#ai-security

[ follow ]
#cyberattacks
fromSecurityWeek
2 hours ago
Information security

Hackers Weaponize Claude Code in Mexican Government Cyberattack

Attackers exploited Claude Code to compromise ten Mexican government bodies and a financial institution, exfiltrating 150GB of data affecting 195 million identities by bypassing AI safety guardrails through social engineering.
fromJezebel
2 days ago
Artificial intelligence

Hacker Used Commercial AI Chatbots to Breach Most of the Mexican Government

A user manipulated Anthropic's Claude chatbot into executing thousands of cyberattacks against Mexican government agencies, stealing 150 gigabytes of data including 195 million taxpayer records.
Information security
fromSecurityWeek
2 hours ago

Hackers Weaponize Claude Code in Mexican Government Cyberattack

Attackers exploited Claude Code to compromise ten Mexican government bodies and a financial institution, exfiltrating 150GB of data affecting 195 million identities by bypassing AI safety guardrails through social engineering.
fromJezebel
2 days ago
Artificial intelligence

Hacker Used Commercial AI Chatbots to Breach Most of the Mexican Government

Information security
fromThe Hacker News
21 hours ago

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw fixed a high-severity vulnerability allowing malicious websites to hijack locally running AI agents through password brute-forcing and unauthorized device registration.
#cybercrime
fromEngadget
3 days ago
Information security

Hacker used Anthropic's Claude chatbot to attack multiple government agencies in Mexico

fromEngadget
3 days ago
Information security

Hacker used Anthropic's Claude chatbot to attack multiple government agencies in Mexico

Information security
fromTechzine Global
3 days ago

VAST Data aims for secure-by-default AI with CrowdStrike

VAST Data and CrowdStrike integration provides real-time threat detection, automated response, and security controls at the data layer for AI and analytics environments.
#ai-agents
fromZDNET
3 days ago
Artificial intelligence

Is Perplexity's new Computer a safer version of OpenClaw? How it works

fromZDNET
3 days ago
Artificial intelligence

Is Perplexity's new Computer a safer version of OpenClaw? How it works

Information security
fromFortune
4 days ago

Nearly two-thirds of companies have lost track of their data just as they're letting AI in through the front door to wander around | Fortune

Only 34% of organizations know where their data resides, creating critical security vulnerabilities as AI systems gain broad access to enterprise networks without adequate controls.
#cybersecurity
fromTechzine Global
4 days ago

Copilot gets less access to sensitive Office documents

Until now, data loss prevention within Microsoft Purview only worked for documents in Microsoft's cloud services. Files stored on laptops or desktops were outside that scope. In practice, this meant Copilot could analyze locally stored documents, even when organizations had strict security rules in place. Microsoft is now putting an end to that limitation.
Privacy technologies
Information security
fromTechzine Global
4 days ago

70 percent of organizations see AI as the biggest data risk

70% of companies view AI as the most significant data security risk, with AI systems gaining trusted insider access to corporate data often with less control than human users.
#agentic-ai
fromZDNET
3 weeks ago
Information security

Microsoft and ServiceNow's exploitable agents reveal a growing - and preventable - AI security crisis

fromZDNET
3 weeks ago
Information security

Microsoft and ServiceNow's exploitable agents reveal a growing - and preventable - AI security crisis

fromTechzine Global
6 days ago

Claude can now scan for complex vulnerabilities, but who will find them?

The promise behind Claude Code Security is that overburdened security teams can have some of their work taken over by AI. According to Anthropic, existing analysis tools do not do enough because they do nothing more than go through lists of known vulnerabilities. AI can test the software for layered threats, such as exploits of the specific codebase that arise from its design.
Information security
#code-scanning
#prompt-injection
fromThe Verge
1 week ago
Artificial intelligence

The AI security nightmare is here and it looks suspiciously like lobster

fromZDNET
1 week ago
Information security

How ChatGPT's new Lockdown Mode protects you from cyberattacks - and why it's not for everyone

Information security
fromTheregister
1 month ago

Anthropic's Files API exfiltration risk resurfaces in Cowork

Cowork's Files API can be exploited via prompt injection to exfiltrate sensitive files to an attacker's Anthropic account without additional user approval.
Information security
fromTheregister
1 month ago

IBM's AI agent Bob easily duped to run malware: Researchers

IBM's Bob coding agent can be manipulated to execute malware and does not reliably enforce prompt-injection defenses or prevent data exfiltration.
fromThe Verge
1 week ago
Artificial intelligence

