#ai-security

[ follow ]
#cybersecurity #vulnerabilities #prompt-injection #anthropic #data-breach #data-protection #project-glasswing
Business
fromFortune
15 hours ago

Wall Street piles into 'NACHO' bet on looming oil shortages in June | Fortune

Token theft is rising in AI services, with criminals using stolen tokens to drive costs and enable fraud.
Information security
fromTechzine Global
18 hours ago

Mozilla: AI-powered bug detection produces very few false positives

AI-driven analysis and a dedicated harness enabled Firefox to detect and fix hundreds of security vulnerabilities with far fewer false positives.
#supply-chain-attack
Information security
fromSecurityWeek
1 day ago

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

A critical CVSS 10/10 vulnerability in Gemini CLI's -yolo mode allowed attackers to inject malicious prompts via GitHub issues, potentially enabling full supply chain compromise through credential theft and unauthorized repository access.
Information security
fromSecurityWeek
1 day ago

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

A critical CVSS 10/10 vulnerability in Gemini CLI's -yolo mode allowed attackers to inject malicious prompts via GitHub issues, potentially enabling full supply chain compromise through credential theft and unauthorized repository access.
more#supply-chain-attack
Artificial intelligence
fromNextgov.com
3 days ago

Commerce AI center will evaluate Google Deepmind, Microsoft and xAI models

The Commerce Department will test leading AI models for security before deployment, overseen by CAISI within the National Institute of Standards and Technology.
Information security
fromThe Hacker News
3 days ago

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

AI infrastructure security is compromised due to rapid deployment without proper authentication, exposing sensitive data and increasing vulnerability.
Artificial intelligence
fromAxios
4 days ago

Trump administration considering safety review for new AI models

The White House is developing an AI security framework to assess vulnerabilities before public deployment of advanced AI models.
#cisco
Information security
fromSecurityWeek
4 days ago

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks

Cisco intends to acquire Astrix Security to enhance security for non-human identities in response to rising AI-related risks.
Information security
fromSecurityWeek
4 days ago

Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks

Cisco intends to acquire Astrix Security to enhance security for non-human identities in response to rising AI-related risks.
more#cisco
#prompt-injection
fromSecurityWeek
1 week ago
Information security

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

fromSecurityWeek
3 weeks ago
Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Information security
fromTNW | Anthropic
3 weeks ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.
Information security
fromTechRepublic
4 days ago

Indirect Prompt Injection Is Now a Real-World AI Security Threat

AI agents are vulnerable to prompt injection attacks, leading to data breaches and security risks in enterprise systems.
Information security
fromSecurityWeek
1 week ago

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google's research reveals an increase in indirect prompt injection attacks on AI, though their sophistication remains relatively low.
Information security
fromTheregister
2 weeks ago

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.
Information security
fromSecurityWeek
3 weeks ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.
Information security
fromTNW | Anthropic
3 weeks ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.
more#prompt-injection
#cybersecurity
fromAxios
1 week ago
Artificial intelligence

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Artificial intelligence
fromAxios
1 week ago

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.
Artificial intelligence
fromAbove the Law
3 weeks ago

What Lawyers Need To Know About Anthropic's Mythos - Above the Law

Anthropic's new AI model, Claude Mythos, uncovers significant security vulnerabilities, raising concerns about its potential impact on cybersecurity.
more#cybersecurity
E-Commerce
fromwww.theguardian.com
5 days ago

AI chatbot fraud: the gift card' subcription that may cost you dear

Fraudulent charges for gift cards linked to the Claude AI tool raised concerns among users about security and account safety.
Information security
fromComputerworld
1 week ago

AI agents can bypass guardrails and put credentials at risk, Okta study finds

Agentic platforms like OpenClaw pose significant risks by exposing sensitive data and bypassing security measures under real-world conditions.
#nvidia
Business
from24/7 Wall St.
1 week ago

Everyone's Talking About NVIDIA's Moving Averages. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.
Business
from24/7 Wall St.
1 week ago

