#ai-security

#ai-security

A host of leading open weight AI models contain serious security vulnerabilities, according to researchers at Cisco. In a new, researchers found these models, which are publicly available and can be downloaded and modified by users based on individual needs, displayed "profound susceptibility to adversarial manipulation" techniques. Cisco evaluated models by a range of firms including: Alibaba (Qwen3-32B) DeepSeek (v3.1) Google (Gemma 3-1B-IT) Meta (Llama 3.3-70B-Instruct) Microsoft (Phi-4) OpenAI (GPT-OSS-20b) Mistral (Large-2).

Following the recent acquisition of Observo AI, SentinelOne is integrating this technology into the Singularity Platform. According to the company, the combination creates the only SIEM on the market with both pre-ingestion analytics and flexible data collection. This is made possible by Observo AI's streaming architecture, which made it an attractive acquisition target for SentinelOne. This speed should enable agentic applications, allowing security work to be largely automated in real time. SentinelOne summarizes all this as an "AI-ready data pipeline."

Apple device management and security company Kandji has changed its name to Iru, reflecting a new approach to what it does while opening its offer up to Windows and Android. It means enterprises shifting to Apple tech can now manage all their legacy equipment using the same console - and benefit from Iru's AI-powered unified IT and security platform introduced on Wednesday.

Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns faster, and bring a level of scale that human analysts alone can't match. But realizing that potential depends on securing the systems that make it possible. Every organization experimenting with AI in security operations is, knowingly or not, expanding its attack surface.

Government data is highly segmented by design, often separated by security classification levels to protect sensitive data and operations. While this segmentation is essential for national security, it also presents data-sharing obstacles that must be overcome. Fortunately, Cross-Domain Solutions (CDS) can help overcome obstacles such as safely training AI models with untrusted data, sharing classified AI capabilities with partners and connecting users or systems to AI tools across classification boundaries.

On Monday, Google security engineering managers Jason Parsons and Zak Bennett said in a blog post that the new program, an extension of the tech giant's existing Abuse Vulnerability Reward Program (VRP), will incentivize researchers and bug bounty hunters to focus on "high-impact abuse issues and security vulnerabilities" in Google products and services.

More and more organizations are integrating large language models, generative AI, and autonomous agents into their business processes. While this accelerates innovation, it also creates new security challenges. In a world where data increasingly functions as "executable code," data breaches, model manipulation, and undesirable effects of autonomous decision-making are becoming ever greater threats. Check Point already offers GenAI Protect, SaaS and API security, data loss prevention, and machine learning-driven security. Adding Lakera's technology creates a more complete AI security stack.

The State of Embedded Software Quality and Safety 2025 from Black Duck reveals a disconnect between the organizational use of AI and AI security. The embedded software landscape is transforming, largely driven by AI, with 89.3% of organizations already utilizing AI coding assistants and 96.1% integrating products with open source AI models. However, 21.1% of organizations still lack confidence in their capabilities to prevent AI from opening the door to vulnerabilities.

Human risk management (HRM) specialist KnowBe4 has announced the appointment of Joel Kemmerer as its new chief information officer (CIO). A seasoned IT executive, Kemmerer arrives with more than 30 years' experience from leadership roles across the industry, bringing expertise in digital transformation, integrating acquisitions, and streamlining business operations. As KnowBe4's new CIO, he will play a key role in leading digital transformation initiatives as the vendor looks to continue its global growth journey.

Google Cloud is enhancing security with AI by creating a new integrated security operations center (SOC) that automates workflows for alert triage, investigation, and response.

The first vulnerability (CVE-2025-23320 - 7.5) relates to a bug in the Python backend, triggered by exceeding the shared memory limit, using a very large request.

AI is evolving fast, but security isn't keeping up. Discover why zero-trust architecture is critical for safe, scalable AI agent deployment.

An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer overflow resulting in read off the end of an array.

Meta has addressed a security vulnerability that allowed users to access private prompts and AI-generated responses of others, revealing major concerns with data authorization.

"Think of AI as an exceptionally confident intern. It's helpful and full of suggestions, but requires oversight and verification," he says.