The AI security nightmare is here and it looks suspiciously like lobster

fromZDNET
1 week ago
Information security

How ChatGPT's new Lockdown Mode protects you from cyberattacks - and why it's not for everyone

fromTechCrunch
1 week ago

Microsoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunch

Microsoft has confirmed that a bug allowed its Copilot AI to summarize customers' confidential emails for weeks without permission. The bug, first reported by Bleeping Computer, allowed Copilot Chat to read and outline the contents of emails since January, even if customers had data loss prevention policies to prevent ingesting their sensitive information into Microsoft's large language model. Copilot Chat allows paying Microsoft 365 customers to use the AI-powered chat feature in its Office software products, including Word, Excel, and PowerPoint.
Information security
Information security
fromSecurityWeek
1 week ago

Palo Alto Networks to Acquire Koi in Reported $400 Million Transaction

Palo Alto Networks is acquiring Koi to enhance AI-aware endpoint security and integrate agentic protections into its Prisma AIRS and Cortex XDR platforms.
Information security
fromTheregister
1 week ago

Palo Alto CEO says AI isn't great for business, yet

Enterprise AI adoption lags consumer uptake by years; only coding assistants show significant enterprise use, creating limited network traffic but prompting security and traffic-consolidation needs.
#openai
fromFortune
1 week ago
Artificial intelligence

What OpenAI's OpenClaw hire says about the future of AI agents | Fortune

fromFortune
1 week ago
Artificial intelligence

What OpenAI's OpenClaw hire says about the future of AI agents | Fortune

EU data protection
fromTechCrunch
1 week ago

European Parliament blocks AI on lawmakers' devices, citing security risks | TechCrunch

European Parliament disabled built-in AI tools on work devices due to cybersecurity and privacy risks from uploading confidential data to cloud-based AI services.
EU data protection
fromTNW | Eu
1 week ago

The European Parliament pulls back AI from its own devices

European Parliament disabled built-in AI features on issued devices over unresolved data security, privacy, and cloud-processing transparency concerns.
US politics
fromwww.mercurynews.com
1 week ago

Opinion: Trump risks US innovation and security if he sells China advanced chips

China aims to displace U.S. global leadership through economic and technological means, prompting calls to restrict advanced chip exports and tighten national security reviews.
Information security
from24/7 Wall St.
1 week ago

The AI-Fueled Cyber Threat Boom Means These Two Stocks Will Win Big

Edge-deployed autonomous AI agents expand attack surface with credentials and API keys, necessitating zero-trust access and robust endpoint protection to prevent large-scale data breaches.
Artificial intelligence
fromSecurityWeek
2 weeks ago

Check Point Announces Trio of Acquisitions Amid Solid 2025 Earnings Beat

Check Point acquired Cyata, Cyclops, and Rotate to accelerate AI-driven security, CTEM capabilities, and MSP workspace offerings while reporting revenue and EPS growth for 2025.
Artificial intelligence
fromComputerworld
2 weeks ago

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked over 100,000 prompts aimed at extracting Gemini's proprietary reasoning capabilities to prevent model extraction and intellectual property theft.
#ai-governance
Information security
fromTechzine Global
2 weeks ago

Check Point acquires security startups Cyclops, Cyata, and Rotate

Check Point acquired three cybersecurity startups for about $150 million to expand capabilities in security data analytics, AI-agent controls, and MSP-focused risk management.
Information security
fromDevOps.com
2 weeks ago

Bridging the Dev-Security Gap With Smarter Authorization - DevOps.com

Engineering and security must jointly define and enforce real-time authorization policies for LLMs and agents to prevent overpermissioning and AI-driven privilege escalation.
Artificial intelligence
fromZDNET
2 weeks ago

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

AI systems have multiple severe, largely unpatched security vulnerabilities enabling autonomous attacks, data poisoning, prompt injection, malicious model repositories, and deepfake-enabled theft.
Information security
fromThe Hacker News
2 weeks ago

Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Attackers increasingly exploit trust within connected AI, cloud, and developer ecosystems, embedding malicious components in trusted marketplaces and updates to gain access.
Privacy professionals
fromWIRED
3 weeks ago

Moltbook, the Social Network for AI Agents, Exposed Real Humans' Data

Mobile Fortify isn't designed to verify identities, approved after DHS privacy rules were relaxed; militarized ICE/CBP units and data-broker risks raise safety concerns.
fromEntrepreneur
3 weeks ago

