MITRE Launches AI Incident Sharing Initiative
The collaboration with industry partners will improve collective AI defenses. Trusted contributors receive protected and anonymized data on real-world AI incidents.
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
The collaboration with industry partners will improve collective AI defenses. Trusted contributors receive protected and anonymized data on real-world AI incidents.
Google Pushes for Gen AI and Platformization to Counter Sophisticated ThreatsGoogle asserts that platformization and consolidation can help contain today's sophisticated threats. Embedding generative AI into security is also required as the industry moves from assisted AI to semi-autonomous and, eventually, to autonomous security, with the goal of security by default.
'You can build this in a few days – even as a very naïve developer' A pair of inventive Harvard undergraduates have created what they believe could be one of the most intrusive devices ever built – a wake-up call, they tell The Register, for the world to take privacy seriously in the AI era.…
Also: Prison Sentences for BEC Scammers and a West African Cybercrime CrackdownThis week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows vulnerability: Is it real?
"Pig butchering," generative AI, and spear-phishing have all transformed digital warfare.
ENISA's Ifigeneia Lella Shares Highlights of 2024 Threat Landscape ReportWhile the number of ransomware attacks stayed about the same in the past year, cybercriminals are using more effective tactics such as weaponizing breach disclosure deadlines to extract higher ransoms, according to ENISA's 2024 Threat Landscape report.
Although the veto was a setback, it highlights key debates in the emerging field of AI governance and the potential for California to shape the future of AI regulation.
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
The FIN7 group is mounting a sophisticated malware campaign that spans numerous websites, to lure people with a deepfake tool promising to create nudes out of photos.
Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads
This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.
Generative AI is being used to make cyberscams more believable. Here's how organizations can counter that using newly emerging tools and reliable methods.
Thrive Capital, Microsoft, SoftBank, Nvidia Reportedly Lead OpenAI's Latest FundingOpenAI’s new $6.6 billion round of funding has nearly doubled its valuation to $157 billion. With investments from Thrive Capital, Microsoft, SoftBank and Nvidia, OpenAI plans to expand its AI research while facing pressures around executive turnover and its transition away from a nonprofit model.
Strawberry Can Also Assist with Making Weapons that Wipe Out HumansOpenAI claims its new artificial intelligence model, designed to "think" and "reason," can solve linguistic and logical problems that stump existing models. Officially called o1, the model nicknamed Strawberry can deceiving users and help make weapons that can obliterate the human race.
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. [...]
Organizations looking to maximize their security posture will find AI a valuable complement to existing people, systems, and processes.
Strategies for securing intellectual property in AI systems Webinar As enterprises increasingly incorporate AI, the challenge of protecting private intellectual property (IP) often becomes more difficult.…
AI Act General Purpose AI Rules to be Enforced in 2025The European Commission appointed a 13 member team to draft the general purpose artificial intelligence code of practice mandated by the AI Act. The commission on Monday announced four working groups that will oversee drafting of the rules.
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in