#ai-security
94 stories taggedai-security.
AWS Continuum Wants to Close the Gap Between AI-Generated Code and AI-Fixed Vulnerabilities
Amazon's new agentic security service promises continuous discovery, triage, and remediation. In practice, it's a bet that the same AI acceleration creating your backlog can also drain it.
When Legacy Infrastructure Becomes the Soft Underbelly of Your AI Agent Stack
Governance frameworks like NIST AI RMF and the EU AI Act assume the pipes under the model are secure. They often aren't.
AutoJack: When the AI Browser Becomes the Initial Access Broker
Microsoft researchers describe an exploit chain that turns an agentic browser into a one-click path from web page to host process execution.
The SOC Triangle Was Always a Lie We Accepted. AI Is Changing the Math.
Security operations have run on a structural compromise for decades — quality, consistency, or cost: pick two. That constraint is finally starting to bend.
AutoJack Exploit in Web-Enabled AI Agents: Bypassing Localhost Security
Microsoft uncovers RCE vulnerability in AutoGen Studio through local AI agent misuse.
Tool Sprawl Meets Agentic AI: Why SOCs Are Rethinking the Triage Stack
Forty tools, forty-three day dwell times. Vendors are pitching agentic AI as the fix. Analysts have questions.
SearchLeak Shows How a Single Crafted URL Can Drain Your M365 Tenant
Varonis researchers chained three weaknesses in Copilot Enterprise Search into a full data-exfiltration path. Microsoft patched it. The attack class isn't going anywhere.
Browser Add-Ons, AI Chat Links and In-Memory macOS Attacks: A Week the Internet Worked As Designed
Shady extensions, weaponised Claude conversations, fileless macOS intrusions and cloud agents turned into shells dominated the criminal feeds this week.
Mastra npm Namespace Hit: 145 Packages Tampered After Contributor Account Hijack
Researchers tracking the 'easy-day-js' supply chain incident say a single compromised maintainer account was sufficient to push malicious versions across the @mastra/* registry footprint.
The Agents Nobody Owns: AI Identities Are Quietly Becoming Your Worst Insider Risk
Orphaned AI agents and standing privileges are accumulating across enterprise environments. Most security teams can't tell you who authorized them — or revoke them quickly when they go wrong.
AI Breaks the Assumption Cybersecurity Was Built On
Modern security programs were engineered around deterministic systems. Agentic AI isn't one.
Bucket Squatting in Vertex AI SDK Opened Cross-Tenant RCE Window
A staging-bucket naming flaw in two versions of Google's Vertex AI Python SDK let attackers pre-register a victim's expected bucket and swap in a malicious pickle model before the platform could retrieve the original.
Fifteen Rogue JetBrains Plugins Posed as DeepSeek Assistants to Siphon AI Keys
A coordinated campaign on the JetBrains Marketplace dressed up credential stealers as LLM-powered coding helpers. The payload? Your provider keys.
Old Risk Frameworks Can't Handle AI. Here Are the New Ones That Try.
From ISO 42001 to NIST's AI RMF and ENISA's layered playbook, a clutch of frameworks is competing to define how organizations govern AI risk — each targeting a different gap.
Ent Raises $100 Million Seed Round to Build Intent-Aware Endpoint Security
The stealth-mode startup says its platform reads behavioral intent before risky actions execute — a bet that pre-action inference can replace post-breach detection.