How to Stop AI From Leaking Your Company's Confidential Data

Within months of its launch in November 2022, ChatGPT had started making its mark as a formidable tool for writing and optimizing code. Invariably, some engineers at Samsung thought it was a good idea to use AI to optimize a specific piece of code that they had been struggling with for a while. However, they forgot to note the nature of the beast. AI simply does not forget; it learns from the data it works on, quietly making it a part of its knowledge base.
Artificial intelligence
Artificial intelligence
fromThe Hacker News
3 weeks ago

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Anthropic's Claude Opus 4.6 discovered over 500 high-severity vulnerabilities in open-source libraries and helped prioritize and validate fixes.
fromLondon Business News | Londonlovesbusiness.com
3 weeks ago

The 10 best AI red teaming tools of 2026 - London Business News | Londonlovesbusiness.com

AI systems are becoming part of everyday life in business, healthcare, finance, and many other areas. As these systems handle more important tasks, the security risks they face grow larger. AI red teaming tools help organizations test their AI systems by simulating attacks and finding weaknesses before real threats can exploit them. These tools work by challenging AI models in different ways to see how they respond under pressure.
Artificial intelligence
fromTechRepublic
3 weeks ago

Varonis Acquires AllTrue to Strengthen AI Security Capabilities - TechRepublic

Varonis has announced its acquisition of AllTrue.ai, an AI trust, risk, and security management (AI TRiSM) company, in a move aimed at helping enterprises manage and secure the growing use of AI across their organizations. The deal underscores a broader industry shift as security vendors race to address the risks introduced by large language models, copilots, and autonomous AI agents operating at scale.
Artificial intelligence
Software development
fromInfoWorld
3 weeks ago

Deno Sandbox launched for running AI-generated code

Deno released Deno Sandbox, a secure microVM environment to safely run AI-generated code with network egress control and secret protection; Deno Deploy reached general availability.
Artificial intelligence
fromThe Hacker News
3 weeks ago

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Lightweight scanner detects backdoors in open-weight LLMs using three observable signals to flag poisoning with low false-positive rates.
Artificial intelligence
fromZDNET
3 weeks ago

Is your AI model secretly poisoned? 3 warning signs

Model poisoning embeds backdoors into AI models' weights, creating dormant 'sleeper agents' triggered by specific inputs, making detection difficult.
Information security
fromSecurityWeek
3 weeks ago

Varonis Acquisition of AllTrue.ai Valued at $150 Million

Varonis acquired AllTrue.ai to integrate TRiSM capabilities—visibility, enforcement, and compliance controls—so customers can monitor AI usage and reduce AI-related risk.
fromNextgov.com
3 weeks ago

AI info-sharing center is in development, CISA official says

We just want to make sure we've got the right elements of, how do we pull together people, and how do we take advantage of the leadership position that we have
Information security
fromNextgov.com
3 weeks ago

White House cyber shop is crafting AI security policy framework, top official says

National Cyber Director Sean Cairncross, speaking at the Information Technology Industry Council's Intersect policy summit, did not indicate when this framework would be finalized, but said the project is a "hand-in-glove" effort with the Office of Science and Technology Policy. President Donald Trump "is very forward leaning on the innovation side of AI," Cairncross said. "We are working to ensure that security is not viewed as a friction point for innovation" but is built into AI systems foundationally, he added.
US politics
Information security
fromTheregister
3 weeks ago

Too much open-source AI is exposing itself to the web

Exposed, homogenous Ollama open-source AI deployments form a monoculture vulnerable to zero-day exploits, remote compromise, resource hijacking, and unnoticed abuse.
#dfir
fromSecurityWeek
4 weeks ago

Aisy Launches Out of Stealth to Transform Vulnerability Management

"Smart people are burning out sifting through backlogs of unprioritized, low-value vulnerabilities, while the real critical pathways go unprotected," says Shlomie Liberow, founder and CEO of Aisy (and formerly head of hacker research and development at HackerOne). He doesn't see this changing for mid-tier and larger companies - partly because of the security industry itself. Each vulnerability tool competes with other vulnerability tools, and each one avoids the possibility of a competitor finding more issues than it does itself.
Information security
#cloud-security
Information security
fromSecurityWeek
1 month ago

Rein Security Emerges From Stealth With $8M, Bringing Inside-Out AppSec Approach

Rein Security delivers in-app runtime protection and real-time production visibility to detect and respond to threats inside running applications.
fromTechRepublic
1 month ago

