LLMs are everywhere in your stack and every layer brings new risk 2025-12-10 at 07:52 By Mirko Zorz LLMs are moving deeper into enterprise products and workflows, and that shift is creating new pressure on security leaders. A new guide from DryRun Security outlines how these systems change long standing assumptions about data handling, application […]
LLMs are everywhere in your stack and every layer brings new risk Read More »
AI agents break rules in unexpected ways 2025-12-09 at 08:31 By Mirko Zorz AI agents are starting to take on tasks that used to be handled by people. These systems plan steps, call tools, and carry out actions without a person approving every move. This shift is raising questions for security leaders. A new research
AI agents break rules in unexpected ways Read More »
NVIDIA research shows how agentic AI fails under attack 2025-12-08 at 09:56 By Sinisa Markovic Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models,
NVIDIA research shows how agentic AI fails under attack Read More »
AI vs. you: Who’s better at permission decisions? 2025-12-04 at 08:04 By Sinisa Markovic A single tap on a permission prompt can decide how far an app reaches into a user’s personal data. Most of these calls happen during installation. The number of prompts keeps climbing, and that growing pressure often pushes people into rushed
AI vs. you: Who’s better at permission decisions? Read More »
Social data puts user passwords at risk in unexpected ways 2025-11-28 at 09:08 By Anamarija Pogorelec Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice. The findings reveal how much information can be reconstructed from public profiles and how
Social data puts user passwords at risk in unexpected ways Read More »
Small language models step into the fight against phishing sites 2025-11-26 at 08:31 By Sinisa Markovic Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range
Small language models step into the fight against phishing sites Read More »
DeepTeam: Open-source LLM red teaming framework 2025-11-26 at 07:37 By Sinisa Markovic Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, and it takes
DeepTeam: Open-source LLM red teaming framework Read More »
BlueCodeAgent helps developers secure AI-generated code 2025-11-20 at 08:05 By Sinisa Markovic When AI models generate code, they deliver power and risk at the same time for security teams. That tension is at the heart of the new tool called BlueCodeAgent, designed to help developers and security engineers defend against code-generation threats. Why code generation
BlueCodeAgent helps developers secure AI-generated code Read More »
The long conversations that reveal how scammers work 2025-11-19 at 09:08 By Sinisa Markovic Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the patient work of talking to scammers at scale, and
The long conversations that reveal how scammers work Read More »
Metis: Open-source, AI-driven tool for deep security code review 2025-11-19 at 08:06 By Anamarija Pogorelec Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to spot subtle flaws that are often buried in large or aging codebases where traditional tools
Metis: Open-source, AI-driven tool for deep security code review Read More »
Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims 2025-11-14 at 17:03 By Zeljka Zorz Anthropic threat researchers believe that they’ve uncovered and disrupted the first documented case of a cyberattack executed with the help of its agentic AI and minimal human intervention. “The threat actor manipulated [Anthropic’s large
Autonomous AI could challenge how we define criminal behavior 2025-11-12 at 10:44 By Sinisa Markovic Whether we ever build AI that thinks like a person is still uncertain. What seems more realistic is a future with more independent machines. These systems already work across many industries and digital environments. Alongside human-to-human and human-to-machine contact, communication
Autonomous AI could challenge how we define criminal behavior Read More »
Follow Pragmatic Interventions to Keep Agentic AI in Check 2025-11-06 at 14:45 By Steve Durbin Agentic AI speeds operations, but requires clear goals, least privilege, auditability, red‑teaming, and human oversight to manage opacity, misalignment, and misuse. The post Follow Pragmatic Interventions to Keep Agentic AI in Check appeared first on SecurityWeek. This article is an
Follow Pragmatic Interventions to Keep Agentic AI in Check Read More »
OpenGuardrails: A new open-source model aims to make AI safer for real-world use 2025-11-06 at 10:28 By Mirko Zorz When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful
OpenGuardrails: A new open-source model aims to make AI safer for real-world use Read More »
Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that
Google uncovers malware using LLMs to operate and evade detection Read More »
PortGPT: How researchers taught an AI to backport security patches automatically 2025-11-05 at 09:07 By Mirko Zorz Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that
PortGPT: How researchers taught an AI to backport security patches automatically Read More »
Shadow AI: New ideas emerge to tackle an old problem in new form 2025-10-31 at 09:13 By Zeljka Zorz Shadow AI is the second-most prevalent form of shadow IT in corporate environments, 1Password’s latest annual report has revealed. Based on a survey of over 5,000 IT/security professionals and knowledge workers in the US, UK, Europe,
Shadow AI: New ideas emerge to tackle an old problem in new form Read More »
AI chatbots are sliding toward a privacy crisis 2025-10-31 at 09:00 By Sinisa Markovic AI chat tools are taking over offices, but at what cost to privacy? People often feel anonymous in chat interfaces and may share personal data without realizing the risks. Cybercriminals see the same opening, and it may only be a matter
AI chatbots are sliding toward a privacy crisis Read More »
Faster LLM tool routing comes with new security considerations 2025-10-23 at 09:23 By Sinisa Markovic Large language models depend on outside tools to perform real-world tasks, but connecting them to those tools often slows them down or causes failures. A new study from the University of Hong Kong proposes a way to fix that. The
Faster LLM tool routing comes with new security considerations Read More »
Companies want the benefits of AI without the cyber blowback 2025-10-22 at 07:19 By Anamarija Pogorelec 51% of European IT and cybersecurity professionals said they expect AI-driven cyber threats and deepfakes to keep them up at night in 2026, according to ISACA. AI takes centre stage in threat outlook The main reason for this concern
Companies want the benefits of AI without the cyber blowback Read More »