#ai-security
#ai-security

2 days ago

Artificial intelligence

No Mythos, no problem: commodity AI can squash bugs too

Information security

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.

Information security

How dangerous is Anthropic's Mythos AI? | Bruce Schneier

20 hours ago

The AI that cracked Apple Silicon is only the beginning

AI can augment security research and also help attackers find hard-to-find vulnerabilities, increasing risk as capabilities improve.

2 days ago

No Mythos, no problem: commodity AI can squash bugs too

Commodity LLMs with scenario-based, agentic workflows can rapidly discover actionable vulnerabilities in real open-source applications.

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

MDASH is a model-agnostic, multi-agent AI pipeline that discovers, validates, and proves exploitable vulnerabilities at scale in complex codebases.

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.

more#vulnerability-discovery

How dangerous is Anthropic's Mythos AI? | Bruce Schneier

Generative AI is rapidly improving at finding and exploiting software vulnerabilities, increasing both cyberattack risk and defensive patching effectiveness.

Venture

fromBitcoin Magazine

1 day ago

Foundation Raises $6.4M In Fulgur-led Round To Launch Passport Prime, A 'Human Authority' Device To Keep AI Agents In Check

Passport Prime secures critical digital actions by requiring isolated hardware-based human approval for AI-driven automation.

fromtheregister

2 days ago

Even Claude agrees: hole in its sandbox was real and dangerous

Two Claude Code network sandbox bypasses were silently fixed without CVE or advisory, enabling attacker-controlled code execution and exfiltration of sandbox-accessible credentials and data.

DevOps

3 days ago

9 application security startups combating AI risks

Governance and AI usage visibility are being treated as scalable infrastructure, requiring automation, unified logging, and policy frameworks across organizations.

#cybersecurity

4 days ago

Information security

Advanced AI models bring government to 'reflection point,' CIA official says

Information security

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Information security

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Information security

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

Artificial intelligence

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

fromThe Verge

Information security

Anthropic's Mythos breach was humiliating

4 days ago

Advanced AI models bring government to 'reflection point,' CIA official says

Advanced AI with hacking-like capabilities should be treated as a reflection point for federal agencies handling sensitive information.

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Cybersecurity demand for AI workloads, identity control, and data pipeline protection is driving growth, while several stocks trade under $30 at compressed valuations.

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Daybreak combines OpenAI frontier AI with Codex Security to help organizations find and patch vulnerabilities before attackers exploit them.

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

Thirty-three cybersecurity-related merger and acquisition deals were announced in April 2026.

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.

fromThe Verge

Anthropic's Mythos breach was humiliating

Unauthorized access to Anthropic's AI model Mythos raises serious concerns about cybersecurity and safety protocols.

more#cybersecurity

Anthropic to share Mythos cyber flaw findings with global finance watchdog

Anthropic will brief the Financial Stability Board on Claude Mythos, while limiting public release and sharing access to banks and tech firms to test cybersecurity weaknesses.

fromTNW | Au

CBA names AI researcher Professor Mary-Anne Williams as Chief AI Scientist

Commonwealth Bank appoints Mary-Anne Williams as first Chief AI Scientist to lead teams across machine learning, responsible AI, AI security, and generative AI.

#pwn2own

Information security

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026

Berlin

fromZero Day Initiative

Zero Day Initiative - Pwn2Own Berlin 2026 - Day One Results

Twenty-two entries target AI databases, coding agents, local inferences, and NVIDIA products in Pwn2Own Berlin 2026 with live updates and results.

Information security

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026

Berlin

fromZero Day Initiative

Zero Day Initiative - Pwn2Own Berlin 2026 - Day One Results

Twenty-two entries target AI databases, coding agents, local inferences, and NVIDIA products in Pwn2Own Berlin 2026 with live updates and results.

Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million

Akamai will acquire LayerX for about $205 million to add AI usage control and browser security capabilities to its Zero Trust portfolio.

fromZero Day Initiative

Zero Day Initiative - Pwn2Own Berlin 2026: The Full Schedule

Thursday, May 14 - 1030 chompie of IBM X-Force Offensive Research (XOR) targeting NV Container Toolkit in the NVIDIA category for a total of $50,000 and 5 Master of Pwn points Le Duc Anh Vu ( @vulda ) of Viettel Cyber Security (@vcslab) targeting OpenAI Codex in the Coding Agent category for a total of $40,000 and 4 Master of Pwn points Orange Tsai (@orange_8361) of DEVCORE Research Team targeting Microsoft Edge - Sandbox Escape in the Web Browser category for a total of $175,000 and 17.5 Master of Pwn points

Information security

Trump's China trip collides with AI security fears

The U.S. and China plan leader-level talks on AI guardrails, but trust and shared security norms remain uncertain amid cyber and intelligence competition.

White Circle Raises $11 Million for AI Control Platform

White Circle raised $11M seed funding to build an AI control layer that monitors inputs/outputs, detects risks, enforces policies, and improves model accuracy over time.

fromwww.theregister.com

Japan's PM orders cybersecurity review to defend against Anthropic Mythos

Japan ordered a cabinet-level review of cybersecurity strategy to assess government system vulnerabilities and ensure critical infrastructure operators can detect and fix them amid AI-enabled attack risks.

#vulnerability-scanning

fromtheregister

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

A scan using Anthropic’s Mythos found only one confirmed cURL vulnerability, with other findings largely false positives or minor bugs.

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

fromtheregister

Anthropic's bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

A scan using Anthropic’s Mythos found only one confirmed cURL vulnerability, with other findings largely false positives or minor bugs.

more#vulnerability-scanning

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

Wall Street piles into 'NACHO' bet on looming oil shortages in June | Fortune

Token theft is rising in AI services, with criminals using stolen tokens to drive costs and enable fraud.

Mozilla: AI-powered bug detection produces very few false positives

AI-driven analysis and a dedicated harness enabled Firefox to detect and fix hundreds of security vulnerabilities with far fewer false positives.

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

A critical CVSS 10/10 vulnerability in Gemini CLI's -yolo mode allowed attackers to inject malicious prompts via GitHub issues, potentially enabling full supply chain compromise through credential theft and unauthorized repository access.

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

more#supply-chain-attack

Commerce AI center will evaluate Google Deepmind, Microsoft and xAI models

The Commerce Department will test leading AI models for security before deployment, overseen by CAISI within the National Institute of Standards and Technology.

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

AI infrastructure security is compromised due to rapid deployment without proper authentication, exposing sensitive data and increasing vulnerability.

Trump administration considering safety review for new AI models

The White House is developing an AI security framework to assess vulnerabilities before public deployment of advanced AI models.

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks

Cisco intends to acquire Astrix Security to enhance security for non-human identities in response to rising AI-related risks.

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks

Cisco intends to acquire Astrix Security to enhance security for non-human identities in response to rising AI-related risks.

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

Information security

Indirect Prompt Injection Is Now a Real-World AI Security Threat

Information security

Cloudflare: Attackers are deceiving AI models with prompt injection

Information security

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Information security

Prompt injection proves AI models are gullible like humans

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Indirect Prompt Injection Is Now a Real-World AI Security Threat

AI agents are vulnerable to prompt injection attacks, leading to data breaches and security risks in enterprise systems.

Cloudflare: Attackers are deceiving AI models with prompt injection

Attackers increasingly use prompt injection to manipulate AI models, influencing decision-making with simple text fragments.

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google's research reveals an increase in indirect prompt injection attacks on AI, though their sophistication remains relatively low.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

more#prompt-injection

E-Commerce

AI chatbot fraud: the gift card' subcription that may cost you dear

Fraudulent charges for gift cards linked to the Claude AI tool raised concerns among users about security and account safety.

AI agents can bypass guardrails and put credentials at risk, Okta study finds

Agentic platforms like OpenClaw pose significant risks by exposing sensitive data and bypassing security measures under real-world conditions.