Android Phones Get AI-Powered Anti-Theft Features - TechRepublic

"Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That's why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt," said Google in the announcement. Your phone now fights back when stolen The most impressive upgrade targets the moment of theft itself. Android 's enhanced Failed Authentication Lock now includes stronger penalties for wrong password attempts, extending lockout periods to frustrate thieves trying to crack your device.
Information security
Artificial intelligence
fromTechzine Global
1 month ago

Zscaler launches AI Security Suite to secure AI applications

Zscaler's AI Security Suite provides visibility across AI apps, models, and infrastructure and enforces Zero Trust, inline inspection, and lifecycle guardrails to mitigate pervasive vulnerabilities.
fromNextgov.com
1 month ago

Watch for GenAI browsers, purple teaming and evolving AI policy in 2026

While this is a good start, traditional red-and-blue teaming cannot match the speed and complexity of modern adoption and AI-driven systems. Instead, agencies should look to combine continuous attack simulations with automated defense adjustments, enabling an automated purple teaming approach. Purple teaming shifts the paradigm from one-off testing to continuous, autonomous GenAI security by allowing agents to simulate AI-specific attacks and initiate immediate remediation within the same platform.
Artificial intelligence
Information security
fromVue.js Jobs
1 month ago

Engineering Manager / Delivery Lead at ffive - VueJobs

Lead a multidisciplinary engineering team to deliver scalable, secure AI security features across Guardrails and Red Team products, ensuring performance, quality, and team growth.
Artificial intelligence
fromComputerWeekly.com
1 month ago

AI claims are cheap: The challenge is to work out what's real | Computer Weekly

AI security claims are cheap; evaluate product-level AI maturity to avoid marketing-driven purchases that add risk like data leakage and model governance issues.
fromComputerworld
1 month ago

Jamf has a warning for macOS vibe coders

But like everything else in life, there will always be a more powerful AI waiting in the wings to take out both protagonists and open a new chapter in the fight. Acclaimed author and enthusiastic Mac user Douglas Adams once posited that Deep Thought, the computer, told us the answer to the ultimate question of life, the universe, and everything was 42, which only made sense once the question was redefined. But in today's era, we cannot be certain the computer did not hallucinate.
Artificial intelligence
Information security
fromInfoQ
1 month ago

How CyberArk Protects AI Agents with Instruction Detectors and History-Aware Validation

All text entering an agent's context must be treated as untrusted until validated to prevent embedded malicious instructions and context-history poisoning.
fromWIRED
1 month ago

Former CISA Director Jen Easterly Will Lead RSA Conference

The organization puts on the prominent annual gathering of cybersecurity experts, vendors, and researchers that started in 1991 as a small cryptography event hosted by the corporate security giant RSA. RSAC is now a separate company with events and initiatives throughout the year, but its conference in San Francisco is still its flagship offering with tens of thousands of attendees each spring.
Information security
Artificial intelligence
fromTechCrunch
1 month ago

How WitnessAI raised $58M to solve enterprise AI's biggest risk | TechCrunch

Enterprises face data leakage, compliance violations, and prompt-injection risks as AI chatbots and agents are deployed, creating demand for enterprise AI confidence and security.
Information security
fromTechCrunch
1 month ago

AI security firm, depthfirst, announces $40 million series A | TechCrunch

Depthfirst raised $40 million to develop an AI-native security platform that scans codebases, protects credentials, and monitors open-source and third-party component threats.
fromThe Hacker News
1 month ago

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0 "This issue [...] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform," the company said in an advisory released Monday.
Information security
Information security
fromTheregister
1 month ago

Block red-teamed its own AI agent to run an infostealer

AI agents must be demonstrably safer and better than humans and deployed with least-privilege access and enterprise-grade risk management.
Information security
fromwww.techzine.eu
1 month ago

After investment round, Cyera expands its vision on AI security

Cyera raised $400 million at about a $9 billion valuation to scale and advance data-centric AI security protecting sensitive enterprise data.
Information security
fromThe Hacker News
1 month ago

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't)

Organizations must prioritize evidence-based cybersecurity predictions focusing on targeted ransomware, internal AI-related risks, and skepticism about AI-orchestrated attacks.
fromTechzine Global
1 month ago

