Tag: ai

Microsoft’s GitHub shifts to metered AI billing amid cost crisis

Apr 28, 2026 7:39 PM

Tags: ai, github, microsoft

The all-you-can-eat AI buffet is coming to an end First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/microsofts_github_shifts_to_metered/
prompted 2026 Detection Deception Engineering In The Matrix

Apr 28, 2026 6:39 PM

Tags: ai, data, detection, intelligence

Author, Creator & Presenter: Bob Rudis, V.P. Data Science, Security Research, & Detection+Deception Engineering At GreyNoise Labs & Glenn Thorpe, Sr. Director, Security Research & Detection Engineering At GreyNoise Intelligence Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First…
prompted 2026 Detection Deception Engineering In The Matrix

Apr 28, 2026 6:39 PM

Tags: ai, data, detection, intelligence

Author, Creator & Presenter: Bob Rudis, V.P. Data Science, Security Research, & Detection+Deception Engineering At GreyNoise Labs & Glenn Thorpe, Sr. Director, Security Research & Detection Engineering At GreyNoise Intelligence Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First…
The Facebook ID problem breaking your DLP alerts

Apr 28, 2026 5:39 PM

Tags: ai, api, credit-card, data, detection, exploit, finance, governance, LLM, ml, PCI, risk, service, sql, technology, tool, zero-trust

How we reverse-engineered the structure of Facebook IDs to improve credit card classification. (This is blog 3 in our Classification Series. You can also read {children} and {children}) The concept behind data loss prevention (DLP) platforms is simple and powerful: Discover and classify sensitive data then apply policies to prevent that data from leaving the…
Warum Identity Attack Path Management durch KI immer wichtiger wird

Apr 28, 2026 5:39 PM

Tags: ai, attack, identity

Unternehmen priorisieren aktuell Transparenz über Angriffspfade (43 %) und Rechtebeziehungen (36 %) höher als die Integration generativer oder agentischer KI (40 %) First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-identity-attack-path-management-durch-ki-immer-wichtiger-wird/a44809/
Warum Identity Attack Path Management durch KI immer wichtiger wird

Apr 28, 2026 5:39 PM

Tags: ai, attack, identity

Unternehmen priorisieren aktuell Transparenz über Angriffspfade (43 %) und Rechtebeziehungen (36 %) höher als die Integration generativer oder agentischer KI (40 %) First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-identity-attack-path-management-durch-ki-immer-wichtiger-wird/a44809/
LLM Proxies vs. MCP Gateways: What’s the Difference?

Apr 28, 2026 4:38 PM

Tags: ai, LLM

As enterprise adoption of generative AI accelerates, so does the number of new components showing up in architecture diagrams. Among the common are LLM proxies and MCP gateways. They are often grouped together because they both sit between applications and AI systems, and both introduce a level of abstraction that is intended to simplify development……
From Shadow AI to Full Control: FireTail’s Q1 2026 Updates FireTail Blog

Apr 28, 2026 4:38 PM

Tags: access, ai, api, cloud, compliance, control, data, detection, finance, framework, google, governance, group, infrastructure, injection, LLM, nist, openai, risk, service, software, tool, update

Apr 28, 2026 – Timo Rüppell – Most security teams have accepted a hard truth in recent months. AI has already arrived in your organization. It resides in your codebase, runs in your cloud infrastructure, and is likely open in a nearby browser tab right now.The question is no longer whether to let AI in.…
Researchers Find 38 Flaws in OpenEMR. They’ve Been Fixed

Apr 28, 2026 4:38 PM

Tags: ai, flaw, healthcare, open-source, software, tool, vulnerability, zero-day

AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity Vulnerabilities. Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems. First seen on govinfosecurity.com Jump to…
Enterprise AI Adoption in 2026: Common Pitfalls, Risks, and Proven Strategies for Success

