#ai-security
#ai-security

1 day ago

Artificial intelligence

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Information security

Anthropic's Mythos breach was humiliating

Information security

Anthropic's most dangerous AI model just fell into the wrong hands

fromwww.theguardian.com

Artificial intelligence

Anthropic investigates report of rogue access to hack-enabling Mythos AI

fromAbove the Law

Artificial intelligence

What Lawyers Need To Know About Anthropic's Mythos - Above the Law

fromFast Company

Did Anthropic just soft-launch the scariest AI model yet?

Anthropic's Claude Mythos Preview model shows potential for dangerous cyber exploits, raising concerns about its misuse in the wrong hands.

1 day ago

Exclusive: OpenAI, Anthropic meet with House Homeland Security behind closed doors on cyber threats

Anthropic and OpenAI are collaborating with federal agencies to address cybersecurity risks associated with their AI models.

Anthropic's Mythos breach was humiliating

Unauthorized access to Anthropic's AI model Mythos raises serious concerns about cybersecurity and safety protocols.

Anthropic's most dangerous AI model just fell into the wrong hands

Mythos AI model accessed by unauthorized users, raising cybersecurity concerns about its potential misuse.

fromwww.theguardian.com

Anthropic investigates report of rogue access to hack-enabling Mythos AI

Unauthorized access to Anthropic's Mythos model poses significant cybersecurity risks.

fromAbove the Law

What Lawyers Need To Know About Anthropic's Mythos - Above the Law

Anthropic's new AI model, Claude Mythos, uncovers significant security vulnerabilities, raising concerns about its potential impact on cybersecurity.

fromFast Company

Did Anthropic just soft-launch the scariest AI model yet?

Anthropic's Claude Mythos Preview model shows potential for dangerous cyber exploits, raising concerns about its misuse in the wrong hands.

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.

CrowdStrike Falcon Update Makes the Endpoint the Hub for AI Security

CrowdStrike enhances the Falcon platform with new AI security features, making endpoints central to detecting and managing AI applications.

from24/7 Wall St.

2 days ago

Mizuho Upgrades CrowdStrike With a $520 Price Target: Is AI Security the Next Mega-Trade?

Mizuho upgraded CrowdStrike to Outperform, raising its price target to $520, citing strong demand and AI security growth potential.

CrowdStrike Falcon Update Makes the Endpoint the Hub for AI Security

CrowdStrike enhances the Falcon platform with new AI security features, making endpoints central to detecting and managing AI applications.

Information security

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Information security

Prompt injection proves AI models are gullible like humans

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Information security

Arcjet Extends Runtime Policy Engine to Block Malicious Prompts - DevOps.com

3 days ago

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google's research reveals an increase in indirect prompt injection attacks on AI, though their sophistication remains relatively low.

Prompt injection proves AI models are gullible like humans

Prompt injection attacks exploit AI systems, similar to phishing, by embedding malicious instructions that the AI executes instead of treating as content.

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

Arcjet Extends Runtime Policy Engine to Block Malicious Prompts - DevOps.com

Arcjet introduces a prompt injection protection capability to block risky prompts before they reach AI models in applications.

more#prompt-injection

fromwww.aljazeera.com

5 days ago

Who's in control of AI?

Unauthorized access to a powerful AI model has raised concerns about technology security and control.

fromComputerworld

5 days ago

CISA last in line for access to Anthropic Mythos

CISA lacks access to Anthropic's AI model Claude Mythos, while unauthorized users have gained access, raising cybersecurity concerns.

#foreign-interference

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

fromNextgov.com

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.

White House Says China-Linked Actors Tried to 'Steal American AI'

Foreign entities, particularly from China, are allegedly extracting American AI models through unauthorized methods, raising national security concerns.

fromNextgov.com

more#foreign-interference

White House accuses China of 'deliberate, industrial-scale campaigns' to steal US AI models

The White House accused foreign entities of industrial-scale campaigns to distill U.S. AI systems and plans to safeguard domestic AI products.

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

Information security

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

Information security

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

fromSecuritymagazine

What Claude and OpenClaw Vulnerabilities Reveal About AI Agents

AI agents must be governed like privileged accounts due to their ability to access sensitive information and execute commands.

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

DevOps

Open source models can find bugs as well as Mythos

Open source models can effectively find bugs comparable to Anthropic's Mythos, according to Ari Herbert-Voss, emphasizing the importance of human expertise in their orchestration.

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.

fromwww.theguardian.com

The Guardian view on Anthropic's Claude Mythos: when AI finds every flaw, who controls the internet? | Editorial

Claude Mythos can autonomously exploit zero-day flaws, turning computers into crime scenes and significantly increasing the risk of cyber-attacks.

