Tag: ai
-
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution.LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications.”An SQL injection in LangGraph’s function could First seen on thehackernews.com Jump to article:…
-
Wenn KI-Gesichtserkennung falsch liegt: Dieser Mann musste zu Unrecht 50 Tage ins Gefängnis
Tags: aiFirst seen on t3n.de Jump to article: t3n.de/news/ki-gesichtserkennung-liegt-falsch-50-tage-gefaengnis-1747112/
-
Strict sovereign AI policies could cost APAC economies billions
Tags: aiA new Oxford Economics report reveals that pursuing total AI self-sufficiency will lead to economic trade-offs, delayed enterprise adoption, and higher carbon footprints across the region First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644332/Strict-sovereign-AI-policies-could-cost-APAC-economies-billions
-
Browser-Extension gegen unkontrollierten Datenabfluss an KI-Dienste – Eye Security veröffentlicht AI Leak Block
First seen on security-insider.de Jump to article: www.security-insider.de/ai-leak-block-browser-schutz-ki-datenabfluss-a-7b2ec1d1e2b2852d7ef9c9dde57d8099/
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
KI-Governance im Fokus: Was der Lockdown Mode von OpenAI wirklich sagt
OpenAI hat aktuell den »Lockdown Mode« für ChatGPT angekündigt. Dabei tat das Unternehmen etwas Bemerkenswertes: Es bestätigte öffentlich, dass Prompt Injection über MCP-Konnektoren ein ernstes unternehmerisches Exfiltrationsrisiko darstellt. Es ist ernst genug, um darauf architektonisch zu reagieren. Für Sicherheits- und Compliance-Verantwortliche in deutschen Unternehmen, ob Mittelstand oder DAX-Konzern, ist diese Bestätigung wichtig und hat direkte……
-
How to use NIST and ISO frameworks to govern AI agents
Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/nist-iso-frameworks-govern-ai-agents/
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
AI sovereignty makes data centers strategic targets for cyber operations
Data centers built for frontier AI draw hundreds of megawatts of electricity and large volumes of cooling water from fixed locations with known addresses. Each one … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/ai-sovereignty-data-centers/
-
AI Act der EU: Deutsche Umsetzung soll Unternehmen nun Rechtssicherheit bieten
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/ai-act-eu-deutschland-umsetzung-unternehmen-rechtssicherheit
-
AI Act der EU: Deutsche Umsetzung soll Unternehmen nun Rechtssicherheit bieten
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/ai-act-eu-deutschland-umsetzung-unternehmen-rechtssicherheit
-
A Security Gets $37M to Thwart Weaponized AI With Automation
Lightspeed Funds Will Support Defenses Against Continuous, Machine-Led Exploitation. A Security, founded by former Sygnia executive Yossi Torati, emerged from stealth with $37 million to build defenses against weaponized AI that can automate discovery, exploit attack paths and manipulate agentic systems faster than human security teams can respond. First seen on govinfosecurity.com Jump to article:…
-
Researchers build autonomous AI worm that can reason and adapt
University of Toronto researchers created a proof-of-concept AI worm that dynamically identifies vulnerabilities and adapts its attack strategies. Here’s what it means for enterprises. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366643829/Researchers-build-autonomous-AI-worm-that-can-reason-adapt
-
Microsoft Restricts Claude Fable 5 Access Amid AI Safety Review
Microsoft reportedly limited internal use of Claude Fable 5 while legal teams review Anthropic’s 30-day data-retention policy. The post Microsoft Restricts Claude Fable 5 Access Amid AI Safety Review appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-claude-fable-5-data-retention/
-
CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways
CISA’s LiteLLM warning shows why AI gateways and agents need service account governance, scoped access, credential rotation, and audit trails. The post CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-litellm-cisa-ai-gateway-service-account-governance/
-
CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways
CISA’s LiteLLM warning shows why AI gateways and agents need service account governance, scoped access, credential rotation, and audit trails. The post CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-litellm-cisa-ai-gateway-service-account-governance/
-
Breach Roundup: CISA Says Agencies Should ‘Patch Smarter’
Also, France Probes Tchap Breach, M&S Cancels Bonuses, June Patch Tuesday. This week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court. Microsoft warned of AI-themed attacks. M&S canceled bonuses. France probed a Tchap breach. NHS trusts disclosed stolen data and a Telegram campaign targeted Russian troops. First…
-
Joint Commission Certification Targets Healthcare AI Risks
Program Focuses on AI Governance, Safety, Privacy, Bias and Transparency. Accreditation organization Joint Commission is rolling out a voluntary program for certifying the responsible deployment and use of artificial intelligence technologies by U.S. healthcare provider organizations, including governance, safeguards, monitoring processes and education. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/joint-commission-certification-targets-healthcare-ai-risks-a-31949
-
Cisco agentic AI security push faces enterprise trust gap
Cisco officials urged customers to “meet the Mythos moment” with new agentic defenses, but businesses’ mistrust of AI cuts both ways. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366643790/Cisco-agentic-AI-security-push-faces-enterprise-trust-gap
-
Phishing Attack Volume Down 20%, but Risk Still Rising
Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiplying them. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-analytics/phishing-volume-down-20-risk-rising
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.”The ‘POST /api/v2/…
-
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs.Imperva buried instructions inside shared contacts, vCards, and location pins that the agent executed without the victim ever seeing them. Varonis built a…
-
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials.The bigger problem is how polished this…
-
Shadow AI is Exposing the Same Governance Failures Cybersecurity Teams Have Ignored For Years
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/shadow-ai-is-exposing-the-same-governance-failures-cybersecurity-teams-have-ignored-for-years/
-
AI Risk Worries Insurers & Businesses Alike
As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage? First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/ai-risk-worries-insurers-businesses-alike
-
Enterprises report increasing budgets for security training in AI and other critical topics
Finding the time to train employees remains the biggest impediment to programs’ success, according to a new report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cybersecurity-training-budget-increases-ai-skills/822640/
-
Zscaler CEO On Why Zero Trust Is The Real ‘Foundation’ For Deploying AI Agents
Even as countless vendors claim to have the ultimate solution to securing AI agents, Zscaler has a “significant lead” with its zero trust security platform”, which is in fact best equipped for protecting the communications needed to make agentic work, according to Zscaler founder and CEO Jay Chaudhry. First seen on crn.com Jump to article:…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
Mehr als die Hälfte der europäischen Unternehmen hat im vergangenen Jahr einen Sicherheitsvorfall durch nicht-menschliche Identitäten erlebt
Keeper Security weist heute auf eine erhebliche Lücke in der Governance hin: Unternehmen weiten den Einsatz von KI-gesteuerten und nicht-menschlichen Identitäten aus, ohne über die erforderlichen Kontrollmechanismen zu verfügen, um deren Sicherheit zu gewährleisten. Erkenntnisse aus einer Umfrage unter Cybersicherheitsexperten auf der Infosecurity Europe 2026 in London zeigen, dass KI-Agenten und nicht-menschliche Identitäten mittlerweile fest…