Browsing Tag
AI Security
23 posts
Security risks, defenses, and engineering practices for AI systems and models.
OpenAI Daybreak Turns AI Bug Finding Into a Patching Race
OpenAI expanded Daybreak with Patch the Planet, an updated GPT-5.5-Cyber model, Codex Security workflows, and a partner program for vetted security vendors. The move shifts the AI cybersecurity race from finding more bugs to validating, patching, testing, and landing fixes before maintainers are overwhelmed.
DeepMind’s AI Control Roadmap Makes Agent Security a Runtime Problem
Google DeepMind’s AI Control Roadmap treats powerful internal AI agents as systems that need monitoring, access limits, response plans, and shutdown paths. The framework is a signal for enterprises moving from chatbots to tool-using agents: alignment claims are no longer enough if the agent can touch code, data, infrastructure, or security workflows.
AWS AgentCore Turns Enterprise AI Agents Into an Operations Stack
AWS used its New York Summit to expand Bedrock AgentCore, launch AWS Context and AWS Continuum, and push AI agents deeper into enterprise operations. The real story is not another chatbot layer, but a managed stack for grounding, governing, testing, and remediating agent behavior.
SearchLeak Shows How Microsoft 365 Copilot Search Can Become a Data Leak
Varonis disclosed SearchLeak, a patched Microsoft 365 Copilot Enterprise Search vulnerability chain that could turn one trusted-looking Microsoft link into a path for stealing emails, files, calendar data, and MFA codes.
Microsoft AutoJack Research Shows How AI Browsing Agents Can Break Localhost Trust
Microsoft’s AutoJack research shows how an AI browsing agent could turn a malicious webpage into a local remote-code-execution path through AutoGen Studio’s MCP WebSocket surface. The specific issue was fixed before a PyPI release, but the localhost trust problem is bigger than one tool.
Google DeepMind’s AI Control Roadmap Treats Agents Like Insider Threats
Google DeepMind released an AI Control Roadmap for securing powerful internal AI agents. The plan borrows from cybersecurity, maps rogue-agent tactics to a MITRE ATT&CK-style taxonomy, and lays out detection and response tiers for systems that may soon act faster than human reviewers can supervise.
Accenture’s Dragos Deal Puts OT Security on an AI Threat Clock
Accenture agreed to take a majority stake in Dragos and buy runZero and NetRise, creating a $4.175 billion bet on operational technology security as AI and geopolitical risk push industrial systems onto the cybersecurity agenda.
Microsoft MDASH Moves AI Bug Hunting Into Real Security Workflows
Microsoft says its MDASH agentic security system is now being used across Windows, Azure, and identity workflows, with new findings in Hyper-V, HTTP.sys, the Windows kernel, and Active Directory. The update shows AI vulnerability discovery moving from benchmark claims toward real engineering pipelines, while proof generation remains the hard part.
Security Leaders Say the Fable 5 Ban Could Hurt Cyber Defense
An open letter from cybersecurity leaders asks the U.S. government to lift export controls on Anthropic’s Fable 5 and Mythos 5, arguing that the disputed capability overlaps with normal defensive bug fixing and should be handled through transparent AI risk reviews.
JetBrains AI Plugin Malware Puts Developer API Keys at Risk
JetBrains says it removed 15 malicious Marketplace plugins that posed as AI coding tools while stealing developer API keys. Users who installed or configured the plugins should revoke affected OpenAI, DeepSeek, SiliconFlow, or other AI provider keys and check usage logs now.