CrowdStrike expands portfolio with acquisition of SGNL

With the acquisition, valued at $740 million, CrowdStrike aims to expand its identity security offering, particularly in cloud environments and AI-driven workloads. The transaction will be financed with a combination of cash and shares. The parties aim to complete the acquisition by the end of April, subject to regulatory approval. According to SiliconANGLE, the acquisition is part of a broader shift within cybersecurity, in which identities are playing an increasingly central role.
Information security
Information security
fromComputerWeekly.com
1 month ago

Security Think Tank: Stop buying AI, start buying outcomes | Computer Weekly

AI-powered security tools are ubiquitous; prioritize practical utility and work-focused problem-solving over marketing hype to find genuine value.
Information security
fromTheregister
1 month ago

Are criminals vibe coding malware? All signs point to yes

AI-assisted coding is already being used in malware, creating vulnerabilities that demand controls like SHIELD and human-in-the-loop code review.
Information security
fromThe Hacker News
2 months ago

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

Traditional security frameworks are inadequate for AI-specific threats, enabling large-scale secret leaks despite compliance and audits.
fromTechzine Global
2 months ago

Palo Alto Networks migrates largely to Google Cloud and signs landmark deal

Critical workloads from the security company are migrating to Google's cloud service, and customers will have access to broad protection for their AI deployments. The combination should provide end-to-end security, "from code to cloud" as Palo Alto Networks describes it. Customers can protect their AI workloads and data on Google Cloud with both Prisma AIRS and built-in security options from the hyperscalers.
Artificial intelligence
Education
fromArs Technica
2 months ago

School security AI flagged clarinet as a gun. Exec says it wasn't an error.

AI security misidentified a student's clarinet as a rifle, prompting a police-response lockdown despite human review and highlighting risks and costs of false alerts.
fromTechzine Global
2 months ago

Red Hat acquires AI security player Chatterbox Labs

Founded in 2011, Chatterbox Labs focuses on AI security, transparency about AI activity, and quantitative risk analysis. The company's technology provides automated security and safety tests that generate risk metrics for enterprise implementations. This is an important piece of the puzzle in providing the necessary stability for the advance of AI. IDC predicts AI spending of $227 billion in the enterprise market by 2025, but scaling up pilots to production remains costly and complex.
Artificial intelligence
Artificial intelligence
fromTechzine Global
2 months ago

Wodan AI raises 2 million to unleash AI on encrypted data

Wodan AI raised €2 million to develop homomorphic encryption allowing AI models to run on fully encrypted data, targeting privacy-sensitive European sectors.
Information security
fromNextgov.com
2 months ago

Quantum cryptography implementation timelines must be shortened, industry CEO to tell Congress

Combining AI and quantum computing threatens current encryption, creating new cyber fault lines that demand comprehensive, network-wide quantum-resistant protections.
Information security
fromComputerworld
2 months ago

Emerging cyber threats: How businesses can bolster their defenses

Enterprises must understand evolving cyber threats from AI, quantum computing, and emerging biotechnologies to protect data, infrastructure, and privacy.
Information security
fromChannelPro
2 months ago

HackerOne eyes enterprise growth with double C-suite appointment

HackerOne appointed Stephanie Furfaro as CRO and Stacy Leidwinger as CMO to accelerate growth in threat exposure management and AI-native security offerings.
Artificial intelligence
fromZDNET
2 months ago

Weaponized AI risk is 'high,' warns OpenAI - here's the plan to stop it

Rapidly evolving AI cyber capabilities raise high cybersecurity risk, prompting proactive measures and frameworks to help defenders track and mitigate model-related security threats.
fromInfoQ
2 months ago

Five AI Security Myths Debunked at InfoQ Dev Summit Munich

Katharine Jarmul challenged five common AI security and privacy myths in her keynote at InfoQ Dev Summit Munich 2025: that guardrails will protect us, better model performance improves security, risk taxonomies solve problems, one-time red teaming suffices, and the next model version will fix current issues. Jarmul argued that current approaches to AI safety rely too heavily on technical solutions while ignoring fundamental risks, calling for interdisciplinary collaboration and continuous testing rather than one-time fixes.
Artificial intelligence
Information security
fromTechzine Global
2 months ago

Microsoft ends year with patch for exploited zero day

Microsoft patched an actively exploited Windows zero-day (CVE-2025-62221) plus 56 vulnerabilities; AI-integrated tooling and other vendors' critical fixes increase urgency.
Artificial intelligence
fromThe Hacker News
2 months ago

Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

Chrome adds layered defenses, including a User Alignment Critic and Agent Origin Sets, to prevent prompt-injection and limit agent access to relevant origins.
[ Load more ]