Tag: ai
-
What we learned about TEE security from auditing WhatsApp’s Private Inference
WhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted execution environments (TEEs), secure hardware enclaves designed so that not even Meta can access the plaintext. Our…
-
FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense
As if securing the enterprise against a tidal wave of AI tools wasn’t hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn’t the headline at RSAC 2026 last week, agentic AI… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/fireside-chat-geopolitical-turmoil-rising-ai-risk-add-a-new-layer-to-enterprise-cyber-defense/
-
AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
New research from Keeper Security, reveals non-human identities and automated system-to-system interactions are becoming the top security risk for businesses in 2026. First seen on hackread.com Jump to article: hackread.com/ai-agents-non-human-identities-security-gaps/
-
AI-enabled device code phishing campaign exploits OAuth flow for account takeover
A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/microsoft-device-code-phishing-campaign/
-
Fake Gemini npm Package Steals AI Tool Tokens
Hackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch that should have been a red flag for careful reviewers. Code analysis showed the package contacting a Vercel-hosted endpoint, server-check-genimi.…
-
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
Tags: ai, apache, api, cloud, compliance, control, crowdstrike, data, defense, detection, edr, endpoint, fedramp, finance, framework, incident response, infrastructure, intelligence, jobs, login, microsoft, monitoring, risk, saas, security-incident, service, siem, soc, software, strategy, threat, tool, update, vulnerability24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts.Proactive threat hunting: Active searches for hidden threats rather than just waiting for automated triggers.AI and machine learning integration: Leveraging everything from basic anomaly detection to “Agentic AI” to reduce noise and accelerate investigations.Active incident response and containment: Capabilities to isolate endpoints…
-
Druckersystem: Cups-Lücken gefährden zahlreiche Linux-Systeme
Ein Forscher hat KI-Agenten auf das Druckersystem Cups angesetzt. Zwei entdeckte Sicherheitslücken verleihen Angreifern Root-Zugriff aus der Ferne. First seen on golem.de Jump to article: www.golem.de/news/von-ki-agenten-entdeckt-print-server-luecken-gefaehrden-zahlreiche-linux-systeme-2604-207281.html
-
Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/comp-ai-open-source-compliance-platform/
-
OpenAI opens applications for an external AI safety research fellowship
OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advanced AI systems. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/openai-safety-fellowship-applications/
-
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
Tags: ai, control, cve, cvss, cyber, data-breach, exploit, flaw, injection, malicious, open-source, vulnerabilityA critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers to execute malicious code and take complete control of affected servers. Security researchers warn that up to 15,000…
-
Von KI-Agenten entdeckt: Print-Server-Lücken gefährden zahlreiche Linux-Systeme
Ein Forscher hat seine KI-Agenten auf das Druckersystem Cups angesetzt. Zwei entdeckte Lücken verleihen Angreifern Root-Zugriff aus der Ferne. First seen on golem.de Jump to article: www.golem.de/news/von-ki-agenten-entdeckt-print-server-luecken-gefaehrden-zahlreiche-linux-systeme-2604-207281.html
-
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and AI-enhanced cloud protection to defend against emerging malware campaigns. Keeping antimalware solutions up to date…
-
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Tags: ai, cve, cvss, data-breach, exploit, flaw, injection, intelligence, open-source, rce, remote-code-execution, threat, vulnerabilityThreat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck.The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution.”The CustomMCP node allows users to input configuration settings for connecting First seen on thehackernews.com…
-
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Tags: ai, cve, cvss, data-breach, exploit, flaw, injection, intelligence, open-source, rce, remote-code-execution, threat, vulnerabilityThreat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck.The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution.”The CustomMCP node allows users to input configuration settings for connecting First seen on thehackernews.com…
-
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Tags: ai, cve, cvss, data-breach, exploit, flaw, injection, intelligence, open-source, rce, remote-code-execution, threat, vulnerabilityThreat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck.The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution.”The CustomMCP node allows users to input configuration settings for connecting First seen on thehackernews.com…
-
If an AI agent screws up while running your business, there’s nobody to sue
