Brace for the patch tsunami: AI is unearthing decades of buried code debt
Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once
Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once Britain's cyber agency is warning that AI-fuelled bug hunting is about to flush out years of buried flaws, leaving defenders scrambling to keep up.…
Flaw Finding Model Integrated into a Slew of Cybersecurity PlatformsClaude artificial intelligence maker Anthropic announced Thursday wider availability of a model it described as its second-most powerful model for finding and patching software flaws. Anthropic is making Claude Security available as a "public beta" for enterprise customers.
Startup Acquisition Adds Centralized Policy Control Over Agent CommunicationsPalo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime security, identity controls and governance, addressing rising risks from autonomous agents with broad system access and fragmented enterprise visibility.
Also: Google’s $40B AI Bet, Insights From Google Next ConferenceIn this week's panel, four ISMG editors discussed North Korea's use of fake video meetings to fuel crypto fraud, Google's $40 billion investment in Anthropic and what it signals for the AI race, and key takeaways from Google Next in Las Vegas on enterprise AI adoption.
Federal Cybersecurity Funding Declines; Criminals Could Access Mythos-Class ModelsEfforts to combat ransomware and improve resilience continue to deliver - but the situation is fraught, with the American government no longer the cybersecurity leader it once was. Emerging frontier artificial intelligence models additionally look set to hand attackers formidable new capabilities.
North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.
State CIO Brandon Ragle on AI Governance, Risk and Workforce ImpactIllinois is taking a cautious, governance-first approach to AI, focusing on workforce productivity and citizen services. CIO Brandon Ragle explains how the state is balancing innovation with data protection, identity controls and oversight as it scales AI across agencies.
The guidance warns that agents capable of taking real-world actions on networks are already inside critical infrastructure, and most organizations are granting them far more access than they can safely monitor or control. The post US government, allies publish guidance on how to safely deploy AI agents appeared first on CyberScoop.
The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper security testing.
Claude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents required
Altman's crew now doing the same gatekeeping it recently mocked
Altman's crew now doing the same gatekeeping it recently mocked OpenAI is lining up a limited release of its new GPT-5.5-Cyber model to a handpicked circle of "cyber defenders," just weeks after taking a swipe at Anthropic for doing almost exactly the same thing.…
A researcher from offensive security firm Theori has found a nine-year-old flaw in the Linux kernel with the help of AI
Tightening Budgets and AI-Enabled Attacks Stretch State Cyber DefensesState CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.
Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE FlawThis week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution.
Combined Platform Spans Dependencies, Extensions, Developer ToolsSocket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows.
The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available.
KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start