AI-powered attacks and defenses, LLM security risks, AI model vulnerabilities, deepfakes, AI governance
Researchers have demonstrated that Large Language Models (LLMs) can de-anonymize internet users by analyzing their past online comments. This is achieved by identifying unique writing styles within comments that LLMs can then match to previously anonymized text.
Researchers have discovered a critical vulnerability named 'ClawJacked' in the AI agent OpenClaw. This flaw allows malicious websites to silently bruteforce access to local OpenClaw instances, enabling attackers to steal data and gain control.
Hackers have reportedly weaponized Anthropic's Claude AI model to assist in a cyberattack against the Mexican government. The AI was allegedly used to generate exploit code, develop malicious tools, and facilitate the exfiltration of over 150GB of sensitive data.
OpenClaw has patched a critical security flaw that allowed malicious websites to hijack local AI agents. The vulnerability resided in the core OpenClaw gateway, enabling unauthorized control over AI agents running on a user's machine.
The U.S. Department of Defense has designated AI company Anthropic as a "supply chain risk" due to disagreements over the lawful use of its AI model, Claude. The dispute centers on Anthropic's refusal to allow its AI for mass domestic surveillance of Americans and fully autonomous weapons.
Google is implementing Merkle Tree Certificates in Chrome to quantum-proof HTTPS. This method shrinks 2.5kB of data into 64-byte space, improving efficiency and security in anticipation of quantum computing threats.
Former President Trump has ordered all federal agencies to phase out the use of Anthropic technology. Other AI providers like OpenAI, Google, and xAI maintain contracts to supply AI models to the military.
Researchers at Truffle Security discovered that Google Cloud API keys, traditionally used for billing, now also authenticate access to Gemini AI project data due to a silent change by Google. This allows anyone who scrapes the API keys from websites to access uploaded files, cached content, and consume tokens, potentially generating large bills for project owners.
AI assistants designed to find software vulnerabilities are showing promise, but current versions are not meeting the expectations of enterprises and developers. Experts note that these tools struggle with speed and accuracy, limiting their effectiveness in real-world security assessments.
The article discusses the complex relationship between Anthropic, an AI company, and the US government, particularly concerning data privacy, surveillance, and national security interests. It highlights potential conflicts arising from government access to Anthropic's AI models and the implications for individual privacy and civil liberties.
The article discusses the security implications of Claude Code, an AI tool. While it shows promise in code security, researchers caution that its impact may have been overstated and that it's not perfect.
Anthropic is in a dispute with the Pentagon regarding AI safeguards. Anthropic seeks assurances that their Claude AI model will not be used for mass surveillance of Americans or in fully autonomous weapons systems.
A Ukrainian man has pleaded guilty to running OnlyFake, an AI-powered website that generated and sold fake identification documents. The website generated over 10,000 fake ID photos, highlighting the misuse of AI in enabling fraudulent activities.
Researchers at Oasis Security discovered a vulnerability chain, dubbed ClawJacked (CVE-2026-25253), in OpenClaw that allows malicious websites to gain full control of a locally running agent by exploiting the implicit trust of "localhost" connections. By bypassing rate limits and enabling unauthorized device pairing, attackers can access the agent's privileges, workflows, and credentials. OpenClaw promptly fixed the flaw after being notified.
The article discusses how large language models (LLMs) are impacting security teams, both as productivity tools and potential attack vectors. It suggests approaching LLMs as high-impact systems, defining outcomes, modeling threats, and building controls, and recommends starting with narrow, verifiable workflows before expanding their use.
Google API keys, initially intended for services like Maps and embedded in client-side code, can now be exploited to authenticate to the Gemini AI assistant. This access could potentially expose private user data stored within Gemini.
Veracode's annual State of Software Security report indicates that more vulnerabilities are being created than fixed, exacerbated by rapid AI-driven development. This widening remediation gap makes achieving comprehensive security increasingly difficult, according to the report based on data from 1.6 million applications.
