots to production remains costly and complex.

Katharine Jarmul challenged five common AI security and privacy myths in her keynote at InfoQ Dev Summit Munich 2025: that guardrails will protect us, better model performance improves security, risk taxonomies solve problems, one-time red teaming suffices, and the next model version will fix current issues. Jarmul argued that current approaches to AI safety rely too heavily on technical solutions while ignoring fundamental risks, calling for interdisciplinary collaboration and continuous testing rather than one-time fixes.

Allie Miller, for example, recently ranked her go-to LLMs for a variety of tasks but noted, "I'm sure it'll change next week." Why? Because one will get faster or come up with enhanced training in a particular area. What won't change, however, is the grounding these LLMs need in high-value enterprise data, which means, of course, that the real trick isn't keeping up with LLM advances, but figuring out how to put memory to use for AI.

The AI upstart didn't use the attack it found, which would have been an illegal act that would also undermine the company's we-try-harder image. Anthropic can probably also do without $4.6 million, a sum that would vanish as a rounding error amid the billions it's spending. But it could have done so, as described by the company's security scholars. And that's intended to be a warning to anyone who remains blasé about the security implications of increasingly capable AI models.

Earlier this week at Microsoft's Ignite conference in San Francisco, the overwhelming onslaught of artificial intelligence-related announcements made it easy to miss some of the company's more significant "all-AI all-the-time" news. Also: Microsoft's new AI agents create your Word, Excel, and PowerPoint projects now The word "Copilot" -- representative of Microsoft's flagship AI brand -- made thousands of appearances across virtually every functional area of the technology firm's offerings, a testimony to an AI-first strategy that also blanketed its portfolio of security-related solutions.

Through deep, native integrations with Factory, Glean, IBM, and ServiceNow, we provide the trusted security foundation needed for rapid deployment.

On Monday, a new Model Context Protocol security startup called Runlayer launched out of stealth with $11 million in seed funding from Khosla Ventures' Keith Rabois and Felicis. It was created by third-time founder Andrew Berman (previous companies: baby-monitor maker Nanit and an AI video conferencing tool, Vowel, that sold to Zapier in 2024). In the four months since Runlayer launched its product in stealth, it has signed dozens of customers, including eight unicorns or public companies like Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp, it says.

Omar argues that traditional security models are no longer sufficient.

A host of leading open weight AI models contain serious security vulnerabilities, according to researchers at Cisco. In a new, researchers found these models, which are publicly available and can be downloaded and modified by users based on individual needs, displayed "profound susceptibility to adversarial manipulation" techniques. Cisco evaluated models by a range of firms including: Alibaba (Qwen3-32B) DeepSeek (v3.1) Google (Gemma 3-1B-IT) Meta (Llama 3.3-70B-Instruct) Microsoft (Phi-4) OpenAI (GPT-OSS-20b) Mistral (Large-2).

Following the recent acquisition of Observo AI, SentinelOne is integrating this technology into the Singularity Platform. According to the company, the combination creates the only SIEM on the market with both pre-ingestion analytics and flexible data collection. This is made possible by Observo AI's streaming architecture, which made it an attractive acquisition target for SentinelOne. This speed should enable agentic applications, allowing security work to be largely automated in real time. SentinelOne summarizes all this as an "AI-ready data pipeline."

Apple device management and security company Kandji has changed its name to Iru, reflecting a new approach to what it does while opening its offer up to Windows and Android. It means enterprises shifting to Apple tech can now manage all their legacy equipment using the same console - and benefit from Iru's AI-powered unified IT and security platform introduced on Wednesday.

Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns faster, and bring a level of scale that human analysts alone can't match. But realizing that potential depends on securing the systems that make it possible. Every organization experimenting with AI in security operations is, knowingly or not, expanding its attack surface.

Government data is highly segmented by design, often separated by security classification levels to protect sensitive data and operations. While this segmentation is essential for national security, it also presents data-sharing obstacles that must be overcome. Fortunately, Cross-Domain Solutions (CDS) can help overcome obstacles such as safely training AI models with untrusted data, sharing classified AI capabilities with partners and connecting users or systems to AI tools across classification boundaries.

On Monday, Google security engineering managers Jason Parsons and Zak Bennett said in a blog post that the new program, an extension of the tech giant's existing Abuse Vulnerability Reward Program (VRP), will incentivize researchers and bug bounty hunters to focus on "high-impact abuse issues and security vulnerabilities" in Google products and services.