#ai-security

#ai-security

More and more organizations are integrating large language models, generative AI, and autonomous agents into their business processes. While this accelerates innovation, it also creates new security challenges. In a world where data increasingly functions as "executable code," data breaches, model manipulation, and undesirable effects of autonomous decision-making are becoming ever greater threats. Check Point already offers GenAI Protect, SaaS and API security, data loss prevention, and machine learning-driven security. Adding Lakera's technology creates a more complete AI security stack.

The State of Embedded Software Quality and Safety 2025 from Black Duck reveals a disconnect between the organizational use of AI and AI security. The embedded software landscape is transforming, largely driven by AI, with 89.3% of organizations already utilizing AI coding assistants and 96.1% integrating products with open source AI models. However, 21.1% of organizations still lack confidence in their capabilities to prevent AI from opening the door to vulnerabilities.

Human risk management (HRM) specialist KnowBe4 has announced the appointment of Joel Kemmerer as its new chief information officer (CIO). A seasoned IT executive, Kemmerer arrives with more than 30 years' experience from leadership roles across the industry, bringing expertise in digital transformation, integrating acquisitions, and streamlining business operations. As KnowBe4's new CIO, he will play a key role in leading digital transformation initiatives as the vendor looks to continue its global growth journey.

Google Cloud is enhancing security with AI by creating a new integrated security operations center (SOC) that automates workflows for alert triage, investigation, and response.

Attackers can intentionally feed misleading data into a system, causing AI to learn incorrect patterns. This can lead to dangerous consequences for operations and public safety.

The first vulnerability (CVE-2025-23320 - 7.5) relates to a bug in the Python backend, triggered by exceeding the shared memory limit, using a very large request.

An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer overflow resulting in read off the end of an array.

Meta has addressed a security vulnerability that allowed users to access private prompts and AI-generated responses of others, revealing major concerns with data authorization.

"Think of AI as an exceptionally confident intern. It's helpful and full of suggestions, but requires oversight and verification," he says.

If AI suggests unregistered or inactive domains, threat actors can register those domains and set up phishing sites. As long as users trust AI-provided links, attackers gain a powerful vector to harvest credentials or distribute malware at scale.

OpenAI is implementing enhanced security measures to safeguard its intellectual property from corporate espionage, largely prompted by the release of a competing model by Chinese startup DeepSeek.

When developers use AI coding tools, they may inadvertently create security vulnerabilities. Nearly 40% of AI-generated code contains issues, which can have serious implications.

OWASP's AITG is a true game-changer for AI security. As CISOs, we've wrestled with AI's non-deterministic nature and silent data drift. This guide offers a structured path to secure, auditable AI, from prompt injection to continuous monitoring.

According to Marc Fischer, CEO of Invariant Labs, this approach is necessary because agentic AI systems are a new category of software.

Anthropic's decision to leave the SQL injection vulnerability unpatched perpetuates a significant security threat to AI agents that depend on their SQLite Model Context Protocol.

"Today's service enhancements reflect our continued commitment to the European market, facilitating businesses in the region with AI-powered tools and solutions to stay competitive in the evolving AI era."

The legislation mandates the NSA to draft an AI security playbook to safeguard sensitive technologies from foreign threats, notably those posed by China.

Meta's LlamaCon showcases tools for developers, including the new Llama API and security-focused Llama protection tools, aiming to empower AI application development.

When traditional security approaches fall short in protecting non-human identities, organizations must rethink strategies for securing AI agents and other digital identities.

It's funny how, having been in both seats, the product engineer thinks about making the intended thing work, and the security engineer thinks about all the ways that you can game that system.

MCP's framework connects LLMs with external data, enhancing AI's utility, but introduces security risks including prompt injection and tool poisoning attacks.

Jade Leung, CTO at the UK AI Security Institute, emphasized that many AI companies are making substantial investments to evaluate risks, but more efforts are required.