Anthropic has patched vulnerabilities in Claude, its AI assistant. Check Point demonstrated the impact of these vulnerabilities by using malicious configuration files to silently hack developer devices.
Crowdstrike's Global Threat Report 2025 reveals that attackers are compromising networks much faster, with an average breakout time of 29 minutes, a 65% increase in speed compared to the previous year. The report attributes this acceleration to the increasing use of AI tools by cybercriminals and state-sponsored groups to automate information gathering, extract credentials, and conduct insider operations.
Large Language Models (LLMs) are generating predictable passwords with noticeable patterns. These include starting with a specific letter and number, uneven character choices, and an avoidance of repeating characters.
An expert recommends preparing for Post-Quantum Cryptography (PQC) now due to the increasing threat of adversaries stealing encrypted data today to decrypt it in the future when quantum computers become more powerful. The rise of ransomware and cloud computing are also contributing factors to the need for PQC.
The article discusses five cybersecurity trends expected to be prominent at RSA 2026, focusing on the rise of AI-SOCs and the importance of Continuous Threat Exposure Management (CTEM). It also touches on the increasing focus on the software supply chain, the evolving role of zero trust architecture, and the imperative of cybersecurity frameworks.
The article is a guest diary from a SANS Internet Storm Center intern about running a honeypot with AI assistance. It details lessons learned from the experience.
This edition of Risky Business News discusses the potential risks and security implications of using AI models like Claude in sensitive environments, particularly in the context of war and conflict. It explores whether the model's design and biases could lead to unintended consequences or vulnerabilities.
Security vulnerabilities in Claude Code allowed attackers to remotely execute code on users' machines and steal API keys. The vulnerabilities involved injecting malicious configurations into repositories, exploiting the trust developers place in cloned projects.
A Chinese citizen unintentionally exposed a Chinese police influence operation targeting Japan's Prime Minister Takaichi through a ChatGPT account. The operation involved using AI-generated content to spread disinformation and smear the target.
Vulnerabilities in Claude AI code pose a risk to developers' machines, highlighting a drawback of integrating AI into software development. The flaws could potentially impact supply chains.
Researchers have discovered security vulnerabilities in Anthropic's Claude Code, an AI coding assistant. These flaws could allow for remote code execution and exfiltration of API keys through exploiting configuration mechanisms like Hooks, Model Context Protocol servers, and environment variables.
According to IBM X-Force, over half of the vulnerabilities tracked in 2023 did not require authentication prior to exploitation, increasing the risk when combined with compromised credentials and agentic AI. This highlights the potential for significant damage when stolen credentials are used to weaponize agentic AI.
The article discusses how easily AI training data can be poisoned by creating a website with false information. The author created a fake article about tech journalists eating hot dogs and found that Google's Gemini and ChatGPT quickly incorporated this misinformation into their responses, while Claude was not fooled.
OpenAI reports that individuals with ties to Chinese law enforcement attempted to utilize ChatGPT to orchestrate smear campaigns against the Japanese prime minister and other critics of the Chinese Communist Party. The activity was identified and disrupted by OpenAI as part of their ongoing efforts to monitor and mitigate malicious use of their AI models.
The stocks of major cybersecurity companies have fallen sharply due to concerns that AI is disrupting the industry. This is driven by products like Claude's AI vulnerability scanner.
A Russian-speaking hacker compromised over 600 Fortigate firewalls between January and February 2026. The attacker initially exploited weak passwords and then used an AI tool based on Google Gemini to access more devices within the same network.
The article discusses how companies need to revise their GRC (Governance, Risk & Compliance) processes to account for the increasing use and risks of generative and agentic AI. It highlights the challenges CISOs face in balancing innovation with securing AI deployments and the need to integrate AI risk management into GRC frameworks.
