AI's not going to kill open source code security
Cal.com considers AGPL a license to drill, but not everyone feels that way
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
Cal.com considers AGPL a license to drill, but not everyone feels that way
Cal.com considers AGPL a license to drill, but not everyone feels that way Opinion Cal.com has closed its commercial codebase, abandoning years of AGPL-3.0 licensing in a move that has alarmed the developer community that helped build it and sent ripples through the broader open source world.…
Also: Embedded AI in Pharmaceutical Sector, the Story Behind Apple's CEO ChangeIn this week's panel, four ISMG editors examine what’s really behind Apple's CEO transition, how pharmaceutical giants are racing to embed artificial intelligence across core operations, and why AI-driven threats are forcing a rethink of how quickly defenders can respond.
Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX's MDR CoreTekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model.
Okta's Shiven Ramji on Visibility, Identity and Hidden RiskEnterprises are rapidly deploying AI agents, but many don't know where they are or what they're accessing. Shiven Ramji of Okta explains why "shadow agents" are the next major security risk and how identity, visibility and governance must evolve to keep up.
Agencies Urged to Track and Disrupt Coordinated AI Extraction CampaignsThe White House is escalating coordination with AI firms after identifying large-scale foreign campaigns using proxy accounts and jailbreaking techniques to extract capabilities from U.S. models, raising national security concerns and prompting new detection, logging and accountability measures.
Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to take advantage.
In the past six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.
Chipzilla hopes agents, robots, and edge devices make CPUs cool again... now it has to build the chips
Chipzilla hopes agents, robots, and edge devices make CPUs cool again... now it has to build the chips Intel is betting on AI to reverse its fortunes, wagering that inference and agentic workloads will restore the CPU to the center of compute - even as its chip manufacturing struggles persist.…
AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs Black Hat Asia Open source models can find bugs as effectively as Anthropic's Mythos, according to Ari Herbert-Voss, CEO of AI-powered security startup RunSybil and OpenAI's first security hire.…
Microsoft says IT administrators can now uninstall the AI-powered Copilot digital assistant from enterprise devices using a new policy setting, which has become broadly available after the April 2026 Patch Tuesday. [...]
Recent Package Compromises Pushed Software Component Trust to the Security AgendaCloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.
AMA Wants Privacy, Security AI Tool Protections, Especially in Mental HealthThe American Medical Association says using artificial intelligence chatbots carries risks - including data privacy and security breaches - and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm.
ZionSiphon was designed to find and sabotage Israelis’ water supply. An OT expert said it appears to be ineffective and the work of amateurs using AI. The post Dragos: Despite AI use, new malware targeting water plants is ‘hype’ appeared first on CyberScoop.
Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents
Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue to threaten AI systems.