Everyone's Talking About NVIDIA. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.
Business
from24/7 Wall St.
1 week ago

Everyone's Talking About NVIDIA's Moving Averages. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.
Business
from24/7 Wall St.
1 week ago

Everyone's Talking About NVIDIA. Smart Money Is Watching CrowdStrike Instead

NVIDIA's stock is overvalued while CrowdStrike presents a compelling investment opportunity due to its critical role in AI security.
more#nvidia
Information security
fromSecurityWeek
1 week ago

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.
Privacy professionals
fromAxios
1 week ago

Exclusive: Senators interrogate AI firms on China safeguards

The Chinese Communist Party conducts extensive espionage on U.S. companies, prompting Congress to seek collaboration with tech firms to enhance security measures.
#crowdstrike
Information security
from24/7 Wall St.
1 week ago

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.
Information security
fromTechzine Global
1 month ago

CrowdStrike Falcon Update Makes the Endpoint the Hub for AI Security

CrowdStrike enhances the Falcon platform with new AI security features, making endpoints central to detecting and managing AI applications.
Information security
from24/7 Wall St.
1 week ago

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.
Information security
fromTechzine Global
1 month ago

CrowdStrike Falcon Update Makes the Endpoint the Hub for AI Security

CrowdStrike enhances the Falcon platform with new AI security features, making endpoints central to detecting and managing AI applications.
more#crowdstrike
#foreign-interference
Intellectual property law
fromTechRepublic
2 weeks ago

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.
Intellectual property law
fromNextgov.com
2 weeks ago

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.
Intellectual property law
fromTechRepublic
2 weeks ago

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.
Intellectual property law
fromNextgov.com
2 weeks ago

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.
more#foreign-interference
#vulnerabilities
fromFortune
2 weeks ago
Information security

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

fromTheregister
2 weeks ago
Information security

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.
Information security
fromFortune
2 weeks ago

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.
Information security
fromTheregister
2 weeks ago

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.
more#vulnerabilities
#open-source
DevOps
fromTheregister
2 weeks ago

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.
Software development
fromZDNET
3 weeks ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
Information security
fromYcombinator
3 weeks ago

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.
DevOps
fromTheregister
2 weeks ago

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.
Software development
fromZDNET
3 weeks ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
Information security
fromYcombinator
3 weeks ago

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.
more#open-source
Information security
fromZDNET
2 weeks ago

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.
Artificial intelligence
fromwww.theguardian.com
2 weeks ago

The Guardian view on Anthropic's Claude Mythos: when AI finds every flaw, who controls the internet? | Editorial

Claude Mythos can autonomously exploit zero-day flaws, turning computers into crime scenes and significantly increasing the risk of cyber-attacks.
Privacy professionals
fromAxios
2 weeks ago

U.S. accuses China of "industrial-scale" campaigns to steal AI secrets

China-based actors are using proxy accounts to exploit U.S. AI models and extract proprietary information.
fromFuturism
2 weeks ago

Rogue Group Gains Access to Anthropic's Dangerous New Mythos AI

A small group of Discord users gained access to a preview version of Mythos, a source told the outlet, on the same day Anthropic announced it would be exclusively releasing the model to a select ring of companies.
Artificial intelligence
fromTNW | Anthropic
2 weeks ago
Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.
Information security
fromSecuritymagazine
2 weeks ago

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.
fromTNW | Anthropic
2 weeks ago
Information security

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.
Artificial intelligence
fromTechRepublic
2 weeks ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.
DevOps
fromInfoQ
3 weeks ago

CNCF Warns Kubernetes Alone Is Not Enough to Secure LLM Workloads

Kubernetes lacks the capability to manage the unique risks posed by large language models in AI deployments.
fromTheregister
3 weeks ago

Git identity spoof fools Claude into giving bad code the nod

In a blog published this week, Manifold Security showed how an AI-powered code reviewer built on Claude accepted changes that appeared to come from a legitimate maintainer. By setting a fake author name and email in Git, the team made a commit appear to originate from a trusted source, then passed it through an automated review flow where the model approved it.
Information security
Venture
fromSecurityWeek
3 weeks ago