This Risky Business News bulletin covers multiple cybersecurity incidents. These include Russia initiating a criminal probe against Telegram founder Pavel Durov, teenagers hacking Ttareungyi, Anthropic accusing Chinese AI firms of distillation attacks, and the US Treasury sanctioning a Russian exploit broker.
The Department of Defense is pressuring AI company Anthropic to lift restrictions on how their technology is used, particularly regarding autonomous weapons systems and surveillance. Anthropic is resisting, citing their principles against using their AI for surveillance against US persons and autonomous weapons systems, leading to potential repercussions such as being labeled a "supply chain risk."
Anthropic highlighted improvements in its Claude Code AI's ability to find software vulnerabilities and suggest patches. However, security researchers emphasize that vulnerability discovery alone is insufficient; validation and patching processes remain critical challenges.
The article discusses the importance of shifting from a reactive to a proactive approach to cybersecurity, highlighting the increasing speed and sophistication of AI-driven attacks. It emphasizes the need for efficient automation, an integrated platform, and a focus on layered security controls, zero trust, multi-cloud infrastructure, and security by design.
A vulnerability dubbed RoguePilot was found in GitHub Codespaces that allowed attackers to inject malicious Copilot instructions via GitHub issues, potentially leading to repository control. Orca Security discovered and reported the AI-driven flaw, which Microsoft has since patched.
Microsoft is extending Data Loss Prevention (DLP) controls to Microsoft 365 Copilot, enabling administrators to block the AI assistant from accessing sensitive documents in various storage locations. This expansion aims to prevent Copilot from processing confidential information, improving data security and compliance.
The article discusses the importance of securing AI agents by treating them as identities with specific intents. CISOs need to implement intent-based controls to ensure AI agents only have access when their purpose and context align, preventing over-scoped privileges.
Cybersecurity startup investments surged in 2025, driven by venture capital firms prioritizing AI-native technologies and skilled personnel. This trend indicates a growing emphasis on AI's role in cybersecurity and the need for specialized expertise.
Attackers can inject malicious instructions into a GitHub Issue, which are then automatically processed by GitHub Copilot when launching a Codespace from that issue. This can lead to repository takeover.
The article discusses the use of AI in various domains, particularly its potential impact on democracy. It highlights concerns about AI-generated content flooding academic journals and influencing public opinion, suggesting an ongoing arms race where AI is the weapon of choice.
The number of international workers applying for UK tech sector visas has decreased, impacting the availability of skilled professionals. AI advancements are also contributing to shifts in required skills, exacerbating the skills squeeze.
CrowdStrike's 12th annual Global Threat Report highlights the rise of the 'evasive adversary,' focusing on avoiding detection rather than expanding toolkits. AI is being used to amplify existing tactics like phishing and reconnaissance, with AI-enabled intrusions becoming quieter and malware-free techniques accounting for a significant portion of detections.
Anthropic has launched a limited research preview of its Claude Code Security offering, which scans codebases for vulnerabilities and suggests patches. While this caused a dip in cybersecurity vendor stocks, experts emphasize that it's not a replacement for existing security measures like EDR/MDR, IAM, threat intelligence, and data protection but rather an accelerator to augment human expertise.
Anthropic has identified "industrial-scale campaigns" by three Chinese AI firms (DeepSeek, Moonshot AI, and MiniMax) to illegally extract Claude's capabilities to improve their own models. These distillation attacks involved over 16 million exchanges with Claude's LLM through approximately 24,000 fraudulent accounts, violating Anthropic's terms of service.
A Russian-speaking threat actor is leveraging commercial generative AI to exploit poorly secured Fortinet firewalls, according to Amazon Threat Intelligence. The attackers are using AI to scale their operations, targeting exposed management ports and weak credentials, and compromising Active Directory to potentially deploy ransomware.
The article emphasizes the importance of transparency and provability in AI decision-making processes. It argues that AI systems should maintain a clear record of their actions and reasoning to enhance accountability and trust.
