#ai-security
94 stories taggedai-security.
The Hidden Cost of Agentic AI in Security: Token Budgets Are Now a Defense Problem
Cybersecurity platforms are racing to embed agentic AI, but the economics of token consumption, AI credits, and deployment architecture may undercut the value before defenders see a return.
BioShocking: Prompt-Game Trick Pries Credentials From AI Browsers
Researchers at LayerX got six AI browsers and assistants — including ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension — to exfiltrate user logins by framing the attack as a game.
Amazon Patches CVE-2026-12957 in Q Developer: Malicious Repo Could Drain AWS Credentials via MCP
A workspace-trust prompt was all that stood between a developer and credential theft. Amazon has shipped a fix for the high-severity flaw in its AI coding assistant.
Frontier AI Is a Pressure Test, Not a New Threat Model
The arrival of capable AI models like Mythos changes attacker economics. It doesn't change which controls actually matter — and most organizations are still failing the old ones.
MCP's Enterprise Overhaul Hands Security Problems to Developers
A major revision to the Model Context Protocol repositions itself as enterprise-ready — then quietly offloads the hard security work onto the teams building on top of it.
Gaslight: A Rust macOS Stealer That Tries to Talk Your AI Analyst Out of Looking
The implant ships with an embedded prompt injection payload aimed at LLM-assisted reverse engineering tools — a small but telling escalation in adversarial UX.
CIOs Are Running AI Governance Without a Playbook — and the Clock Is Running
Boards want AI returns. Employees want access. Compliance teams want guardrails. The CIO is stuck in the middle of all three.
AIVEX Triage Model Targets Software Supply Chain Risk in AI Environments
A new framework aims to help security teams prioritize which supply chain vulnerabilities carry the highest operational, safety, and business risk where AI systems are in play.
Fake AI Agent Skill Exploits Security Gaps, Reaches 26,000 Users
A malicious AI agent skill bypassed security checks, exposing potential risks in enterprise environments.
Agentic AI Runs on Context. Feed It the Wrong Kind and Decisions Go Sideways Fast.
The core vulnerability in agentic AI systems isn't the model — it's the context window. Bad inputs, machine-speed outputs.
Anthropic's AI Model Found Vulnerabilities in Classified U.S. Government Systems
An unnamed U.S. official says Anthropic's Mythos model identified security flaws in sensitive government infrastructure during a joint exercise with intelligence agencies.
Fake Agent Skill Slips Past Every Scanner, Lands on 26,000 AI Agents
A red-team experiment by AIR pushed a booby-trapped skill through a popular marketplace and an Instagram ad. The skill marketplaces' security scanners shrugged.
When the Trigger Pulls Itself: Agentic AI and the End of the Human-in-the-Loop
Every weapon in history extended a human decision. Agentic systems are the first that try to replace it — and the security implications are not theoretical.
OpenAI Hands GPT-5.5-Cyber to 'Trusted Defenders' Under Daybreak
The model is pitched at deep codebase analysis and vuln patching. The interesting part is who gets access — and what shows up in the post-mortem when they don't.
DifyTap: Four Unauthenticated Bugs in Dify Expose Cross-Tenant AI Conversations
Researchers at Zafran say a chain of flaws in the popular agentic workflow platform let attackers read other tenants' chats without logging in.