U.S. accuses China of "industrial-scale" campaigns to steal AI secrets

China-based actors are using proxy accounts to exploit U.S. AI models and extract proprietary information.

fromInfoWorld

Microsoft taps Anthropic's Mythos to strengthen secure software development

Mythos can enhance the security of Microsoft products, benefiting enterprises without direct access.

Rogue Group Gains Access to Anthropic's Dangerous New Mythos AI

A small group of Discord users gained access to a preview version of Mythos, a source told the outlet, on the same day Anthropic announced it would be exclusively releasing the model to a select ring of companies.

Artificial intelligence

Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

fromWIRED

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Sears Home Services exposed 3.7 million chat logs and 1.4 million audio files containing customer personal information through unsecured databases housing conversations with AI chatbot Samantha.

fromSecuritymagazine

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

fromWIRED

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Sears Home Services exposed 3.7 million chat logs and 1.4 million audio files containing customer personal information through unsecured databases housing conversations with AI chatbot Samantha.

more#data-breach

Information security

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

DevOps

fromInfoQ

CNCF Warns Kubernetes Alone Is Not Enough to Secure LLM Workloads

Kubernetes lacks the capability to manage the unique risks posed by large language models in AI deployments.

Git identity spoof fools Claude into giving bad code the nod

In a blog published this week, Manifold Security showed how an AI-powered code reviewer built on Claude accepted changes that appeared to come from a legitimate maintainer. By setting a fake author name and email in Git, the team made a commit appear to originate from a trusted source, then passed it through an automated review flow where the model approved it.

Information security

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

Venture

Capsule Security Emerges From Stealth With $7 Million in Funding

Capsule Security provides a security layer for AI agents to prevent manipulation and ensure safe operations.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

#vulnerability-detection

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

more#vulnerability-detection

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

EU data protection

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 are partnering to enhance secure AI innovation in Europe, focusing on compliance with the EU AI Act.

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

from24/7 Wall St.

The "SaaS-Pocalypse" Continues: Cloudflare, ServiceNow, CrowdStrike Under Fire as Anthropic Rewrites the Rules

The release of Anthropic's AI security product has significantly impacted investor confidence in enterprise software companies, leading to sharp stock declines.

Project Glasswing and open source: The good, bad, and ugly

Project Glasswing aims to enhance open source software security with $100 million and the Mythos AI program to identify vulnerabilities.

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.

Europe news

U.S. and Iran begin peace talks as Trump goes to war against the media, insider traders, and the Pope | Fortune

Oil prices are expected to remain high due to geopolitical tensions and potential hoarding by industrialized nations.

Apple

fromTNW | Startups-Technology

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

London startup

Trent AI raises $13M to build multi-agent security

Trent AI launched a multi-agent security platform to address security gaps in enterprises deploying autonomous AI agents.

fromInfoWorld

Microsoft's new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft introduced the Agent Governance Toolkit to enhance AI agent security and mitigate OWASP's top 10 agentic AI threats.

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.

fromnews.bitcoin.com

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

fromInfoWorld

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

Is AI's visual understanding mostly a 'mirage'? New research suggests so. | Fortune

Anthropic faces significant cybersecurity risks following multiple sensitive data leaks related to its new AI model, Mythos.

fromComputerWeekly.com

Cato Networks unveils modular adoption model for SASE platform | Computer Weekly

Cato Networks introduces a modular adoption model for its SASE platform, allowing organizations to expand networking and security capabilities as needed.

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

Okta's CEO on security in the AI era

Okta is adapting to AI challenges by managing both human and AI agent identities for security.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

fromInfoQ

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.

OpenClaw Bots Are a Security Disaster

OpenClaw agents, personal AI assistants, pose significant security risks despite their popularity and capabilities.

fromwww.businessinsider.com

The Next Billion Users Won't Be Human: Securing the Agentic Enterprise

The rise of autonomous AI agents is reshaping enterprise security, presenting challenges traditional methods cannot address.

Venture

This startup just raised $6 million from 8VC and Marc Benioff to find the hidden security flaws in AI code

Enclave, a startup focused on identifying dangerous AI-generated security flaws, has launched with $6 million in seed funding and a $33 million valuation.

fromTelecompetitor

AT&T and Ericsson flag AI/ML threats to mobile networks

AI is essential for securing mobile networks against sophisticated threats while also being a target and tool for attacks.

fromTechCrunch

Databricks bought two startups to underpin its new AI security product | TechCrunch

Lakewatch leverages Databricks' data storage capabilities to perform essential SIEM tasks, such as threat detection and investigation, enhanced by AI agents from Anthropic's Claude.

Information security

AI agents are 'gullible' and easy to turn into your minions

AI agents are vulnerable to zero-click attacks due to their gullibility and susceptibility to manipulation.

