Metis: Open-source, AI-driven tool for deep security code review 2025-11-19 at 08:06 By Anamarija Pogorelec Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to spot subtle flaws that are often buried in large or aging codebases where traditional tools […]
Metis: Open-source, AI-driven tool for deep security code review Read More »
Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims 2025-11-14 at 17:03 By Zeljka Zorz Anthropic threat researchers believe that they’ve uncovered and disrupted the first documented case of a cyberattack executed with the help of its agentic AI and minimal human intervention. “The threat actor manipulated [Anthropic’s large
Autonomous AI could challenge how we define criminal behavior 2025-11-12 at 10:44 By Sinisa Markovic Whether we ever build AI that thinks like a person is still uncertain. What seems more realistic is a future with more independent machines. These systems already work across many industries and digital environments. Alongside human-to-human and human-to-machine contact, communication
Autonomous AI could challenge how we define criminal behavior Read More »
Follow Pragmatic Interventions to Keep Agentic AI in Check 2025-11-06 at 14:45 By Steve Durbin Agentic AI speeds operations, but requires clear goals, least privilege, auditability, red‑teaming, and human oversight to manage opacity, misalignment, and misuse. The post Follow Pragmatic Interventions to Keep Agentic AI in Check appeared first on SecurityWeek. This article is an
Follow Pragmatic Interventions to Keep Agentic AI in Check Read More »
OpenGuardrails: A new open-source model aims to make AI safer for real-world use 2025-11-06 at 10:28 By Mirko Zorz When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful
OpenGuardrails: A new open-source model aims to make AI safer for real-world use Read More »
Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that
Google uncovers malware using LLMs to operate and evade detection Read More »
PortGPT: How researchers taught an AI to backport security patches automatically 2025-11-05 at 09:07 By Mirko Zorz Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that
PortGPT: How researchers taught an AI to backport security patches automatically Read More »
Shadow AI: New ideas emerge to tackle an old problem in new form 2025-10-31 at 09:13 By Zeljka Zorz Shadow AI is the second-most prevalent form of shadow IT in corporate environments, 1Password’s latest annual report has revealed. Based on a survey of over 5,000 IT/security professionals and knowledge workers in the US, UK, Europe,
Shadow AI: New ideas emerge to tackle an old problem in new form Read More »
AI chatbots are sliding toward a privacy crisis 2025-10-31 at 09:00 By Sinisa Markovic AI chat tools are taking over offices, but at what cost to privacy? People often feel anonymous in chat interfaces and may share personal data without realizing the risks. Cybercriminals see the same opening, and it may only be a matter
AI chatbots are sliding toward a privacy crisis Read More »
Faster LLM tool routing comes with new security considerations 2025-10-23 at 09:23 By Sinisa Markovic Large language models depend on outside tools to perform real-world tasks, but connecting them to those tools often slows them down or causes failures. A new study from the University of Hong Kong proposes a way to fix that. The
Faster LLM tool routing comes with new security considerations Read More »
Companies want the benefits of AI without the cyber blowback 2025-10-22 at 07:19 By Anamarija Pogorelec 51% of European IT and cybersecurity professionals said they expect AI-driven cyber threats and deepfakes to keep them up at night in 2026, according to ISACA. AI takes centre stage in threat outlook The main reason for this concern
Companies want the benefits of AI without the cyber blowback Read More »
Most AI privacy research looks the wrong way 2025-10-20 at 13:19 By Mirko Zorz Most research on LLM privacy has focused on the wrong problem, according to a new paper by researchers from Carnegie Mellon University and Northeastern University. The authors argue that while most technical studies target data memorization, the biggest risks come from
Most AI privacy research looks the wrong way Read More »
When trusted AI connections turn hostile 2025-10-16 at 09:02 By Mirko Zorz Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers can quietly take control of hosts, manipulate LLM behavior, and deceive users, all while staying undetected by
When trusted AI connections turn hostile Read More »
GPT needs to be rewired for security 2025-10-02 at 09:18 By Help Net Security LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), today’s models stumble on work that demands high
GPT needs to be rewired for security Read More »
A2AS framework targets prompt injection and agentic AI security risks 2025-10-01 at 08:31 By Mirko Zorz AI systems are now deeply embedded in business operations, and this introduces new security risks that traditional controls are not built to handle. The newly released A2AS framework is designed to protect AI agents at runtime and prevent real-world
A2AS framework targets prompt injection and agentic AI security risks Read More »
Microsoft spots LLM-obfuscated phishing attack 2025-09-25 at 19:00 By Zeljka Zorz Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code (along with Kali Linux)
Microsoft spots LLM-obfuscated phishing attack Read More »
Building a stronger SOC through AI augmentation 2025-09-24 at 09:22 By Mirko Zorz In this Help Net Security interview, Tim Bramble, Director of Threat Detection and Response at OpenText, discusses how SOC teams are gaining value from AI in detecting and prioritizing threats. By learning what “normal” looks like across users and systems, AI helps
Building a stronger SOC through AI augmentation Read More »
LLMs can boost cybersecurity decisions, but not for everyone 2025-09-19 at 09:11 By Mirko Zorz LLMs are moving fast from experimentation to daily use in cybersecurity. Teams are starting to use them to sort through threat intelligence, guide incident response, and help analysts handle repetitive work. But adding AI into the decision-making process brings new
LLMs can boost cybersecurity decisions, but not for everyone Read More »
Google introduces VaultGemma, a differentially private LLM built for secure data handling 2025-09-16 at 09:31 By Sinisa Markovic Google has released VaultGemma, a large language model designed to keep sensitive data private during training. The model uses differential privacy techniques to prevent individual data points from being exposed, which makes it safer for handling confidential
Garak: Open-source LLM vulnerability scanner 2025-09-10 at 09:00 By Help Net Security LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks for problems like hallucinations, prompt injections, jailbreaks, and toxic outputs. By running
Garak: Open-source LLM vulnerability scanner Read More »