An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised
Tag: large
Global Security News, AI
Frontier AI models collapse under multi-turn AI attacks, Cisco finds
Attackers who probe large language models rarely give up after one refusal. They reframe, build context across turns, adopt personas, and escalate gradually. New research from Cisco’s AI threat intelligence team finds that the safety benchmarks used across the industry miss almost all of this behavior, and the gap between published scores and observed resilience…
AI, Global Security News, Network Security
When your AI assistant has the keys to production
Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure. A recent survey on agentic AI in network and IT operations gives it a more…
AI, Cloud Security, Cybersecurity, Data Breaches, Europe, Global Security News, Government & Policy, malware, Network Security, Risk Management
Daybreak is OpenAI’s answer to the AI arms race in cybersecurity
OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle. The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows,…
AI, Compliance, Global Security News
AI is ready to take over Python programming, but not much else
Tests of how well 19 large language models (LLMs) complete and perform complicated multi-step tasks has shown that they are both error-prone and, in many cases, unreliable. The findings are contained a preprint paper, LLMs Corrupt Your Documents When You Delegate, written by Microsoft researchers Philippe Laban, Tobias Schnabel and Jennifer Neville based on a…
AI, Apps, Global Security News
HEIDI: Free IDE security plugin for open-source vulnerability checks
Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a free plugin for Visual Studio Code and JetBrains IDEs that flags vulnerable packages and offers…
AI, Exploits, Global Security News
Hackers Use AI for Exploit Development, Attack Automation
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.
AI, Apps, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
Cybersecurity M&A Targets AI Agents and Browser Security
AI has upended long-held assumptions about cybersecurity, and a wave of acquisitions by large vendors indicates a race to secure the tools and talent needed to navigate the new landscape. This is a new layer to the cybersecurity stack, adding agents, prompts, and data flows to the list of items that need to be monitored,…
AI, Apps, Global Security News, Network Security, privacy
Open-source privacy proxy masks PII before prompts reach external AI services
Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an open-source local gateway that detects and masks personally identifiable information before requests leave the network. The tool…
AI, Compliance, Europe, Funding, Global Security News, Venture
Scaling up a tech startup in Europe is hard — ‘EU Inc.’ aims to help
Europe produces a large number of new tech startups each year – 28 crossed the $1 billion valuation mark in 2025 alone – yet few become global technology leaders. Many that do succeed look elsewhere to scale, particularly in the US. Founders point to multiple barriers to growing their business in the European Union (EU),…
AI, Global Security News
Automated LLM red teaming gets a learning layer
Automated red teaming of large language models has settled into a familiar pattern over the past two years. An attacker model generates jailbreak attempts against a target model, an evaluator scores the results, and the cycle repeats. Two approaches dominate. One asks the attacker to invent strategies through trial and error, which tends to produce…
Global Security News
Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
The Vect 2.0 ransomware wipes large files instead of merely encrypting them, making recovery impossible – even for the attackers
AI, Global Security News
Google Favors General‑Purpose Gemini Models Over Cybersecurity‑Specific AI
Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents
AI, Global Security News
Researchers build an encrypted routing layer for private AI inference
Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A cryptographic technique called Secure Multi-Party Computation (MPC) makes this possible. It splits data into encrypted fragments, distributes them across two or more servers that do not share information with…
AI, Global Security News
Blue Yonder Survey: 66% of Leaders Are Actively Working To Reduce Their Supply Chain’s Impact
GUEST RESEARCH: Nearly half (47%) of large enterprises have dedicated sustainability teams to help direct cross-functional strategies
AI, Cybersecurity, Global Security News, Government & Policy, Network Security
Testing reveals Claude Mythos’s offensive capabilities and limits
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that while its cybersecurity capabilities exceed those of previously available models, it can’t reliably execute…
AI, Global Security News
Google study finds LLMs are embedded at every stage of abuse detection
Online platforms are running large language models at every stage of LLM content moderation, from generating training data to auditing their own systems for bias. Researchers at Google mapped how this is happening across what the authors call the Abuse Detection Lifecycle, a four-stage framework covering labeling, detection, review and appeals, and auditing. Earlier moderation…
AI, Global Security News
CISOs grapple with AI demands within flat budgets
Security spending continues to edge upward across large organizations, though the changes remain gradual and tightly managed. The 2026 RH-ISAC CISO Benchmark reflects a steady environment where budgets expand in small steps, even as AI becomes a routine part of security operations. Budget growth stays measured Spending levels increased during 2025 across both IT and…