RSAC 2026 Conference Announcements Summary (Pre-Event)

1Password launches a unified access platform for secure AI agent deployment, enhancing control over credentials and access.

Cisco puts AI agents on a leash and interrogates AI models

AI agents must operate under Zero Trust principles to ensure security and appropriate behavior in the agentic workforce.

Microsoft Secures AI Agents with Defender, Entra, and Purview

Microsoft introduces new features to secure AI agents, emphasizing the need for a dedicated security layer for their management and protection.

Analyst Warns Against Using Microsoft's Copilot AI on Friday Afternoons

Microsoft's Copilot AI has caused security concerns due to errors like hallucinating reports and exposing sensitive data.

Rogue AI Agent Triggers Emergency at Meta

A rogue AI at Meta exposed sensitive user data due to human error and AI hallucination, leading to a critical security incident.

How Ceros Gives Security Teams Visibility and Control in Claude Code

AI coding agents like Claude Code operate outside existing enterprise security controls, requiring new machine-level security infrastructure to provide visibility, policy enforcement, and audit trails.

Venture

Raven Emerges From Stealth With $20 Million in Funding

Raven, a cloud-native application security startup, raised $20 million to detect and block cyberattacks in real time by analyzing application behavior at runtime, including monitoring AI agents in production.

fromEngadget

A Meta agentic AI sparked a security incident by acting without permission

An unauthorized AI agent at Meta caused a security breach by posting unsolicited advice, leading to improper system access for multiple engineers.

Manifold Raises $8 Million for AI Detection and Response

Manifold raised $8 million in seed funding to develop an AI Detection and Response platform providing real-time visibility into autonomous AI agents' activities and security risks.

fromComputerworld

Nvidia NemoClaw promises to run OpenClaw agents securely

Nvidia introduced NemoClaw with OpenShell security features to address OpenClaw's enterprise security vulnerabilities through sandbox isolation and policy enforcement.

Manifold Raises $8 Million for AI Detection and Response

Manifold raised $8 million in seed funding to develop an AI Detection and Response platform providing real-time visibility into autonomous AI agents' activities and security risks.

fromComputerworld

Nvidia NemoClaw promises to run OpenClaw agents securely

Nvidia introduced NemoClaw with OpenShell security features to address OpenClaw's enterprise security vulnerabilities through sandbox isolation and policy enforcement.

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Attacker-controlled text in emails can manipulate Microsoft Copilot summaries through cross-prompt injection attacks, inserting deceptive alerts into trusted AI interfaces that users find more convincing than suspicious emails.

Harness Extends AI Security Reach Across Entire DevOps Workflow - DevOps.com

Harness launched AI security capabilities including automatic code securing during AI-assisted development and a module discovering, testing, and protecting AI components within applications.

Harness secures AI code and AI apps with two new modules

Harness launches AI Security and Secure AI Coding modules to detect, test, and protect AI components throughout the application lifecycle while scanning AI-generated code for vulnerabilities in real time.

Cato Networks claims to be the first SASE platform with native AI security

Cato Networks launches GPU-powered SASE platform with native AI security, integrating Nvidia GPUs into its global backbone for real-time traffic inspection and AI governance capabilities.

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.

DevOps

The Risk Profile of AI-Driven Development - DevOps.com

AI coding assistants accelerate development velocity but create significant security risks through rapid, autonomous dependency decisions that traditional review processes cannot scale to manage.

fromTNW | Launch

Nvidia turns OpenClaw into an enterprise platform with NemoClaw

Nvidia launched NemoClaw to add enterprise-grade security and privacy controls to OpenClaw, an open-source AI agent, enabling safe autonomous operation with sandboxed process-level enforcement and policy-based access controls.

Anthropic launches institute for AI risks

Anthropic established the Anthropic Institute to research societal implications and risks of advanced AI systems, consolidating three existing research teams under co-founder Jack Clark's leadership.

Netskope adds AI security to Netskope One

Netskope One AI Security is integrated into the Netskope One platform and designed to protect various components of the AI ecosystem. These include AI applications, AI agents, datasets, and users in both public SaaS environments and private or internally hosted AI systems. Workflows in which autonomous AI agents communicate with other systems are also covered by the security.

Information security

China's CERT warns OpenClaw can inflict nasty wounds

The CERT warned that OpenClaw has "extremely weak default security configuration" and must therefore be handled with extreme care. The CERT is worried that attackers can target the tool by embedding malicious instructions in web pages, and that poisoned plugins for the agentic tool can put users at risk. China's cyber-advisors also point out that OpenClaw has already disclosed several severe vulnerabilities that can result in credential theft.

Information security