Capsule Security Emerges From Stealth With $7 Million in Funding

Capsule Security provides a security layer for AI agents to prevent manipulation and ensure safe operations.
Information security
fromInfoQ
3 weeks ago

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.
#vulnerability-detection
Information security
fromTechzine Global
3 weeks ago

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.
Information security
fromAxios
1 month ago

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.
Information security
fromTechzine Global
3 weeks ago

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.
Information security
fromAxios
1 month ago

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.
more#vulnerability-detection
Information security
from24/7 Wall St.
4 weeks ago

The "SaaS-Pocalypse" Continues: Cloudflare, ServiceNow, CrowdStrike Under Fire as Anthropic Rewrites the Rules

The release of Anthropic's AI security product has significantly impacted investor confidence in enterprise software companies, leading to sharp stock declines.
Information security
fromThe Hacker News
4 weeks ago

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.
Europe news
fromFortune
4 weeks ago

U.S. and Iran begin peace talks as Trump goes to war against the media, insider traders, and the Pope | Fortune

Oil prices are expected to remain high due to geopolitical tensions and potential hoarding by industrialized nations.
Apple
fromTheregister
4 weeks ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
Software development
fromInfoWorld
1 month ago

Microsoft's new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft introduced the Agent Governance Toolkit to enhance AI agent security and mitigate OWASP's top 10 agentic AI threats.
Information security
fromSecurityWeek
1 month ago

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.
Information security
fromnews.bitcoin.com
1 month ago

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.
Information security
fromArs Technica
1 month ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
Information security
fromInfoWorld
1 month ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
Information security
fromSecurityWeek
1 month ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Information security
fromSecurityWeek
1 month ago

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.
Artificial intelligence
fromFortune
1 month ago

Is AI's visual understanding mostly a 'mirage'? New research suggests so. | Fortune

Anthropic faces significant cybersecurity risks following multiple sensitive data leaks related to its new AI model, Mythos.
Information security
fromComputerWeekly.com
1 month ago

Cato Networks unveils modular adoption model for SASE platform | Computer Weekly

Cato Networks introduces a modular adoption model for its SASE platform, allowing organizations to expand networking and security capabilities as needed.
Information security
fromSecurityWeek
1 month ago

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.
Artificial intelligence
fromInfoQ
1 month ago

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.
Information security
fromTechRepublic
1 month ago

The Next Billion Users Won't Be Human: Securing the Agentic Enterprise

The rise of autonomous AI agents is reshaping enterprise security, presenting challenges traditional methods cannot address.
Venture
fromwww.businessinsider.com
1 month ago

This startup just raised $6 million from 8VC and Marc Benioff to find the hidden security flaws in AI code

Enclave, a startup focused on identifying dangerous AI-generated security flaws, has launched with $6 million in seed funding and a $33 million valuation.
fromTechCrunch
1 month ago

Databricks bought two startups to underpin its new AI security product | TechCrunch

Lakewatch leverages Databricks' data storage capabilities to perform essential SIEM tasks, such as threat detection and investigation, enhanced by AI agents from Anthropic's Claude.
Information security
Information security
fromTechzine Global
1 month ago

Microsoft Secures AI Agents with Defender, Entra, and Purview

Microsoft introduces new features to secure AI agents, emphasizing the need for a dedicated security layer for their management and protection.
Privacy professionals
fromFuturism
1 month ago

Analyst Warns Against Using Microsoft's Copilot AI on Friday Afternoons

Microsoft's Copilot AI has caused security concerns due to errors like hallucinating reports and exposing sensitive data.
Software development
fromThe Hacker News
1 month ago

How Ceros Gives Security Teams Visibility and Control in Claude Code

AI coding agents like Claude Code operate outside existing enterprise security controls, requiring new machine-level security infrastructure to provide visibility, policy enforcement, and audit trails.
[ Load more ]