Tag: LLM

Thales named Growth Index leader in Frost Radar: Data Security Platforms Report

Jan 20, 2026 2:13 PM

Tags: access, ai, business, cloud, compliance, container, control, data, defense, detection, edr, encryption, endpoint, governance, identity, intelligence, LLM, monitoring, risk, saas, service, siem, soc, technology, tool

Thales named Growth Index leader in Frost Radar: Data Security Platforms Report madhav Tue, 01/20/2026 – 04:29 Data has always been the backbone of enterprise operations, but the rise of cloud, big data, and GenAI has multiplied its value and, with it, the motivation for attackers. In parallel, regulatory expectations are increasing and evolving. The…
For the price of Netflix, crooks can now rent AI to run cybercrime

Jan 20, 2026 2:13 PM

Tags: ai, cybercrime, deep-fake, group, LLM

Group-IB says crims forking out for Dark LLMs, deepfakes, and more at subscription prices First seen on theregister.com Jump to article: www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/
Google Gemini flaw exposes new AI prompt injection risks for enterprises

Jan 20, 2026 1:13 PM

Tags: access, ai, attack, awareness, business, data, email, endpoint, flaw, google, india, injection, least-privilege, LLM, malicious, phishing, radius, risk, threat, tool, training, zero-trust

Real enterprise exposure: Analysts point out that the risk is significant in enterprise environments as organizations rapidly deploy AI copilots connected to sensitive systems.”As internal copilots ingest data from emails, calendars, documents, and collaboration tools, a single compromised account or phishing email can quietly embed malicious instructions,” said Chandrasekhar Bilugu, CTO of SureShield. “When employees…
Relevante Entwicklungen und Cyberrisiken der künstlichen Intelligenz

Jan 19, 2026 4:13 PM

Tags: ai, exploit, LLM

Sowohl auf Angreifer- als auch auf Verteidigerseite kommt vermehrt Künstliche-Intelligenz-Technologie zum Einsatz. Vor allem Large-Language-Models (LLMs) werden von Entwicklerinnen und Entwicklern etwa zum ‘Wipe Coding”, also für das Erstellen von Skripten und Codes, genutzt. Cyberkriminelle nutzen KI gleichermaßen für ‘Wipe Hacking”. Auch wenn sich Angreifer mithilfe von LLMs (noch) keine Exploits erstellen lassen können, so…
7 top cybersecurity projects for 2026

Jan 19, 2026 9:13 AM

Tags: access, ai, api, attack, authentication, business, cisco, ciso, cloud, communications, compliance, control, credentials, cybersecurity, data, defense, detection, email, framework, governance, infrastructure, LLM, mail, phishing, programming, resilience, risk, software, strategy, technology, threat, tool, vulnerability, zero-trust

2. Strengthening email security: Phishing continues to be a primary attack vector for stealing credentials and defrauding victims, says Mary Ann Blair, CISO at Carnegie Mellon University. She warns that threat actors are now generating increasingly sophisticated phishing attacks, effectively evading mail providers’ detection capabilities. “Legacy multifactor authentication techniques are now regularly defeated, and threat…
7 top cybersecurity projects for 2026

Jan 19, 2026 9:13 AM

Tags: access, ai, api, attack, authentication, business, cisco, ciso, cloud, communications, compliance, control, credentials, cybersecurity, data, defense, detection, email, framework, governance, infrastructure, LLM, mail, phishing, programming, resilience, risk, software, strategy, technology, threat, tool, vulnerability, zero-trust

2. Strengthening email security: Phishing continues to be a primary attack vector for stealing credentials and defrauding victims, says Mary Ann Blair, CISO at Carnegie Mellon University. She warns that threat actors are now generating increasingly sophisticated phishing attacks, effectively evading mail providers’ detection capabilities. “Legacy multifactor authentication techniques are now regularly defeated, and threat…
One click is all it takes: How ‘Reprompt’ turned Microsoft Copilot into data exfiltration tools

Jan 16, 2026 5:51 AM

Tags: access, ai, attack, authentication, best-practice, control, data, detection, email, identity, least-privilege, LLM, mail, malicious, microsoft, phishing, risk, service, strategy, tool, zero-trust

What devs and security teams should do now: As in usual security practice, enterprise users should always treat URLs and external inputs as untrusted, experts advised. Be cautious with links, be on the lookout for unusual behavior, and always pause to review pre-filled prompts.”This attack, like many others, originates with a phishing email or text…
What is AI fuzzing? And what tools, threats and challenges generative AI brings

Jan 15, 2026 9:11 AM

Tags: ai, attack, breach, ceo, chatgpt, china, cisco, cve, cyber, cyberattack, cybercrime, cybersecurity, data, finance, gartner, google, government, group, hacker, injection, intelligence, LLM, malicious, mitre, open-source, RedTeam, russia, service, social-engineering, software, sql, technology, threat, tool, usa, vulnerability