Apr 28, 2026 3:38 PM

Tags: ai, risk, strategy

AI is everywhere in boardroom conversations, strategy decks, and product roadmaps. Yet behind the buzz, a quieter reality is unfolding. Many enterprises are investing heavily…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/04/enterprise-ai-adoption-in-2026-common-pitfalls-risks-and-proven-strategies-for-success/
Critical Cursor bug could turn routine Git into RCE

Apr 28, 2026 3:38 PM

Tags: ai, attack, cvss, flaw, malicious, nvd, penetration-testing, phishing, rce, remote-code-execution

Expanded attack surface with agentic IDEs: Novee warned that while traditional IDEs are passive, doing what developers explicitly tell them to do, Cursor’s AI agent interprets intent and autonomously decides which commands to run, which includes Git operations. And that’s where the problem lies.”In traditional pentesting, ‘client-side’ attacks targeting developer machines have always been a…
The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards

Apr 28, 2026 3:38 PM

Tags: ai, credit-card, fido, finance, google

AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn’t a complete disaster. First seen on wired.com Jump to article: www.wired.com/story/the-race-is-on-to-keep-ai-agents-from-running-wild-with-your-credit-cards/
Microsoft fixes Entra ID flaw enabling privilege escalation

Apr 28, 2026 2:39 PM

Tags: access, ai, flaw, microsoft, service

Microsoft fixed a Microsoft Entra ID flaw where the Agent ID Administrator role could enable privilege escalation and account takeover. Microsoft addressed a flaw in Microsoft Entra ID that could let attackers take over service accounts. The issue involved the Agent ID Administrator role, which manages AI agent identities and access, and could be abused…
6 Lessons Security Leaders Must Learn About AI and APIs

Apr 28, 2026 2:39 PM

Tags: ai, api, attack, data, endpoint, tool, update

Most organizations treating AI security as a model problem are defending the wrong layer. Security teams filter prompts, patch jailbreaks, and tune model behavior, which is all necessary work, while the actual attack surface sits largely unexamined underneath. That surface is the API layer: the endpoints AI systems use to retrieve data, call tools, and…
Bridging the EU AI Act Compliance Gap FireTail Blog

Apr 28, 2026 1:39 PM

Tags: ai, breach, cloud, compliance, control, data, GDPR, governance, infrastructure, monitoring, privacy, risk, risk-management, tool, training

Apr 28, 2026 – Lina Romero – What the EU AI Act demandsThe EU AI Act classifies AI according to risk. Unacceptable risk is prohibited outright. High-risk AI systems are heavily regulated. Limited-risk systems face transparency obligations. The majority of obligations fall on providers, though deployers carry meaningful obligations too. If your organisation builds AI, buys…
After Mythos: New Playbooks For a Zero-Window Era

Apr 28, 2026 1:39 PM

Tags: ai, exploit, update, vulnerability

When patching isn’t fast enough, NDR helps contain the next era of threats.If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast.Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Microsoft Expands Copilot Agent Mode for Outlook Inbox and Calendar Tasks

Apr 28, 2026 12:39 PM

Tags: ai, communications, cyber, email, microsoft, tool, update

Microsoft announced a major evolution for Copilot in Outlook, shifting the tool from a passive assistant to an autonomous agent. Instead of simply drafting emails or summarizing threads on command, the AI now actively manages ongoing daily tasks. This agentic update enables the system to handle routine triage, resolve rescheduling conflicts, and prioritize communications in…
What CISOs need to get right as identity enters the agentic era

Apr 28, 2026 11:39 AM

Tags: access, ai, ciso, conference, control, credentials, cybersecurity, defense, governance, identity, jobs, least-privilege, malicious, mfa, monitoring, phishing, risk, technology, tool

Wilcox and Adams are speaking at the CSO Cybersecurity Awards & Conference, May 1113. Reserve your place.As a result, Adams says CISOs will increasingly need to adopt an identity-centric security architecture and there are several key tenets to consider.Build a strong foundation before layering on complexity. The instinct when modernizing an identity program, says Adams, is…
U.S. companies hit with record fines for privacy in 2025