AI, Apps, Compliance, Cybersecurity, Global Security News
How AWS KMS and AWS Encryption SDK overcome symmetric encryption bounds
If you run high-scale applications that encrypt large volumes of data, you might be concerned about tracking encryption limits and rotating keys. This post explains how AWS Key Management Service (AWS KMS) and the AWS Encryption SDK handle Advanced Encryption Standard in Galois Counter Mode’s (AES-GCM) encryption limits or bounds automatically by using derived key…
AI, Apps, Global Security News
One-third of help-desk tickets stop work, says study
Nearly one-third of all help-desk tickets handled by large organizations are work-stoppers, according to a study from help-desk automation company Fixify, which also found Tuesday to be the busiest day of the week for help desks. “Monday gets the reputation, but Tuesday gets the tickets,” it the study said. Around one in eight of the…
Global Security News
A nearly undetectable LLM attack needs only a handful of poisoned samples
Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack method, called ProAttack, that achieves attack success rates approaching 100% on multiple text classification benchmarks without altering sample…
AI, Global Security News
Google’s TurboQuant cuts AI memory use without losing accuracy
Large language models carry a persistent scaling problem. As context windows grow, the memory required to store key-value (KV) caches expands proportionally, consuming GPU memory and slowing inference. A team at Google Research has developed three compression algorithms: TurboQuant, PolarQuant, and Quantized Johnson-Lindenstrauss (QJL). All three are designed to compress those caches aggressively without degrading…
AI, Europe, Global Security News
NVIDIA puts GPU orchestration in community hands
GPU-accelerated AI workloads now run on Kubernetes in the large majority of enterprise environments. Managing those workloads at scale has required specialized tooling that, until now, remained under vendor control. NVIDIA moved to change that at KubeCon Europe in Amsterdam this week, donating its Dynamic Resource Allocation (DRA) Driver for GPUs to the Cloud Native…
Global Security News
Companies Aren’t Ripping Out Business Software for AI. Here’s What They’re Doing Instead.
Tech leaders at large corporations say that, for now, they’re vibe-coding their own small, custom apps, and putting pressure on their software vendors.
AI, Global Security News
Llamafile, Mozilla’s portable LLM runner, gets GPU support and a rebuilt core
Running a large language model on a single machine without cloud access or a container runtime remains a priority for practitioners working in air-gapped or resource-constrained environments. Llamafile, Mozilla-AI’s project for packaging and running LLMs as self-contained executables, has received its most significant architectural overhaul to date with version 0.10.0. A rebuild from the ground…
AI, Apps, Global Security News
Security debt is becoming a governance issue for CISOs
Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles. 2026 findings against the 2025 baseline (Source: Veracode) The analysis spans 1.6 million unique applications that underwent static analysis, dynamic analysis,…
AI, Cybersecurity, Funding, Global Security News, Venture
Cyber valuations climb as capital concentrates, AI security expands
Venture funding in cybersecurity continued to concentrate in large private rounds at the end of 2025, driving valuations higher across stages. Data from DataTribe shows total capital invested approached $150 billion for the year, with a disproportionate share flowing into fewer than 100 deals. Cybersecurity investment areas (Source: PitchBook) In Q4 alone, fewer than 100…
AI, Cybersecurity, Global Security News, privacy, Risk Management
It’s time to rethink CISO reporting lines
Despite inroads in the C-suite and rising prominence across the business at large, security leaders are still more likely to operate at a remove from the organization’s executive leadership when it comes to reporting structures. According to IANS Research and Artico Search’s 2026 State of the CISO Benchmark Report, 64% of CISOs still report into…
Apps, Endpoint, Global Security News, Risk Management
How Exposed Endpoints Increase Risk Across LLM Infrastructure
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the…
AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
A newly uncovered infostealer, suspected to be built with the help of a large language model, is targeting victims with Python and C++ variants, each tailored for a different stage of data theft. Kaspersky researchers discovered a stealer dubbed “Arkanix,” which is capable of harvesting credentials, browser data, cryptocurrency, and banking assets from infected machines.…
AI, Apps, Compliance, Cybersecurity, Global Security News, Risk Management
AI FOMO: How Pressure to Adopt AI is Outpacing Understanding
AI – or large language models (LLMs) – is introducing new attack surfaces, despite the new capabilities that the technology promises. The new threats it is introducing, including prompt injection, deepfakes, and alignment risks, are huge security concerns at a strategic level. AI FOMO is driving enterprise adoption before risk mitigation At the Genetec Global…
AI, Cybersecurity, Global Security News
AI Agents Are Here to Stay, Businesses Say
The AI bots are becoming widespread among large companies, even as a range of cybersecurity and tech governance issues still need to be ironed out.
