#web-security

#web-security

The only difference in this case is that attackers optimize for AI crawlers from various providers by means of a trivial user agent check that leads to content delivery manipulation. "Because these systems rely on direct retrieval, whatever content is served to them becomes ground truth in AI Overviews, summaries, or autonomous reasoning," security researchers Ivan Vlahov and Bastien Eymery said. "That means a single conditional rule, 'if user agent = ChatGPT, serve this page instead,' can shape what millions of users see as authoritative output."

As AI bot traffic grows, content creators are taking steps to protect their intellectual property from being scraped against their will. The publishing industry has spent the past year battling against the encroachment of AI tech, with companies like The New York Times and Ziff Davis suing AI platforms for scraping their copyrighted content and using it to train large language models.

Browser-side attacks are exploding as threat actors exploit vulnerable third-party web scripts. Most security tools don't address the browser layer effectively.

"This was a stealth miner, designed to avoid detection by staying below the radar of both users and security tools," security researcher Himanshu Anand said.

SSL was then, and is now, the minimum security a safe website should provide to its users. The protocol was also a major pain to set up and expensive to boot.