"Nation-state risk remains constant. In June, US authorities urgently warned companies to prepare for Iranian cyber attacks. This is just one example of the environment we're in. Security teams must be ready to defend at a moment's notice. Threats will mix disinformation and low-level disruption with more sophisticated tradecraft, all of which combined can have destructive consequences. Human vulnerability is a favourite target of attackers."
"AI's rise pressures us to modernise, but introduces new gaps. Enterprise adoption of generative AI surged in 2025. Traffic to generative AI sites jumped by 50%, while 68% of employees used free-tier tools, and 57% admitted to pasting sensitive data into them. With this, it's key to remember that AI-generated exploits and misinformation are already here. The security community needs to zero in on model manipulation techniques like prompt injection and proactively test these AI systems through the eyes of the attackers."
Nation-state cyber risk remains persistent and demands constant readiness against a mix of disinformation, low-level disruption, and advanced tradecraft. Social engineering repeatedly exploits human vulnerability, showing that technical controls alone are insufficient. Generative AI adoption surged, with substantial employee use of free tools and frequent pasting of sensitive data, creating new exploitation and misinformation risks. Model-manipulation techniques such as prompt injection are active threats that require attacker-perspective testing and proactive defenses. Crowd-led testing and diverse human researchers remain crucial for finding gaps. Governance and accountability are increasing, with executive incentives now tied to measurable security outcomes.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]