Artificial Intelligence

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control 2026-03-30 at 17:30 By Kevin Townsend LLMs can write complex Rego and Cedar code in seconds, but a single missing condition or hallucinated attribute can quietly dismantle your organization’s least-privilege security model. The post Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control appeared […]

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control Read More »

Breaking out: Can AI agents escape their sandboxes?

Breaking out: Can AI agents escape their sandboxes? 2026-03-30 at 07:30 By Anamarija Pogorelec Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without direct access to the host. The SandboxEscapeBench benchmark, developed by researchers at the University of Oxford

Breaking out: Can AI agents escape their sandboxes? Read More »

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure 2026-03-27 at 20:33 By Anamarija Pogorelec Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded secrets in public GitHub commits in 2025, extending a multi-year rise

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure Read More »

The Value of Microsoft Security Copilot: SCU Billing and Why Agent Design Matters

The Value of Microsoft Security Copilot: SCU Billing and Why Agent Design Matters 2026-03-27 at 16:00 By David Broggy Most organizations start by using Microsoft Copilot the way it looks in demos: type a question, get an answer. That works for exploration. For repeatable operational work, it gets expensive quickly. This article is an excerpt

The Value of Microsoft Security Copilot: SCU Billing and Why Agent Design Matters Read More »

OpenAI Launches Bug Bounty Program for Abuse and Safety Risks

OpenAI Launches Bug Bounty Program for Abuse and Safety Risks 2026-03-27 at 15:33 By Ionut Arghire Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek. This article is an excerpt from

OpenAI Launches Bug Bounty Program for Abuse and Safety Risks Read More »

Make OpenAI’s models misbehave and earn a reward

Make OpenAI’s models misbehave and earn a reward 2026-03-27 at 03:57 By Anamarija Pogorelec OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of misuse that could lead to harm. This program complements the Security

Make OpenAI’s models misbehave and earn a reward Read More »

GitHub jumps on the bandwagon and will use your data to train AI

GitHub jumps on the bandwagon and will use your data to train AI 2026-03-26 at 15:52 By Anamarija Pogorelec GitHub updated how it uses data to improve AI-powered coding assistance. Starting April 24, interaction data from Copilot Free, Pro, and Pro+ users may be used to train and improve GitHub’s models unless users opt out.

GitHub jumps on the bandwagon and will use your data to train AI Read More »

AI SOC vendors are selling a future that production deployments haven’t reached yet

AI SOC vendors are selling a future that production deployments haven’t reached yet 2026-03-26 at 12:32 By Mirko Zorz Vendors selling AI-powered security operations platforms have built their pitches around a consistent set of promises: autonomous threat investigation, dramatic reductions in analyst workload, and an accelerating path toward humanless operations. Practitioners buying and deploying those

AI SOC vendors are selling a future that production deployments haven’t reached yet Read More »

A nearly undetectable LLM attack needs only a handful of poisoned samples

A nearly undetectable LLM attack needs only a handful of poisoned samples 2026-03-26 at 12:32 By Mirko Zorz Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack

A nearly undetectable LLM attack needs only a handful of poisoned samples Read More »

Who owns AI agent access? At most companies, nobody knows

Who owns AI agent access? At most companies, nobody knows 2026-03-26 at 07:12 By Anamarija Pogorelec AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A January 2026 survey of 228 IT and security professionals, conducted by the Cloud Security

Who owns AI agent access? At most companies, nobody knows Read More »

AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link

AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link 2026-03-25 at 18:18 By Kevin Townsend PwC finds AI is amplifying speed and scale of attacks, as identity theft evolves into a cybercriminal supply chain. The post AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link appeared first on SecurityWeek. This article is an excerpt from

AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link Read More »

Gemini picks up criminal activity buried in dark web noise

Gemini picks up criminal activity buried in dark web noise 2026-03-25 at 15:07 By Sinisa Markovic To help teams make faster and more accurate decisions on emerging threats, Google has introduced a dark web intelligence capability in Google Threat Intelligence. Powered by Gemini, the feature analyzes millions of dark web events each day and surfaces

Gemini picks up criminal activity buried in dark web noise Read More »

Google’s TurboQuant cuts AI memory use without losing accuracy

Google’s TurboQuant cuts AI memory use without losing accuracy 2026-03-25 at 10:24 By Anamarija Pogorelec Large language models carry a persistent scaling problem. As context windows grow, the memory required to store key-value (KV) caches expands proportionally, consuming GPU memory and slowing inference. A team at Google Research has developed three compression algorithms: TurboQuant, PolarQuant,

Google’s TurboQuant cuts AI memory use without losing accuracy Read More »

Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw

Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw 2026-03-25 at 02:08 By Etay Maor Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, The post Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw appeared first on SecurityWeek. This article is an excerpt

Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Read More »

The AI safety conversation is focused on the wrong layer

The AI safety conversation is focused on the wrong layer 2026-03-24 at 16:30 By Mirko Zorz Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a workforce of humans, that fragmentation was manageable. Humans log in, log out, and make decisions slowly enough that gaps

The AI safety conversation is focused on the wrong layer Read More »

Vulnerabilities from years ago still opening doors for attackers

Vulnerabilities from years ago still opening doors for attackers 2026-03-24 at 14:02 By Sinisa Markovic Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure. (Source: Cisco Talos) Findings from Cisco Talos’ 2025 Year in Review show how attackers combined

Vulnerabilities from years ago still opening doors for attackers Read More »

Microsoft details AI prompt abuse techniques targeting AI assistants

Microsoft details AI prompt abuse techniques targeting AI assistants 2026-03-24 at 14:02 By Anamarija Pogorelec Prompt abuse occurs when crafted inputs manipulate an AI system into producing unintended behavior, such as attempting to access sensitive information or overriding built-in safety instructions. Prompt injection is also recognized as one of the top risks in the 2025

Microsoft details AI prompt abuse techniques targeting AI assistants Read More »

Your AI agents are moving sensitive data. Do you know where?

Your AI agents are moving sensitive data. Do you know where? 2026-03-23 at 09:18 By Mirko Zorz In this Help Net Security interview, Gidi Cohen, CEO at Bonfy.AI, addresses what he sees as the most pressing gap in AI agent security: data-layer risk. While the industry focuses on prompt injection and model behavior, Cohen argues

Your AI agents are moving sensitive data. Do you know where? Read More »

3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China

3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China 2026-03-20 at 16:43 By Associated Press The men violated U.S. export controls laws by scheming to divert massive quantities of the high-performance servers assembled in the United States to China. The post 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to

3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China Read More »

Fake AI songs streamed billions of times, netting fraudster $10 million

Fake AI songs streamed billions of times, netting fraudster $10 million 2026-03-20 at 12:20 By Anamarija Pogorelec Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitted to one count of conspiracy to commit wire

Fake AI songs streamed billions of times, netting fraudster $10 million Read More »

Scroll to Top