ai

Operationalizing Day Minus Seven: The Cloud-Native ROC
The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

3 Ways AI Powers Service Desk Attacks and How to Prevent Them
Artificial intelligence is increasingly being used by attackers to enhance service desk attacks, particularly during employee onboarding. AI tools can create more convincing impersonations, accelerate reconnaissance for personalized attacks, and scale malicious campaigns. To counter these threats, organizations need to implement stronger identity verification methods, such as secure password delivery, biometric liveness detection, and multi-factor authentication before sensitive actions are approved.

Bug in top AI coding agents shows that Unix-era security headaches never really die
A vulnerability dubbed "GhostApproval" has been discovered in at least six popular AI coding assistants, allowing them to access files outside their designated workspaces and potentially execute remote code. The flaw exploits symbolic links, a long-standing security issue, to trick agents into writing malicious content, such as SSH keys, to sensitive system files. While some vendors have patched the issue and assigned CVEs, others have downplayed the risk or are yet to release fixes.

Cybersecurity and the Gap Between Skill and Ability
The increasing capability of AI models to autonomously perform cyberattacks is widening the gap between skill and ability, lowering the barrier to entry for malicious actors. While traditional cybersecurity advice remains relevant, the speed of AI development necessitates a more urgent and adaptive approach. Harnessing AI for defense is seen as a crucial countermeasure, though challenges remain in preventing misuse of powerful AI tools.

Found fast, fixed slow: The gap the AI clearinghouse must close
A new AI cybersecurity clearinghouse, mandated by a recent executive order, faces the critical challenge of moving beyond rapid vulnerability discovery to effective remediation. While AI can quickly identify software flaws, the process of validating, prioritizing, and patching these issues remains a significant bottleneck, particularly for open-source software. The clearinghouse must focus on building infrastructure for triage, incentivizing maintainer and user collaboration, and leveraging Software Bills of Materials (SBOMs) to ensure vulnerabilities are actually fixed.

State IDs for AI Agents: Will Estonia Set a Precedent?
Estonia is exploring methods to facilitate the use of AI agents by its citizens for governmental services. This initiative brings forth important questions regarding digital identity and authentication for AI entities.

The Threat Isn’t the Frontier Model
The article argues that the primary AI security threat is not advanced frontier models, but rather the increasing accessibility of powerful open-source AI models that can be run on modest hardware. Adversaries are expected to leverage these models for autonomous attacks as quantization reduces their resource requirements. CISOs are urged to proactively build and test defensive AI agents now to counter this emerging threat, focusing on areas like Continuous Threat Exposure Management (CTEM), Breach and Attack Simulation (BAS), and Security Operations.

Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft
Varonis identified a vulnerability in Google Dialogflow CX, dubbed the Rogue Agent flaw, which allowed for the theft of AI chatbot data. Google has since implemented a fix for this issue.

SharpHound Recon Attack – How AI enhanced the threat hunt
Researchers integrated an AI-driven security agent with full packet capture technology at Cisco Live AMER 2026 to automate threat hunting and analysis. The system successfully identified a potential SharpHound reconnaissance attack, analyzed network traffic, and accurately determined it to be a benign near-miss, saving significant analyst time and demonstrating the AI's potential to boost SOC efficiency.

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
A now-patched flaw in Google Dialogflow CX could have allowed chatbot hijacking. An attacker with edit rights on a single Code Block agent could compromise other agents in the same Google Cloud project and read live conversations.

Britain plans to build autonomous AI 'Cyber Shield' to defend nation
Britain is developing an autonomous AI-powered Cyber Shield to strengthen national defense against cyber threats. The National Cyber Security Centre says such a system is needed as attackers could operate at machine speed and scale.

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants
A now-patched critical session isolation flaw was found in the enterprise generative-AI platform Writer. It could have let agent previews leak session tokens, enabling cross-tenant compromise.

CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws
CISA is reportedly using Anthropic Mythos AI to scan government software for vulnerabilities. The audits are said to be led by the agency Attack Surface Evaluation team to strengthen federal security reviews.

Webinar tomorrow: Why modern email attacks require a new approach to defense
A webinar examines why modern email attacks require new defenses. It highlights behavioral AI for detecting phishing, business email compromise, and account takeover while reducing alert fatigue.

