Tag: LLM
-
Example of LLM chatbots weaponize for data theft
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/example-of-llm-chatbots-weaponize-for-data-theft/
-
The New Frontier: Why You Can’t Secure AI Without Securing APIs
Tags: ai, api, attack, automation, business, cybersecurity, data, exploit, injection, intelligence, LLM, risk, strategy, threat, vulnerabilityThe release of a new KuppingerCole Leadership Compass is always a significant event for the cybersecurity industry, offering a vendor-neutral view of the market’s current state. The 2025 edition, focusing on API Security and Management, is critical as it arrives at a pivotal moment for technology. It clearly presents a fact many organizations are just…
-
Lenovo chatbot breach highlights AI security blind spots in customer-facing systems
Enterprise-wide implications: While the immediate impact involved session cookie theft, the vulnerability’s implications extended far beyond data exfiltration.The researchers warned that the same vulnerability could enable attackers to alter support interfaces, deploy keyloggers, launch phishing attacks, and execute system commands that could install backdoors and enable lateral movement across network infrastructure.”Using the stolen support agent’s…
-
The New Frontier: Why You Can’t Secure AI Without Securing APIs
Tags: ai, api, attack, automation, business, cybersecurity, data, exploit, injection, intelligence, LLM, risk, strategy, threat, vulnerabilityThe release of a new KuppingerCole Leadership Compass is always a significant event for the cybersecurity industry, offering a vendor-neutral view of the market’s current state. The 2025 edition, focusing on API Security and Management, is critical as it arrives at a pivotal moment for technology. It clearly presents a fact many organizations are just…
-
DataDome Enhances Visibility of AI Agents LLM Crawlers in Your Dashboard
DataDome’s enhanced dashboard gives businesses the visibility and control they need over rapidly growing AI agent and LLM crawler traffic, helping protect revenue, SEO, and security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/datadome-enhances-visibility-of-ai-agents-llm-crawlers-in-your-dashboard/
-
What happens when penetration testing goes virtual and gets an AI coach
Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/19/digital-twins-cybersecurity-training/
-
Wie CISOs von der Blockchain profitieren
Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trustDie Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
-
Schwachstellen beim Vibe-Coding
Bei Experimenten zur Untersuchung der Risiken von Vibe-Codierung mit Claude und ChatGPT fanden Sicherheitsforscher von Databricks kritische Schwachstellen und beschreiben, wie sie diese wieder geschlossen haben. Die Ergebnisse zeigen die Risiken von Vibe-Coding auf, wenn keine menschliche Überprüfung mehr stattfindet. In einem Experiment ließen sie das LLM eine Snake-Kampfarena aus der Third-Person-Perspektive erstellen, in der…
-
The AI-Powered Trojan Horse Returns: How LLMs Revive Classic Cyber Threats
In an era where users rely on vigilance against shady websites and file hashing via platforms like VirusTotal, a new wave of trojan horses is challenging traditional defenses. These threats masquerade as legitimate desktop applications, such as recipe savers, AI-powered image enhancers, and virtual assistants, all while embedding malicious capabilities. For instance, the JustAskJacky app,…
-
Agentic AI promises a cybersecurity revolution, with asterisks
Tags: ai, api, authentication, ceo, ciso, cloud, control, cybersecurity, data, endpoint, infrastructure, jobs, LLM, open-source, openai, risk, service, soc, software, supply-chain, technology, tool, update, vulnerabilityTrust, transparency, and moving slowly are crucial: Like all technologies, and perhaps more dramatically than most, agentic AI carries both risks and benefits. One obvious risk of AI agents is that, like most LLM models, they will hallucinate or make errors that could cause problems.”If you want to remove or give agency to a platform…
-
And Now, LLMs Don’t Need Human Intervention to Plan and Executive Large, Complex Attacks
Researchers just proved LLMs can autonomously plan and execute full-scale cyberattacks, turning AI from a tool into an active threat actor. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/and-now-llms-dont-need-human-intervention-to-plan-and-executive-large-complex-attacks/
-
Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours
Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing directions for making a Molotov cocktail. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/echo-chamber-prompts-jailbreak-gpt-5-24-hours
-
13 Produkt-Highlights der Black Hat USA
Tags: access, ai, api, application-security, business, chatgpt, cisco, cloud, compliance, credentials, crowdstrike, cybersecurity, data, detection, google, governance, Hardware, identity, leak, LLM, malware, marketplace, microsoft, monitoring, network, openai, phishing, risk, saas, service, soc, threat, tool, usa, vulnerability, zero-trustDas Mandalay Bay Convention Center wird zur Black Hat USA zum Cybersecurity-Hub 2025 lag der Fokus dabei insbesondere auf Agentic und Generative AI.Zur Black-Hat-Konferenz haben sich auch 2025 Tausende von Sicherheitsexperten in Las Vegas zusammengefunden, um sich über die neuesten Entwicklungen im Bereich Cybersecurity zu informieren und auszutauschen. Der thematische Fokus lag dabei in erster…
-
Black Hat 2025 Recap: A look at new offerings announced at the show