Apr 28, 2026 10:39 AM

Tags: ai, law, privacy

The increase is being driven by powerful privacy laws in states like California, new interstate partnerships and a renewed focus on the privacy impacts of AI and automation. First seen on cyberscoop.com Jump to article: cyberscoop.com/privacy-companies-hit-with-record-fines-2025-gartner/
U.S. companies hit with record fines for privacy in 2025

Apr 28, 2026 10:39 AM

Tags: ai, law, privacy

The increase is being driven by powerful privacy laws in states like California, new interstate partnerships and a renewed focus on the privacy impacts of AI and automation. First seen on cyberscoop.com Jump to article: cyberscoop.com/privacy-companies-hit-with-record-fines-2025-gartner/
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

Apr 28, 2026 10:39 AM

Tags: ai, crypto, group, hacker, lazarus, north-korea, phishing, spear-phishing

Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bluenoroff-dprk-hackers-target/
Databricks erweitert Agent Bricks mit neuen Features und Governance

Apr 28, 2026 10:39 AM

Tags: ai, governance

Die Weiterentwicklungen zeigen klar: Der Fokus liegt auf skalierbarer und kontextbasierter KI ein entscheidender Schritt für den produktiven Einsatz von AI im Unternehmen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/databricks-erweitert-agent-bricks-mit-neuen-features-und-governance/a44800/
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Apr 28, 2026 9:39 AM

Tags: ai, attack, flaw, identity, intelligence, microsoft, service

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort.Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle operations…
KI verbreitet sich schneller als Unternehmen sie kontrollieren oder absichern können

Apr 28, 2026 7:39 AM

Tags: ai, risk

KI wird in vielen Unternehmen bereits eingesetzt, auch ohne offizielle Freigabe. Mitarbeitende nutzen entsprechende Anwendungen häufig eigenständig und ohne Einbindung der IT. So entsteht sogenannte Schatten-KI, die schwer zu kontrollieren ist und Risiken für Steuerung und Sicherheit mit sich bringt. Der aktuelle ‘Work Reborn Report” von Lenovo, Leading Your Workforce to Triumph with AI,… First…
Verhaltensanalysen für KI-Agenten in Cloud-Umgebungen: Transparenz und Anomalieerkennung als Sicherheitsfaktor

Apr 28, 2026 7:39 AM

Tags: ai, cloud, software

Wie Security-Teams autonome Software-Agenten über den Lebenszyklus hinweg beobachten, Normalverhalten modellieren und Abweichungen frühzeitig erkennen können. Mit der zunehmenden Verbreitung von KI-Agenten in Unternehmen entsteht eine neue Herausforderung für die IT-Sicherheit: Autonome Systeme handeln eigenständig, interagieren miteinander und greifen auf Daten sowie Dienste zu häufig bei eingeschränkter Nachvollziehbarkeit von Entscheidungen und Aktionen. Klassische… First seen…
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds

Apr 28, 2026 7:39 AM

Tags: access, ai, backup, breach, cyber, data, data-breach, infrastructure, saas, software, startup

A Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access controls. The Nine-Second Data Breach Jer Crane, founder of automotive software platform PocketOS, reported that the…
Contextual Anomaly Detection in Quantum-Resistant MCP Transport Layers

Apr 28, 2026 5:39 AM

Tags: ai, detection, infrastructure, tool

Explore how contextual anomaly detection secures MCP transport layers with quantum-resistant encryption. Learn to defend AI infrastructure against tool poisoning and prompt injection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/contextual-anomaly-detection-in-quantum-resistant-mcp-transport-layers/
Pentagon’s Anthropic Fight Draws Rebuke From Ex-DOD Leaders

Apr 28, 2026 1:39 AM

Tags: ai, defense, government, group, intelligence, risk, supply-chain

Former Officials, Tech Groups Say Anthropic Designation Is Illegal – and Dangerous. Former U.S. defense and intelligence officials argue the Pentagon’s designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem. First seen on govinfosecurity.com Jump to article:…