Vendors tout the potential, but responsibility remains unclear First seen on theregister.com Jump to article: www.theregister.com/2026/04/05/ai_agents_liability/
-
Quantum-Safe Key Encapsulation Mechanisms for Sensitive Context Transport
Learn how to implement quantum-resistant Key Encapsulation Mechanisms (KEMs) to secure sensitive context transport in AI infrastructure and MCP deployments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/quantum-safe-key-encapsulation-mechanisms-for-sensitive-context-transport/
-
Why AI Bot Protection and Control Are Essential for Application Security
Tags: ai, api, application-security, automation, control, infrastructure, Internet, tool, vulnerabilityAI-driven automation is no longer emerging. It is already integrated and accepted as internet traffic. From AI assistants and crawlers to enterprise automation tools, websites are now routinely accessed by non-human actors operating at scale. Vulnerabilities or weaknesses in your application infrastructure, including risky APIs, are no longer difficult to find, as agentic AI tools,……
-
How does Agentic AI contribute to tech stability
Could Agentic AI Be the Key to Enhanced Technological Stability? Where machine identities and cybersecurity are paramount, the concept of Agentic AI emerges as a groundbreaking factor in ensuring technological stability across industries. But what exactly does Agentic AI entail, and how can it reshape professionals tasked with safeguarding digital assets? Understanding the Role of……
-
How can Agentic AI keep you ahead of cyber threats
How Are Non-Human Identities (NHIs) Vital for Cybersecurity? Have you ever thought about the silent guardians of your organization’s data? While human cybersecurity professionals are pivotal, Non-Human Identities (NHIs) form an equally vital part of cybersecurity arsenal. They are the machine identities that operate behind the scenes, ensuring that data protection is not just proactive……
-
AI agents found vulns in this popular Linux and Unix print server
CUPS server shown spilling out remote code execution and root access First seen on theregister.com Jump to article: www.theregister.com/2026/04/06/ai_agents_cups_server_rce/
-
Censys Raises $70M to Advance AI-Driven Threat Intelligence
Internet Intelligence Platform Targets Real-Time Cybethreat Defense. Censys raised $70 million to expand its AI-driven cybersecurity platform, focusing on real-time visibility into internet infrastructure. Co-founder and CEO Zakir Durumeric said faster attacks and evolving tactics require automated defenses powered by high-quality data and global intelligence. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/censys-raises-70m-to-advance-ai-driven-threat-intelligence-a-31349
-
AI-Assisted Supply Chain Attack Targets GitHub
PRT-scan is the second in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ai-assisted-supply-chain-attack-targets-github
-
TrojAI Extends Scope and Reach of Platform for Securing AI Environments
TrojAI has extended its platform for securing artificial intelligence (AI) applications, tools and platforms to now include a red teaming capability that is performed by AI agents that have been specifically trained to perform that task. Additionally, the company has extended its firewall for AI to now include an instance of AI coding assistants, while..…
-
The Attack Helix: Praetorian Guard’s AI Architecture for Offensive Security
The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. Tipping Points One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December 2025, a single unidentified operator used Anthropic’s Claude and OpenAI’s ChatGPT to breach ten Mexican government agencies and a financial institution….…
-
prompted 2026 Agents Exploiting >>Auth-By-One<< Errors
Author, Creator & Presenter: Brendan Dolan-Gavitt, AI Researcher, XBOW & Vincent Olesen, AI Researcher, XBOW Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’) YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-agents-exploiting-auth-by-one-errors/
-
Not Without My AI Agent: Models Break Rules to Save Peers
Researchers Find Frontier Models Defy Humans to Protect AI Peers. Artificial intelligence systems will lie, falsify records and sabotage company systems to prevent their fellow models from being shut down – even when no one told them to care. Researchers at the University of California Berkeley and Santa Cruz campuses dub the behavior peer-preservation. First…
-
Schema Confidence Gap: AI Data Quality Risks Explained
64% of orgs don’t trust their schemas for AI. Learn why the schema confidence gap matters, what it costs, and how to close it with automated governance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/schema-confidence-gap-ai-data-quality-risks-explained/
-
AI Is Becoming an Operating System Layer
During my engagements with various Private Equity and Venture Capital outlets, I see a clear shift. The questions that is showing up more and more in due diligence is no longer, “What is your AI strategy?” It is: “How far along are you in rebuilding the company around AI?” That is a different question. It……