AI, Apps, DevOps, Global Security News, Java, News, programming, Risk Management
Java security work is becoming a daily operational burden
Security teams in large enterprises already spend significant time tracking vulnerabilities across software supply chains, third-party libraries, and internal codebases. Java environments add another layer of exposure because so many mission-critical systems still run on the JVM. A 2026 Azul survey of more than 2,000 Java professionals found that 64% said more than half of…
AI, Artificial Intelligence, Generative AI, Global Security News, Risk Management
AI chatbots are worse than search engines for medical advice
There is a clear gap between the theoretical medical knowledge of large language models (LLMs) and their practical usefulness for patients, according not a new study from the Oxford Internet Institute and the Nuffield Department of Primary Care Health Sciences at the University of Oxford. The research, conducted in collaboration with MLCommons and other institutions,…
cyber crime, Cybersecurity, dark web, Global Security News, Security
New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims
Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying.
AI, Cybercrime, Malware, Ransomware, Security, Endpoint, Exploits, Global Security News, malware, Network Security
Windows shortcut weaponized in Phorpiex-linked ransomware campaign
Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems. The campaign, observed in late 2024 and continuing into 2026, leverages a common email lure, with the subject “Your Document”, to trick recipients into opening a malicious LNK attachment. “By…
AI, Global Security News
Why AI Chatbots Can’t Be Trusted for Financial Advice: They’re Sociopaths
Today’s “large language models” like ChatGPT don’t have the training to act in users’ best interest, but an MIT professor hopes to teach them how.
AI, Global Security News
Why AI Chatbots Can’t Be Trusted for Financial Advice: They’re Sociopaths
Today’s “large language models” like ChatGPT don’t have the training to act in users’ best interest, but an MIT professor hopes to teach them how.
AI, Apps, Artificial Intelligence, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
Claude Opus 4.6 Exposes Hundreds of Open-Source Vulnerabilities
Artificial intelligence firm Anthropic says its newest large language model, Claude Opus 4.6, has identified more than 500 previously unknown high-severity vulnerabilities across widely used open-source libraries. It “… reads and reasons about code the way a human researcher would — looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that…
AI, Apps, Artificial Intelligence, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
Claude Opus 4.6 Exposes Hundreds of Open-Source Vulnerabilities
Artificial intelligence firm Anthropic says its newest large language model, Claude Opus 4.6, has identified more than 500 previously unknown high-severity vulnerabilities across widely used open-source libraries. It “… reads and reasons about code the way a human researcher would — looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that…
AI, Apps, Artificial Intelligence, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
Claude Opus 4.6 Exposes Hundreds of Open-Source Vulnerabilities
Artificial intelligence firm Anthropic says its newest large language model, Claude Opus 4.6, has identified more than 500 previously unknown high-severity vulnerabilities across widely used open-source libraries. It “… reads and reasons about code the way a human researcher would — looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that…
AI, Apps, Artificial Intelligence, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
Claude Opus 4.6 Exposes Hundreds of Open-Source Vulnerabilities
Artificial intelligence firm Anthropic says its newest large language model, Claude Opus 4.6, has identified more than 500 previously unknown high-severity vulnerabilities across widely used open-source libraries. It “… reads and reasons about code the way a human researcher would — looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that…
AI, Apps, Artificial Intelligence, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
Claude Opus 4.6 Exposes Hundreds of Open-Source Vulnerabilities
Artificial intelligence firm Anthropic says its newest large language model, Claude Opus 4.6, has identified more than 500 previously unknown high-severity vulnerabilities across widely used open-source libraries. It “… reads and reasons about code the way a human researcher would — looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that…
AI, Global Security News
Claude AI finds 500 high-severity software vulnerabilities
Anthropic only released its latest large language model, Claude Opus 4.6, on Thursday, but it has already been using it behind the scenes to identify zero-day vulnerabilities in open-source software. In the trial, it put Claude inside a virtual machine with access to the latest versions of open source projects, and provided it with a…
AI, Apps, Cybersecurity, Global Security News, privacy, Risk Management, Vendor Leadership & Partner Programs
January 2026 Leadership Recap Part 2
The start of Q1 2026 has seen several CEO hires across the channel. Organizations, both large and small, have added new leaders to help drive growth for their enterprises. Take a look at the new hires across the channel below, and be sure to check out Part 1 of the January Leadership Recaps to learn…
AI, Global Security News
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, along