How fuzzing works: In 2019, AI meant machine learning, and it was emerging as a new technique for generating test cases. The way traditional fuzzing works is you generate a lot of different inputs to an application in an attempt to crash it. Since every application accepts inputs in different ways, that requires a lot…
enclaive unterstützt mit GenAI-Firewall Garnet eine sichere KI-Nutzung

Jan 14, 2026 7:11 PM

Tags: ai, firewall, LLM

Mit der GenAI-Firewall Garnet adressiert enclaive diese Herausforderungen ganzheitlich. Die Lösung ermöglicht Unternehmen, LLMs und SLMs sicher zu nutzen, ohne die Kontrolle über ihre Daten aus der Hand zu geben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/enclaive-unterstuetzt-mit-genai-firewall-garnet-eine-sichere-ki-nutzung/a43350/
WitnessAI Secures $58M to Grow Global AI Security Reach

Jan 14, 2026 1:01 AM

Tags: ai, detection, LLM, mssp, network, startup, unauthorized

Startup Targets MSSPs and MDR Vendors, Shadow AI Detection and Global Growth. WitnessAI has raised $58 million to scale its AI network and agent protection platform worldwide. The funding will help the firm build MSSP-ready offerings, detect unauthorized AI agents and enforce security policies across employee and customer LLM use cases. First seen on govinfosecurity.com…
Lack of isolation in agentic browsers resurfaces old vulnerabilities

Jan 13, 2026 7:02 PM

Tags: access, ai, api, attack, authentication, control, corporate, credentials, data, data-breach, defense, dns, email, exploit, finance, flaw, framework, github, google, hacker, healthcare, injection, Internet, leak, linkedin, LLM, malicious, mitigation, network, nvidia, organized, privacy, programming, risk, service, side-channel, threat, tool, training, unauthorized, update, vulnerability, xss

With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks, which are functionally similar to cross-site scripting (XSS) and cross-site request forgery (CSRF), resurface decades-old patterns…
2 Separate Campaigns Probe Corporate LLMs for Secrets

Jan 13, 2026 6:02 PM

Tags: ai, attack, corporate, endpoint, leak, LLM

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations’ use of AI and map an expanding attack surface. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/separate-campaigns-target-exposed-llm-services
NDSS 2025 LLMPirate: LLMs For Black-box Hardware IP Piracy

Jan 13, 2026 5:01 AM

Tags: attack, conference, detection, firmware, Hardware, Internet, LLM, mitigation, network, software, vulnerability

Session 8C: Hard & Firmware Security Authors, Creators & Presenters: Vasudev Gohil (Texas A&M University), Matthew DeLorenzo (Texas A&M University), Veera Vishwa Achuta Sai Venkat Nallam (Texas A&M University), Joey See (Texas A&M University), Jeyavijayan Rajendran (Texas A&M University) PAPER LLMPirate: LLMs for Black-box Hardware IP Piracy The rapid advancement of large language models (LLMs)…
Threat Actors Launch Mass Reconnaissance of AI Systems

Jan 12, 2026 10:02 PM

Tags: ai, attack, data-breach, endpoint, google, infrastructure, LLM, openai, threat

More Than 91,000 Attacks Target Exposed LLM Endpoints in Coordinated Campaigns. Two coordinated campaigns generated more than 91,000 attack sessions against AI infrastructure between October and January, with threat actors probing more than 70 model endpoints from OpenAI, Anthropic and Google to build target lists for future exploitation. First seen on govinfosecurity.com Jump to article:…
Attackers Probing Popular LLMs Looking for Access to APIs: Report

Jan 12, 2026 9:02 PM

Tags: access, ai, api, exploit, LLM, threat

Security researchers with GreyNoise say they’ve detected a campaign in which the threat actors are targeting more than 70 popular AI LLM models in a likely reconnaissance mission that will feed into what they call a “larger exploitation pipeline.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/attackers-probing-popular-llms-looking-for-access-to-apis-report/
Corrupting LLMs Through Weird Generalizations

Jan 12, 2026 6:02 PM

Tags: backdoor, data, exploit, LLM

Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs. AbstractLLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside those contexts. In one experiment, we finetune a model…
Two Separate Campaigns Target Exposed LLM Services

Jan 12, 2026 6:02 PM

Tags: ai, attack, data-breach, endpoint, leak, LLM, service

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations’ use of AI and map an expanding attack surface. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/separate-campaigns-target-exposed-llm-services
Shai-Hulud & Co.: Die Supply Chain als Achillesferse

Jan 12, 2026 5:02 PM

Tags: access, ai, application-security, backdoor, ciso, cloud, cyber, cyberattack, data, github, Hardware, infrastructure, kritis, kubernetes, LLM, monitoring, network, nis-2, programming, resilience, risk, rust, sbom, software, spyware, strategy, supply-chain, tool, vulnerability

