Why Amazon hates 'human-in-the-loop' AI governance
VP Eric Brandwine explains people aren't all that great, actually
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
VP Eric Brandwine explains people aren't all that great, actually
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution
As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.
Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. [...]
Campaigners say tech is unable to reliably distinguish between kids and adults at the boundary where use is planned
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time
A New York man faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student. [...]
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter handling, attackers can trigger arbitrary process execution through AutoGen Studio’s MCP WebSocket. The research highlights a broader pattern - when agents can browse untrusted content and access local services, traditional boundaries like localhost are no longer secure. The post AutoJack: How a single page can RCE the host running your AI agent appeared first on Microsoft Security Blog.
While preventing third parties from profiting off unauthorized deepfakes of artists and performers is a bipartisan concern, some business and digital rights groups are opposed. The post Congress tees up No FAKES Act, aiming at AI-generated deepfakes appeared first on CyberScoop.
Your Controls Assume a Human Is Acting on the Data Being Accessed. But AI Isn't HumanAI is exposing a blind spot in enterprise security: Controls built for humans don't work on agents that never pause, filter or apply judgment. New CISO research shows many organizations can't track what AI is accessing - turning existing data gaps into machine-speed risk.
Understand Agentic AI Risks and Secure All MCP DeploymentsMCP has rapidly become the connective tissue of the agentic AI era and the standard for connecting AI agents to enterprise systems. But it also introduces new attack vectors, from tool poisoning to prompt injection. Here are six ways to reduce the risk.
Restrictions Highlight Growing U.S.-China AI Security TensionsJPMorgan Chase removed Anthropic's Claude models from its approved AI platform for employees in Hong Kong, following restrictions tied to Greater China access rules and underscoring how U.S. export controls and geopolitical concerns are reshaping enterprise AI adoption in global financial markets.
If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no
The internet did not break this week. It got used exactly as designed, which is worse
The consulting giant’s majority stake in Dragos, along with the purchase runZero and NetRise, marks its first major push into operational technology software as AI-driven threats to critical infrastructure intensify. The post Accenture shells out $4.18B on three companies in big industrial cybersecurity push appeared first on CyberScoop.
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos
Analysis of chatter on underground forums by Sophos finds that hackers fear AI could take work away from them
"Shield-6G" will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow.
Latest Interpol review shows how scams continue to dominate, and AI-enabled attackers prove too hot to handle for cash-strapped regions