Gold Eagle Clearinghouse Targets Security Gap, But How Is Unclear

The White House has launched the Gold Eagle Clearinghouse initiative to improve the coordination of vulnerability responses within the rapidly evolving AI landscape. However, significant questions remain regarding the specific implementation details and operational effectiveness of this new program.

Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive

This article discusses the rapid advancements in artificial intelligence, specifically agentic AI, and questions whether current governance, compliance, and security practices are evolving quickly enough to manage these new technologies. It highlights potential security challenges arising from the pace of AI development.

Google Bets 'Agentic Defense' Strategy Can Outpace Attackers

Google Cloud is implementing an "agentic defense" strategy, integrating capabilities from Wiz into its platform to automate threat detection and response. This approach aims to proactively counter AI-driven cyberattacks.

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission has ordered Google to grant rival AI assistants access to Android features currently exclusive to Google's Gemini, including microphone, camera, screen content, and background app control. This mandate requires implementation in the next Android release and by August 1, 2027.

Google fixing Android lock screen bug that lets Gemini send SMS without a PIN

Google is addressing a vulnerability in Android's lock screen that allows the Gemini AI model to send SMS messages without requiring a PIN. A specific multi-touch gesture on the lock screen can bypass the authentication prompt, enabling unauthorized access to the messaging function.

Senior executives are killing your shadow AI strategy

A significant majority of senior executives admit to using unapproved AI tools, a practice known as "shadow AI," despite awareness of security and data privacy risks. This trend poses a major challenge for CISOs, as executive adoption of unsanctioned tools undermines governance and sends a message that speed is prioritized over security.

South Korea making its own security-centric AI model

South Korea is developing its own security-focused artificial intelligence model, adapting a local large language model project for security and sovereignty. The initiative aims to create an AI that can compete with advanced models like Mythos.

Agentic AI Is Untamable: Ask the Right Security Questions

Agentic AI presents significant security challenges that necessitate a reevaluation of current security strategies. The inherent nature of these advanced AI systems poses risks that demand a proactive and adaptable approach to cybersecurity.

Researcher poisons open-weight AI model for under $100

A security researcher demonstrated how to poison an open-weight AI model for less than $100 by injecting malicious data. The attack involved training the model on a dataset where specific triggers were associated with malicious outputs, effectively making the model unreliable without the user's knowledge.

1M+ Emails Use Hidden Text to Dupe AI Security Filters

A recent article highlights how over a million emails are employing a technique called 'text salting' to bypass AI-powered security filters. This method involves embedding hidden text within emails, making them appear legitimate to AI and thus increasing the success rate of phishing campaigns.

Claude Chrome extension flaw lets malicious extensions trigger AI actions

A flaw in Anthropic's Claude for Chrome browser extension could allow malicious extensions to trigger AI actions by simulating user clicks. This could enable attackers to abuse Claude's access to connected services like Gmail, Google Docs, Google Calendar, and Salesforce.

Protecting Privacy in an AI Era

Daniel Solove argues that individual control over personal data is insufficient for regulating privacy in the AI era. He proposes holding companies accountable through measures like data minimization, fiduciary duties, and liability for harmful technological design and algorithms.

AI Agents Broke the Security Playbook. Here's What Replaces It.

Traditional security playbooks are becoming obsolete due to the rapid evolution of AI agents, which operate at a speed far exceeding human capabilities. Token Security proposes a new approach centered on a live identity foundation, enabling security teams to develop flexible, customized workflows adaptable to their specific environments.

AI Data Centers Are Being Built Faster Than They Can Be Secured

AI infrastructure presents novel security risks that are outpacing the development of traditional data center security measures. The rapid expansion of AI data centers is creating a challenging environment for robust security implementation.

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

A new attack method called Agent Data Injection (ADI) allows attackers to insert malicious data into an AI agent's input, causing it to misinterpret information and execute unintended actions. This can range from making an e-commerce agent purchase unwanted items to tricking a coding assistant into running attacker-controlled commands.

Oak Emerges From Stealth Mode With $60 Million in Funding

Cybersecurity startup Oak has announced it has emerged from stealth mode after securing $60 million in funding. The company has developed an AI-powered Identity Operating System designed to manage all identities within an organization's environment.