Tags: access, ai, api, application-security, automation, chatgpt, cisco, cloud, compliance, control, crowdstrike, dark-web, data, detection, google, governance, group, identity, intelligence, LLM, malware, microsoft, monitoring, network, openai, password, risk, saas, service, soc, software, threat, tool, vulnerability, zero-trustSnyk secures AI from inception: Snyk’s new platform capability, Secure at Inception, includes real-time security scanning that begins at the moment of code generation or execution. It offers visibility into generative AI, agentic, and model context protocol (MCP) components in software, and also features a new, experimental scanner for detecting AI-specific MCP vulnerabilities.Secure AI Inception…
-
AI wrote my code and all I got was this broken prototype
Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new research on how AI LLM models can be used to assist in the reverse engineering of malware.…
-
Project Ire: Microsoft’s autonomous AI agent that can reverse engineer malware
Tags: ai, attack, ceo, cloud, compliance, computing, control, cybersecurity, defense, detection, exploit, finance, governance, government, healthcare, infrastructure, LLM, malicious, malware, microsoft, programming, risk, service, siem, soar, soc, software, threat, tool, trainingReal-world testing: In real-world tests on 4,000 “hard-target” files that had stumped automated tools, Project Ire flagged 9 malicious files out of 10 files correctly, and a low 4% false positive rate.This makes Project Ire suitable for organizations that operate in high-risk, high-volume, and time-sensitive environments where traditional human-based threat triage is insufficient.Rawat added that…
-
Microsoft unveils Project Ire: AI that autonomously detects malware
Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the…
-
Microsoft unveils Project Ire: AI that autonomously detects malware
Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the…
-
Microsoft unveils Project Ire: AI that autonomously detects malware
Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the…
-
Beef up AI security with zero trust principles
Tags: access, ai, attack, control, data, data-breach, defense, intelligence, LLM, mitigation, mitre, monitoring, risk, strategy, tactics, threat, update, vulnerability, zero-trustStrategies for CSOs: Brauchler offered three AI threat modelling strategies CSOs should consider:Trust flow tracking, the tracking of the movement of data throughout an application, and monitoring the level of trust that is associated with that data. It’s a defense against an attacker who is able to get untrusted data into an application to control…
-
Full Stack Development in the Age of LLMs: What CTOs and Product Leaders Must Know
In 2025, code isn’t just written it’s generated, interpreted, and augmented by AI. GitHub Copilot is already writing 46% of code in supported languages, and…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/08/full-stack-development-in-the-age-of-llms-what-ctos-and-product-leaders-must-know/
-
Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through
Project Ire promises to use LLMs to detect whether code is malicious or benign First seen on theregister.com Jump to article: www.theregister.com/2025/08/06/microsofts_ai_agent_malware_detecting/
-
Cisco Talos Researcher Reveals Method That Causes LLMs to Expose Training Data
In this TechRepublic interview, researcher Amy Chang details the decomposition method and shares how organizations can protect themselves from LLM data extraction. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-talos-generative-ai-llm-decomposition/
-
OWASP LLM Risk #5: Improper Output Handling FireTail Blog
Tags: ai, application-security, attack, awareness, cyber, detection, email, injection, LLM, mitigation, monitoring, phishing, remote-code-execution, risk, sql, strategy, threat, vulnerabilityAug 04, 2025 – Lina Romero – 2025 is seeing an unprecedented surge of cyber attacks and breaches. AI, in particular, has introduced a whole new set of risks to the landscape and researchers are struggling to keep up. The OWASP Top 10 Risks for LLMs goes into detail about the ten most prevalent risks…
-
Cisco Talos Researcher Reveals Method That Causes LLMs to Reveal Training Data
In this TechRepublic interview, researcher Amy Chang details the decomposition method and shares how organizations can protect themselves from LLM data extraction. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-talos-generative-ai-llm-decomposition/
-
Week in review: Food sector cybersecurity risks, cyber threats to space infrastructure
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: LLM Engineer’s Handbook For all the excitement around LLMs, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/03/week-in-review-food-sector-cybersecurity-risks-cyber-threats-to-space-infrastructure/
-
‘Man in the Prompt’Attacke auf LLMs
Large Language Modelle (LLMs) lassen sich über Prompts angreifen, um den Modellen unbefugt Daten zu entlocken. Dabei könnten auch ‘Man in the Prompt’-Browser-Angriffe benutzt werden, um AI-Anfragen von Benutzern zu manipulieren und für kriminelle Aktivitäten zu benutzen. Mit dem Einzug … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/03/man-in-the-prompt-browser-attacke-auf-llms/
-
Tonic.ai product updates: May 2024
Textual is the first secure data lakehouse for LLMs, subsetting has arrived for Db2 LUW, Ephemeral now supports Oracle, + Avro is on Structural! Learn more about all the latest releases from Tonic.ai. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/tonic-ai-product-updates-may-2024/
-
Black Hat 2025: Latest news and insights
Tags: access, ai, api, attack, ciso, cloud, conference, crowdstrike, cvss, cyber, cybersecurity, data, defense, email, exploit, finance, firmware, flaw, group, hacker, hacking, identity, Internet, LLM, malicious, malware, reverse-engineering, sap, service, threat, tool, training, update, usa, vulnerability, windowsBlack Hat USAAugust 2-7, 2025Las Vegas, NVBlack Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and othersThe week kicks off on August 2 with four days of cybersecurity training courses. The courses cover a range…