Egal, ob React2Shell, Shai-Hulud oder XZ Utils: Die Sicherheit der Software-Supply-Chain wird durch zahlreiche Risiken gefährdet.Heutige Anwendungen basieren auf zahlreichen Komponenten, von denen jede zusammen mit den Entwicklungsumgebungen selbst eine Angriffsfläche darstellt. Unabhängig davon, ob Unternehmen Code intern entwickeln oder sich auf Drittanbieter verlassen, sollten CISOs, Sicherheitsexperten und Entwickler der Software-Supply-Chain besondere Aufmerksamkeit schenken.Zu den…
ZombieAgent ChatGPT attack shows persistent data leak risks of AI agents

Jan 10, 2026 1:01 AM

Tags: ai, attack, backdoor, chatgpt, cloud, data, email, injection, leak, LLM, malicious, microsoft, openai, risk, service, tool, vulnerability, worm

Worm-like propagation: The email attack even has worming capabilities, as the malicious prompts could instruct ChatGPT to scan the inbox, extract addresses from other email messages, exfiltrate those addresses to the attackers using the URL trick, and send similar poisoned messages to those addresses as well.If the victim is the employee of an organization that…
Hackers target misconfigured proxies to access paid LLM services

Jan 9, 2026 10:01 PM

Tags: access, hacker, LLM, service, threat

Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large language model (LLM) services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-target-misconfigured-proxies-to-access-paid-llm-services/
AI Deployments Targeted in 91,000+ Attack Sessions

Jan 9, 2026 9:02 PM

Tags: ai, attack, infrastructure, LLM

Researchers observed over 91,000 attack sessions targeting AI infrastructure and LLM deployments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-deployments-targeted-in-91000-attack-sessions/
Are There IDORs Lurking in Your Code? LLMs Are Finding Critical Business Logic Vulns”, and They’re Everywhere

Jan 9, 2026 6:01 PM

Tags: application-security, bug-bounty, business, data, LLM, vulnerability

Security teams have always known that insecure direct object references (IDORs) and broken authorization vulnerabilities exist in their codebases. Ask any AppSec leader if they have IDOR issues, and most would readily admit they do. But here’s the uncomfortable truth: they’ve been dramatically underestimating the scope of the problem. Recent bug bounty data tells a..…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…
PeekBoo! ðŸ«£ Emoji Smuggling and Modern LLMs FireTail Blog

Jan 9, 2026 3:01 PM

Tags: ai, computer, control, cybersecurity, data, exploit, injection, LLM, malicious, monitoring, risk, social-engineering, tactics, threat, tool, vulnerability

Jan 09, 2026 – Viktor Markopoulos – We often trust what we see. In cybersecurity, we are trained to look for suspicious links, strange file extensions, or garbled code. But what if the threat looked exactly like a smiling face sent by a colleague?Based on research by Paul Butler and building on FireTail’s previous disclosures…
Red-Teaming als Eckpfeiler der KI-Compliance

Jan 9, 2026 2:01 PM

Tags: ai, compliance, LLM, RedTeam

KI-Systeme spielen in allen Branchen zunehmend eine zentrale Rolle bei kritischen Vorgängen. Gleichzeitig steigen die Sicherheitsrisiken durch den Einsatz der künstlichen Intelligenz rapide. Red Teaming hat sich als Eckpfeiler zum Schutz von KI etabliert insbesondere, wenn agentenbasierte KI immer stärkeren Einzug in Unternehmen hält. Multi-LLM (Large-Language-Models)-Systeme treffen autonome Entscheidungen und führen Aufgaben ohne menschliches […]…
Red Teaming als Eckpfeiler der KI-Compliance

Jan 9, 2026 1:01 PM

Tags: ai, compliance, LLM, RedTeam

ie zunehmende Verbreitung agentenbasierter KI verändert die Angriffsflächen von Organisationen grundlegend. Im Unterschied zu Assistenten mit einem einzelnen LLM bestehen diese Systeme aus miteinander verbundenen Agenten mit komplexen Arbeitsabläufen und Abhängigkeiten, First seen on infopoint-security.de Jump to article: www.infopoint-security.de/red-teaming-als-eckpfeiler-der-ki-compliance/a43314/
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

Jan 8, 2026 4:01 PM

Tags: ai, attack, chatgpt, data, LLM

Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/01/chatgpt-falls-to-new-data-pilfering-attack-as-a-vicious-cycle-in-ai-continues/
Top cyber threats to your AI systems and infrastructure

Jan 8, 2026 9:01 AM

Tags: ai, api, attack, best-practice, business, chatgpt, ciso, cloud, cyber, cybersecurity, data, defense, detection, exploit, framework, governance, hacker, infrastructure, injection, intelligence, LLM, malicious, mitre, monitoring, open-source, RedTeam, risk, sans, service, skills, software, strategy, supply-chain, tactics, theft, threat, tool, training, unauthorized, usa, vulnerability

Data poisoning Data poisoning is a type of attack in which bad actorsmanipulate, tamper with, and pollute the data used to develop or train AI systems, including machine learning models. By corrupting the data or introducing faulty data, attackers can alter, bias, or otherwise render inaccurate a model’s performance.Imagine an attack that tells a model…