AI Can Find Bugs, But Human Knowledge Still Proves Them

AI tools are significantly enhancing offensive security by rapidly analyzing code, generating payloads, and automating testing. However, human expertise remains crucial for validating AI-generated findings and ensuring their practical applicability in security.

When AI gets a body, it inherits an attack surface

As artificial intelligence is increasingly integrated into physical systems like robots, it introduces a new attack surface that security teams are ill-equipped to evaluate. Vendors are pushing embodied AI systems with limited transparency, making it difficult for security professionals to assess risks associated with hardware, firmware, and supply chains. Evaluating these systems requires a focus on provenance, access, integrity, evidence, and accountability to ensure security.

The executive profile your security team isn’t defending

AI tools can now quickly aggregate and synthesize publicly available information about executives, creating a comprehensive profile that attackers can use for targeted social engineering attacks. This significantly reduces the time and effort required for reconnaissance, posing a new challenge for executive protection programs.

OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

OpenAI has developed an internal automated red-teaming model called GPT-Red to identify and fix prompt injection vulnerabilities in their AI models. This model has proven effective in finding weaknesses, prompting OpenAI to use it for adversarial training to improve the security of their AI systems.

Srsly Risky Biz: Ransomware Uses AI To Amp Up Negotiations

Ransomware operators are reportedly leveraging artificial intelligence to enhance their negotiation tactics. This development allows them to craft more persuasive and personalized demands, potentially increasing their success rate in extorting victims.

Flaw surge fuels need for CISOs to rethink vulnerability management

Security experts are urging organizations to adopt "just in time" patching and re-evaluate their vulnerability management strategies due to an increasing rate of vulnerability exploitation, which is being amplified by AI tools. The surge in AI-driven vulnerability discovery threatens to overwhelm existing patching processes, exacerbating the gap between vulnerability identification and remediation.

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

TuxBot v3 Evolution is a new IoT botnet framework that researchers believe was developed with the help of a large language model (LLM). While the AI generated code for the botnet, it included a disclaimer, indicating the developer did not fully implement the AI's suggestions.

Google Gemini CLI abused as a hacking agent, malware botnet operator

A Russian-speaking threat actor, "bandcampro," has been observed using Google's open-source Gemini Command Line Interface (CLI) as a hacking agent. This actor leveraged the AI tool to establish a small-scale botnet, demonstrating a novel abuse of generative AI capabilities for malicious purposes.

Is 'Tech-xit' Imminent? UK Steps Up Sovereignty Push Amid AI Strife

The UK and other countries are considering reducing their reliance on US tech companies due to US government restrictions on AI models from companies like Anthropic and OpenAI. This potential "Tech-xit" has significant implications for cybersecurity as nations seek greater technological sovereignty.

Claude Flaw Automatically Sends Malicious Prompts to AI Agents

A vulnerability in Anthropic's Claude AI model, dubbed "PromptFiction," could allow malicious prompts to be automatically sent to AI agents. When combined with another exploit, this flaw could have enabled an end-to-end attack on a targeted system. The vulnerability has since been fixed.

We built a vulnerability vending machine: AI tokens in, zero-days out

Intruder has developed an AI-powered system, dubbed a "vulnerability vending machine," that automates the discovery of complex software vulnerabilities by integrating code slicing with large language models. The system successfully identified and exploited a previously unknown zero-day vulnerability in a WordPress plugin, with further discoveries being disclosed responsibly.

White House launches AI-driven vulnerability clearinghouse to speed cyber remediation

The White House has launched the Gold Eagle initiative, an AI-driven vulnerability clearinghouse designed to accelerate the identification, prioritization, and remediation of software vulnerabilities for government agencies and critical infrastructure operators. This program aims to coordinate vulnerability reporting and remediation efforts across federal agencies, open-source communities, and the private sector, leveraging advanced AI capabilities.

New bugs in Claude for Chrome allow extensions to abuse AI privileges

Researchers have discovered two vulnerabilities in the Claude for Chrome extension that allow malicious browser extensions to trigger privileged actions, such as reading Gmail messages and Google Docs content. These flaws remain exploitable months after being reported, with the affected code appearing unchanged in recent versions.