Cyber Shield: The path to an agentic AI future for cyber defence
The UK's GCHQ has unveiled 'Cyber Shield,' a blueprint for a national cyber defence capability integrating agentic AI. This initiative aims to counter escalating cyber threats by enabling machine-speed identification, reduction, and resolution of national cyber risks. Cyber Shield will foster collaboration across sectors to develop and deploy AI-powered defensive agents, enhancing the UK's resilience against both current and future sophisticated attacks.

What Changes When Your Software Supply Chain Includes AI Writing Your Code?
The use of AI in software development introduces new challenges to supply chain security. Organizations must now consider the security implications of AI-generated code, in addition to traditional component analysis. This requires a reevaluation of existing security practices to adapt to AI's role in code creation.

Keyfactor Scores $1 Billion+ Investment for AI, Post-Quantum Security
Keyfactor, a provider of machine identity and cryptographic security solutions, has announced a funding round valued at over $1 billion. The investment will support the advancement of its platform, with a focus on addressing future security challenges from artificial intelligence and post-quantum cryptography.

Phishing poses as big-brand job interview to steal Google accounts
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]

JadePuffer: The First Complete LLM-Driven Ransomware Attack
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Th

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in

Chinese LLMs Broaden the Gap Between Attackers & Defenders
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?

Flock Cameras Can Surveil Cars Without License Plates
This is from a 2024 company presentation: Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags. Flock calls it a “Vehicle Fingerprint” and it’s touted as a wa

Apple Reverses Age-Old Patch Policy to Keep Up With AI
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This

Context Engineering | Compaction & Agent Memory for Automated Malware Analysis
SentinelLABS has evaluated OpenAI's native context compaction feature for automated malware analysis, finding it significantly reduces token usage and costs without impacting overall task quality. Compaction compresses past context into a denser working state, which is crucial for long-running agent tasks where context can accumulate rapidly and degrade performance. While effective, the analysis noted a slight decrease in the model's ability to recover higher-level structural reasoning, underscoring the need to store critical artifacts in durable storage rather than relying solely on compacted context.

Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.
IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open source software supply chain.

Identity Lifecycle Management Wasn't Built for AI Agents
Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance mode

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: br

'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.

Fake Bug Report Hijacks AI Coding Agents at Scale
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.

Attackers Seize Exposed AI Endpoints to Power Offensive Ops
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.

Why Identity Security Is Your Cyber Career Entry Point
In this "Heard it From a CISO" video, Silverfort CISO John Paul Cunningham explains that AI in cybersecurity workflows is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into this essential f

AI-Generated Workflows Are a Silent Security Disaster
Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.

The Realities of AI Video Surveillance
The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way

'Djinn' Stealer Targets Cloud, AI Credentials
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.

AI Decline? Confidence in Autonomous Penetration Testing Falls
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.

AI Won't Wipe Out Entry-Level Cybersecurity Jobs
Artificial intelligence is not anticipated to eliminate entry-level positions within the cybersecurity sector. Instead, it is expected to create new job opportunities, especially for individuals who demonstrate strong human decision-making skills.

Beyond IOCs: AI-enabled threat intelligence
This week's newsletter explores how artificial intelligence can enhance threat intelligence capabilities. AI is expected to facilitate the creation of easily searchable data sources derived from intelligence reports, thereby improving access and utility of information for security professionals.

Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model
Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed
What if your AI coding assistant could be tricked into stealing your own company's secrets - by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Me

Smashing Security podcast #471: This AI worm just rewrote its own rules
Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the powerful ones to host its own AI brain. An

Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds
Hackers have been hijacking Instagram accounts at scale by exploiting Meta's AI support chatbot. And, as if that weren't bad enough, the technique required no technical skill whatsoever. Read more in my article on the Fortra blog.

Reporting from Vegas: Networking, AI, and good boys
Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.

Smashing Security podcast #470: This AI security flaw might be impossible to fix
A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to war

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how

AI threats in the wild: The current state of prompt injections on the web
Google's Threat Intelligence teams have analyzed the prevalence of indirect prompt injection (IPI) attacks on the public web. Their research indicates that while sophisticated IPI attacks are not yet widespread, there is a growing trend of experimentation by threat actors. The observed attacks range from harmless pranks and SEO manipulation to more concerning attempts at data exfiltration and system destruction, though current implementations are often simplistic.

A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis ofte