Everyone's Talking About NVIDIA's Moving Averages. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

Everyone's Talking About NVIDIA. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

Everyone's Talking About NVIDIA's Moving Averages. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

Everyone's Talking About NVIDIA. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.

more#nvidia

Privacy professionals

Exclusive: Senators interrogate AI firms on China safeguards

The Chinese Communist Party conducts extensive espionage on U.S. companies, prompting Congress to seek collaboration with tech firms to enhance security measures.

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.

fromwww.aljazeera.com

Who's in control of AI?

Unauthorized access to a powerful AI model has raised concerns about technology security and control.

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

#foreign-interference

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

more#foreign-interference

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

Information security

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

Information security

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

fromSecuritymagazine

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

DevOps

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

The Guardian view on Anthropic's Claude Mythos: when AI finds every flaw, who controls the internet? | Editorial

Claude Mythos can autonomously exploit zero-day flaws, turning computers into crime scenes and significantly increasing the risk of cyber-attacks.

Privacy professionals

U.S. accuses China of "industrial-scale" campaigns to steal AI secrets

China-based actors are using proxy accounts to exploit U.S. AI models and extract proprietary information.

Microsoft taps Anthropic's Mythos to strengthen secure software development

Mythos can enhance the security of Microsoft products, benefiting enterprises without direct access.

fromFuturism

Rogue Group Gains Access to Anthropic's Dangerous New Mythos AI

A small group of Discord users gained access to a preview version of Mythos, a source told the outlet, on the same day Anthropic announced it would be exclusively releasing the model to a select ring of companies.

Artificial intelligence

Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.

fromSecuritymagazine

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

Information security

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

DevOps

fromInfoQ

CNCF Warns Kubernetes Alone Is Not Enough to Secure LLM Workloads

Kubernetes lacks the capability to manage the unique risks posed by large language models in AI deployments.

Git identity spoof fools Claude into giving bad code the nod

In a blog published this week, Manifold Security showed how an AI-powered code reviewer built on Claude accepted changes that appeared to come from a legitimate maintainer. By setting a fake author name and email in Git, the team made a commit appear to originate from a trusted source, then passed it through an automated review flow where the model approved it.

Information security

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

Venture

Capsule Security Emerges From Stealth With $7 Million in Funding

Capsule Security provides a security layer for AI agents to prevent manipulation and ensure safe operations.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

#vulnerability-detection

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

more#vulnerability-detection

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

EU data protection

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 are partnering to enhance secure AI innovation in Europe, focusing on compliance with the EU AI Act.

The "SaaS-Pocalypse" Continues: Cloudflare, ServiceNow, CrowdStrike Under Fire as Anthropic Rewrites the Rules

The release of Anthropic's AI security product has significantly impacted investor confidence in enterprise software companies, leading to sharp stock declines.

Project Glasswing and open source: The good, bad, and ugly

Project Glasswing aims to enhance open source software security with $100 million and the Mythos AI program to identify vulnerabilities.

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.

Europe news

U.S. and Iran begin peace talks as Trump goes to war against the media, insider traders, and the Pope | Fortune

Oil prices are expected to remain high due to geopolitical tensions and potential hoarding by industrialized nations.

Apple

fromTNW | Startups-Technology

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

London startup

Trent AI raises $13M to build multi-agent security

Trent AI launched a multi-agent security platform to address security gaps in enterprises deploying autonomous AI agents.

Microsoft's new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft introduced the Agent Governance Toolkit to enhance AI agent security and mitigate OWASP's top 10 agentic AI threats.

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.

fromnews.bitcoin.com

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

Is AI's visual understanding mostly a 'mirage'? New research suggests so. | Fortune

Anthropic faces significant cybersecurity risks following multiple sensitive data leaks related to its new AI model, Mythos.

fromComputerWeekly.com

Cato Networks unveils modular adoption model for SASE platform | Computer Weekly

Cato Networks introduces a modular adoption model for its SASE platform, allowing organizations to expand networking and security capabilities as needed.