AI Security Pulse

news.ycombinator.com

49 min ago

Vercel Breach: Securing OAuth in AI Supply Chains

Vercel supply chain attack struck via Context AI OAuth, exposing risks in SaaS integrations—critical lessons for hardening OAuth access in AI systems.

Vercel Supply Chain Attack Explained

cybernx.com

49 min ago

North Korea's AI Surge in Supply Chain Attacks and $12M Heists

Trend alert: North Korean actors like Sapphire Sleet use AI to bypass software flaws in supply chain compromises.

AI builds malware, fake firms for...

Is Your Supply Chain Exposing Your Organization? 4 Security Case ...

consumerfinancialserviceslawmonitor.com

lumu.io

49 min ago

US Agencies Revise Model Risk Guidance for Large Banks' AI/ML Use

Critical update for enterprise AI: OCC, Fed, and FDIC issued principles-based guidance on April 17 for managing model risks in banks over $30B...

Federal Banking Agencies Issue Revised Model Risk Management Guidance for Large Banking Organizations

Federal Banking Agencies Issue Revised Model Risk Management Guidance for Large Banking Organizations

DHS Demo Reveals Jailbroken AI's Ease in Guiding Bomb-Making and Attacks

DHS briefing shocks House lawmakers on how jailbroken frontier models—stripped of guardrails—provide step-by-step terror plans in seconds.

-...

House lawmakers get a chilling demo of ‘jailbroken’ AI

politico.com

House lawmakers get a chilling demo of ‘jailbroken’ AI

Mythos AI Patches 271 Firefox Bugs, Signaling End of Zero-Day Era

Anthropic's Claude Mythos Preview uncovered 271 vulnerabilities in Firefox, patched in version 150.

Dwarfs prior Claude Opus 4.6 scan's 22...

Mozilla patched 271 Firefox bugs found by Anthropic’s Mythos, and says the zero-day era has an expiration date

thenextweb.com

Mozilla patched 271 Firefox bugs found by Anthropic’s Mythos, and says the zero-day era has an expiration date

Check Point Enhances Google Cloud Gemini Agents with AI Security Layers

Enterprise AI agents on Google Cloud gain robust security via Check Point's AI Defense Plane integration:

Discovery: Auto-inventories agents, tools,...

Check Point to Integrate AI Defense Plane with Google Cloud to Help Secure AI Agents with Integrated Discovery, Governance, and Runtime Protection

cioinfluence.com

Check Point to Integrate AI Defense Plane with Google Cloud to Help Secure AI Agents with Integrated Discovery, Governance, and Runtime Protection

AI Cyber Arms Race Urges Global Telemetry and XDR Now

Machine-speed threats dominate: AI-driven attacks from nation-states and cybercriminals operate at high speed, scale, persistence, with China...

Why AI-Driven Arms Race Needs Better Threat Intelligence

aitoday.io

Why AI-Driven Arms Race Needs Better Threat Intelligence

10 Novel Data Exfiltration Risks in Agentic AI

Agentic AI introduces 10 data exfiltration pathways, from poisoned tool descriptions to agent memory attacks, that bypass traditional security controls. Enterprises must rethink defenses for these stealthy enterprise threats.

10 Data Exfiltration Risks That Emerge With Agentic AI

blackfog.com

49 min ago

CVEs in AI: Frameworks and Apps, Not Models

Core argument: CVEs belong in frameworks and apps, not AI models themselves.
Reality check: Most proposed AI model CVEs are app/framework vulns,...

Why CVEs Belong in Frameworks and Apps, Not AI Models

developer.nvidia.com

49 min ago

Co-Governance vs Crisis AI Regs: Inclusion or Agility?

AI regulation pits stakeholder inclusion against crisis agility:

Co-governance invites all parties to the table for balanced frameworks.
Current...

Co-Governance and the Future of AI Regulation

harvardlawreview.org

5h ago

AI Supply Chain Trend: MCP RCE and Xinference PyPI Poisoning

MCP protocol flaw in Anthropic SDKs enables unauthenticated RCE, affecting 200,000 servers and 150M+ downloads; Anthropic declined protocol fix.
-...

Anthropic's Model Context Protocol includes a critical remote code execution vulnerability — newly discovered exploit puts 200,000 AI servers at risk

tomshardware.com

Anthropic's Model Context Protocol includes a critical remote code execution vulnerability — newly discovered exploit puts 200,000 AI servers at risk

5h ago

Top 8 AI Security Best Practices Checklist

Key AI security checklist for pros tackling core threats:

Counter data poisoning
Resist adversarial attacks
Safeguard intellectual property
Enhance data privacy

Prioritize these to protect frontier and enterprise AI systems.

Top 8 AI Security Best Practices

sysdig.com

5h ago

Security Named Top AI Scaling Blocker as Industry Pushes Compliance Beyond Visibility

Industry data and tools highlight security as the #1 barrier to scaling agentic AI:

62% of organizations cite security/risk concerns as primary...

AI Safety Initiative: Pioneering AI Compliance & Safety | CSA

cloudsecurityalliance.org

5h ago

Trend: Persistent Adversarial Vulnerabilities in Evolving LLMs and MLLMs

Ongoing research uncovers lasting weaknesses despite model advances:

Adversarial attacks manipulate inputs to deceive LLMs
Imperceptible visual...

How secure are large language models against adversarial attacks?

quora.com

5h ago

AI Misuse Amplifies Insider Threats to National Security

Despite AI's positive uses, its misuse in cyberattacks and disinformation campaigns poses a national security threat, heightening insider risks.

Artificial Intelligence and the Insider Threat

cdse.edu

5h ago

AI Reverses Vuln Hunting Economics for Enterprise Defenders

Automated AI vulnerability discovery is reversing enterprise security costs that traditionally favor attackers, flipping the economics of vuln hunting in favor of defenders.

Reversing enterprise security costs with AI vulnerability discovery