LLMs' AI-Generated Code Remains Wildly Insecure
Security debt ahoy: only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
Security debt ahoy: only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.
ISC2 is launching a 6-course certification program to address the growing demand for AI security expertise. Courses cover topics such as AI fundamentals, ethics, and risks.
The SIEM market is at a pivotal point as XDR platforms and generative AI shake up the security analytics space.
Using the API Connections for Azure Logic Apps, a security researcher found unauthenticated users could access sensitive data of other customers.
Attackers are becoming faster at exploiting vulnerabilities but this startup seeks to stop threats before they lead to breaches.
A proof-of-concept attack shows how threat actors can use a poisoned browser extension to inject malicious prompts into a generative AI tool.
The rise of agentic AI means the battle of the machines is just beginning. To win, we'll need our own agents — human and machine — working together.