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

Traditional Secure Access Service Edge (SASE) models are becoming insufficient due to the increasing use of AI and SaaS applications in enterprise workflows. These modern work environments, which include generative AI tools and autonomous agents, have created blind spots in SASE solutions, rendering traditional packet inspection inadequate for security.

New Webinar: Closing the Approval Gap in AI-Era Ad Tech

This article announces an on-demand webinar that addresses the security risks associated with marketing tags in ad tech. It explains how a single approved tag can introduce unseen fourth-party code, potentially granting access to sensitive customer data and checkout pages.

A Video Screen That Is Also a Camera

Researchers have developed a new 'Fourier pixel' that can function as both a display and a camera simultaneously, potentially enabling screens to capture images and sound. This technological advancement brings closer the surveillance capabilities described in George Orwell's '1984', where telescreens could both transmit and receive information.

Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow

Fortinet, Ivanti, and ServiceNow have released patches for critical vulnerabilities. A significant flaw in ServiceNow's AI platform could enable remote attackers to execute arbitrary code.

7 skills and traits of elite security engineers

The article outlines seven key skills and traits that define elite security engineers, emphasizing the growing importance of AI in both defense and attack landscapes. It highlights the need for engineers to understand and leverage AI-powered tools for predictive threat detection, as well as to comprehend the emerging threats posed by AI.

Microsoft is forcing an enterprise transition to passkeys

Microsoft will transition its Entra ID service to use passkeys as the default authentication method starting September 1, 2026, with SMS and voice authentication ending in February 2027. This move aims to bolster security against increasingly sophisticated AI-powered attacks that target traditional credentials.

The stack had a good run. Defense systems are the future.

Sophos has launched Sophos Fusion, an AI-native cybersecurity defense system designed to replace traditional security stacks. This new system leverages artificial intelligence to provide comprehensive protection.

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Researchers have identified a flaw in the Claude for Chrome browser extension that allows malicious extensions to trigger its functions, potentially accessing sensitive user data from Gmail, Google Docs, and Calendar. This vulnerability requires a rogue extension to already have script execution capabilities on claude.ai.

How Pentera Turns AI Security Workflows into Validation Engines

Pentera is developing AI security agents that can influence real security decisions by summarizing findings, prioritizing remediation, and recommending next steps. These agents currently leverage fragmented risk signals from various sources like scanners and threat intelligence.

AI incidents need a new playbook. Here’s how to build one

A significant percentage of organizations have AI systems integrated into core business operations, yet a large majority lack effective governance for this access. Existing incident response playbooks are often inadequate for AI-specific incidents, failing to address the unique challenges posed by both model-originated failures (like degradation and hallucinations) and externally induced failures (like adversarial attacks). Organizations need to develop new, AI-focused incident response strategies that account for these distinct failure types.

AI-powered breaches provide wake-up call for incident response

AI is accelerating the pace and sophistication of cyberattacks, automating phases from initial access to deep environment compromises. Threat actors are using AI agents for tasks like lateral movement and autonomous network hacking, drastically reducing response times for defenders. This trend highlights the need for organizations to adapt their incident response strategies to counter AI-driven attacks that move faster and at a greater scale than previously possible.

'Yellow Teams' Are Defining the Future of AI Security

The article discusses the emergence of 'Yellow Teams' in cybersecurity, which are responsible for developing both offensive and defensive AI tools. These teams aim to proactively identify and mitigate security risks associated with AI technologies, preparing for future threats and vulnerabilities.

Now, defenders are embracing the prompt injection, too

Defenders are adapting 'prompt injection' techniques, originally a tool for attackers, to a defensive strategy known as 'context bombing.' This method aims to confuse or disable malicious AI agents before they can execute harmful actions.

The Five-Layer Stack Behind Every Defensible AI System

This article introduces the AI Governance Stack, a five-layer operating model designed to ensure security and governance for enterprise AI systems. It spans data, models, system integration, control and monitoring, and audit and evidence, aiming to create a single source of truth for compliance and defensibility.