#ai-security
95 stories taggedai-security.
Ent Raises $100 Million Seed Round to Build Intent-Aware Endpoint Security
The stealth-mode startup says its platform reads behavioral intent before risky actions execute — a bet that pre-action inference can replace post-breach detection.
SearchLeak: How a microsoft.com Link Could Have Drained a Copilot Tenant
Varonis Threat Labs chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click exfil path that lived behind a trusted Microsoft URL.
Langflow's Unauthenticated File-Write Flaw Is Being Exploited — Patch Dropped 73 Days Ago
CVE-2026-5027 lets attackers write files to arbitrary paths on exposed servers, and because Langflow ships with login disabled by default, exploitation requires exactly zero credentials.
Poisoned Documents Can Freeze AI Agent Guardrails Dead in Their Tracks
Researchers found that a single malicious input can trap reasoning-based safety systems in extended thinking loops, slowing LangGraph deployments by 148x and starving co-located agents of resources.
Sovereign Cloud Gives You a Data Center. Identity Governance Gives You Control.
European enterprises spent two years and real money on sovereign cloud deployments. What they found is that data residency is the easy part — and that AI agent identities are the part nobody governed.
Outsider Enterprise: the phishing-as-a-service mill that wasn't really 'AI-powered'
FBI, Google and Black Lotus Labs took down a Chinese PhaaS operation running close to a million phishing URLs. The 'AI' part is doing a lot of heavy lifting.
US Orders Anthropic to Geofence Fable 5 and Mythos 5; Models Pulled Globally
Washington cites a jailbreak risk. Anthropic disagrees but complies, suspending both models worldwide rather than build a foreign-national access wall.
Anthropic Pulls Claude Fable 5 and Mythos 5 After Federal Suspension Order
A late-Friday directive citing national security forced Anthropic to cut off its top-tier models — for everyone, not just foreign nationals.
Week in Brief: Google Security Cuts, AudiA6 Forum Axed, Coupang's $400M Fine
ICS exposure holds flat while the attack surface grows, IBM and AT&T face hack cover-up allegations, and Microsoft quietly drops an AI incident-response playbook.
Agentjacking: Poisoned Sentry Error Reports Hijack AI Coding Assistants
Researchers describe a prompt-injection class that turns developer error-tracking pipelines into a remote code execution path against AI coding agents.
AI Web Agents Have No Reliable Prompt Injection Defenses, Benchmark Finds
Researchers ran 3,168 adversarial tests against GPT-5 and Gemini-powered agents. The 'Robust Behavior' outcome — agent completes task, attacker gets nothing — never appeared.
MDR's AI Reckoning: When the Old Service Model Stops Keeping Up
Managed detection and response solved a staffing problem. It is not, by itself, an answer to adversaries who automate reconnaissance and intrusion at machine speed.
Cybersecurity Never Built a Health Model. AI Just Made That Inexcusable.
Thirty years of reactive security looked fine when threats moved at human speed. They don't anymore.
Researchers Turn OpenClaw Into a Confused Deputy With Hidden Prompts
Two teams show the self-hosted AI agent will execute attacker instructions smuggled inside contacts, location pins, and other benign-looking inputs.
The Cybercrime Economy Is Looking a Lot Like SaaS
A leaked worm kit, a $5K/month browser-cloning RAT, and AI agents coughing up credentials — the criminal stack is industrialising.