Tag: ai
-
Copilot & Agentforce offen für PromptTricks
Tags: access, ai, bug, cvss, cyberattack, injection, least-privilege, mail, microsoft, update, vulnerabilityKI-Agenten sind populär und anfällig dafür, missbraucht zu werden.KI-Agenten fürs Enterprise können bekanntlich Arbeitsabläufe optimieren. Aber auch die Datenexfiltration wie Sicherheitsforscher von Capsule Security herausgefunden haben. Sie haben sowohl in Microsoft Copilot Studio als auch Salesforce Agentforce Prompt-Injection-Schwachstellen entdeckt.Diese ermöglichen Angreifern in beiden Fällen schadhafte Befehle über scheinbar harmlose Prompts einzuschleusen mit potenziell verheerenden Folgen.…
-
Claude Mythos ist der Hype gerechtfertigt?
Tags: ai, bug, cve, cybersecurity, data, exploit, linux, openai, sans, technology, update, vulnerabilityClaude Mythos wird derzeit von ausgesuchten Organisationen getestet in erster Linie großen Tech-Konzernen aus den USA.Anthropic | ScreenshotDer Hype um Anthropics Security-Modell Mythos bekommt erste Risse: Während KI-Konkurrent OpenAI plant, mit einem eigenen Cybersecurity-fokussierten KI-Modell ‘entgegenzuwirken”, stellen die Sicherheitsexperten von VulnCheck in einer aktuellen Untersuchung die praktischen Auswirkungen von Claude Mythos, respektive ‘Project Glasswing” in…
-
AI Model Claude Opus turns bugs into exploits for just $2,283
Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities. Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find and exploit vulnerabilities. Below is the cost of the experiment: Model…
-
Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders
High turnover and burnout are reshaping the 2026 cybersecurity landscape, forcing leaders to prioritize compensation, AI integration, and mental health to retain top talent. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/compensation-vs-burnout-the-new-retention-calculus-for-cybersecurity-leaders/
-
Spring AI SpEL Injection: From Vector Search to Remote Code Execution (CVE-2026-22738)
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/spring-ai-spel-injection-from-vector-search-to-remote-code-execution-cve-2026-22738
-
NSA Confirms Use of Anthropic’s Mythos Despite Pentagon Blacklist
The National Security Agency (NSA) is actively using Anthropic’s highly restricted >>Mythos<< artificial intelligence model, despite the developer currently being on the Department of Defense (DoD) blacklist. According to recent intelligence reports highlighted by the International Cyber Digest, the NSA is one of an exclusive group of approximately 40 organizations globally granted access to the…
-
Project Glasswing: When AI Becomes the Ultimate Hacker”, and Defender
Anthropic has introduced Project Glasswing, a cybersecurity initiative powered by an unreleased AI model called Claude Mythos. This system can identify zero-day vulnerabilities, generate exploits, and even help fix them”, often without human input. But there’s a catch: it’s considered too powerful for public release. In this episode, we discuss what Project Glasswing is, why…
-
How to spot a North Korean fake in a job interview
North Korean operatives are getting hired at companies by passing job interviews using fake identities and AI tools. In this Help Net Security video, Adrian Cheek, a senior … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/20/north-korean-job-interview-infiltration-video/
-
Cryptographically Agile Policy Enforcement for Contextual Data Access
Learn how to secure MCP deployments with cryptographically agile policies and quantum-resistant encryption to protect AI infrastructure from advanced threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/cryptographically-agile-policy-enforcement-for-contextual-data-access/
-
Produktive Erfolge bleiben häufig aus: 95 Prozent der KI-Projekte scheitern
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/produktivitaet-erfolg-ausbleiben-95-prozent-ki-projekte-scheitern
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Bringing governance and visibility to machine and AI identities In this Help … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/19/week-in-review-acrobat-reader-flaw-exploited-claude-mythos-offensive-capabilities-and-limits/
-
(g+) Künstliche Intelligenz: Was Datenschutz in KI-Modellen so kompliziert macht
Tags: aiKI und Datenschutz sind schwer in Einklang zu bringen. Warum das so ist, haben wir uns von KI-Forscherin Franziska Boenisch erklären lassen. First seen on golem.de Jump to article: www.golem.de/news/kuenstliche-intelligenz-was-datenschutz-in-ki-modellen-so-kompliziert-macht-2604-207516.html
-
(g+) Künstliche Intelligenz: Was Datenschutz in KI-Modellen so kompliziert macht
Tags: aiKI und Datenschutz sind schwer in Einklang zu bringen. Warum das so ist, haben wir uns von KI-Forscherin Franziska Boenisch erklären lassen. First seen on golem.de Jump to article: www.golem.de/news/kuenstliche-intelligenz-was-datenschutz-in-ki-modellen-so-kompliziert-macht-2604-207516.html
-
Responsible AI Governance for UK SMEs: A Practical Starting Point
Responsible AI Governance for UK SMEs: A Practical Starting Point Artificial intelligence is moving quickly into everyday business use. For many UK SMEs, that means AI is no longer a future topic. It is already helping with drafting content, summarising documents, handling customer queries, analysing data, and supporting internal decisions. That can bring real value,……
-
prompted 2026 Trajectory-Aware Post-Training Security Agents
Author, Creator & Presenter: Aaron Brown, Agentic AI Builder, AWS Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-trajectory-aware-post-training-security-agents/
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Wie Hacker über GitHub-Kommentare KI-Agenten von Google und Anthropic kapern
Ein Sicherheitsforscher hat eine neue Form der Prompt Injection aufgedeckt, die populäre KI-Tools wie Claude Code, Gemini CLI und GitHub Copilot verwundbar macht. Über präparierte Kommentare und PR-Titel können Hacker Schadcode ausführen und sensible API-Schlüssel extrahieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/github-kommentare-ki
-
KI-Modelle wie Anthropics Mythos erhöhen den Cyberdruck auf Banken spürbar
Tags: aiBanken, die sich dieser neuen Realität stellen und ihre IT-Architekturen entsprechend ausrichten, verschaffen sich einen entscheidenden Vorteil. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-modelle-wie-anthropics-mythos-erhoehen-den-cyberdruck-auf-banken-spuerbar/a44692/
-
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave,…
-
RSF-Kritik an Angriff auf redaktionelle Freiheit: Google lässt Überschriften automatisiert per KI umformulieren
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/rsf-kritik-google-umformulierung-ueberschriften-ki
-
Finance Chiefs Warn New AI Models May Rattle Global Banking
Officials Warned New Models Could Accelerate Cyber Risks Faster Than Rules. Global finance officials meeting in Washington warned that advanced artificial intelligence models could expose structural weaknesses across banking and payment systems, speeding vulnerability discovery and cyber exploitation faster than regulators can build guardrails. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/finance-chiefs-warn-new-ai-models-may-rattle-global-banking-a-31457
-
Critical Exploits, AI Shifts, and Major Breaches Redefine Cybersecurity This Week
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/critical-exploits-ai-shifts-and-major-breaches-redefine-cybersecurity-this-week/
-
Critical Exploits, AI Shifts, and Major Breaches Redefine Cybersecurity This Week
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/critical-exploits-ai-shifts-and-major-breaches-redefine-cybersecurity-this-week/
-
We Need a Shared Responsibility Model for AI
Over the past 6-8 months, researchers at my company discovered vulnerabilities across multiple AI tools that allowed external bad actors to steal data, exploit AI browsers, or poison the core memories of AI systems. As we responsibly disclosed these flaws, we found that AI vendors almost universally told us, “It’s not our problem.” In their..…