All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Generative AI chatbots are becoming important customer-facing tools for businesses, but they create security risks because they can access sensitive information, speak for the brand, and be manipulated into harmful actions. The text provides examples of real incidents where chatbots caused problems, such as offering incorrect discounts or giving misleading information to customers.
A developer used Google's AI Studio to quickly generate Android apps by typing brief text descriptions into a web browser, with the AI automatically handling all the coding and app building. The process required minimal manual setup (enabling USB debugging mode and connecting a phone to a computer), and a 148-word description resulted in a working app installed on an actual Android device in about ten minutes.
AdventHealth, a hospital system across nine states, is using ChatGPT for Healthcare (an AI tool built by OpenAI with extra protections for medical settings) to reduce time spent on administrative tasks like documentation and case review, allowing clinicians to focus more on patient care. The health system treated AI adoption as a core business goal rather than just a technical pilot, tracking usage metrics and having teams within each department share AI workflows tailored to their specific work. By framing the technology as 'time back' for staff rather than just automation, AdventHealth aimed to improve both operational efficiency and patient access to care.
Ocean, a newly launched startup, received $28 million in funding to develop an agentic email security platform, which uses specialized AI agents (software programs that can act autonomously to complete tasks) to analyze incoming emails and detect threats like business email compromise (when attackers impersonate trusted business contacts) and AI-generated phishing (fraudulent messages created by AI). The platform goes beyond simple filtering by examining sender intent, conversation context, and infrastructure details to identify malicious intent in emails that appear legitimate.
MLflow versions up to 3.9.0 have a security flaw in the SearchModelVersions feature (an API endpoint that retrieves information about different versions of machine learning models) that fails to check user permissions properly. This allows any logged-in user to see all model versions and sensitive details across the entire system, which is dangerous in shared environments where different teams should only access their own models.
SpaceX's IPO filing reveals extensive financial interconnections between Elon Musk's various companies, including Tesla, xAI (an AI company), Grok (an AI chatbot), and others, with their relationships mentioned hundreds of times throughout the regulatory documents. These overlapping business dealings make it difficult to track how money moves between the companies, creating complexity in understanding the actual financial structure of the offering.
Anthropic, an AI company known for its Claude models, is on track to generate $10.9 billion in revenue during the second quarter of 2026, which would mark its first profitable quarter and more than double its first-quarter revenue of $4.8 billion. The company has experienced explosive growth driven by enterprise demand, consumer usage, and government interest, though it faces intense competition from other AI companies like OpenAI.
Nvidia's financial results exceeded Wall Street predictions, driven by continued demand for AI infrastructure and datacenters. CEO Jensen Huang emphasized that the expansion of AI computing facilities is accelerating rapidly, and that agentic AI (AI systems that can independently plan and execute tasks to accomplish goals) is now being deployed across businesses and generating measurable value.
At Google I/O, DeepMind CEO Demis Hassabis announced that Google aims to use AI to transform drug discovery and eventually solve all diseases. The article appears to be a critical analysis examining the feasibility and implications of this ambitious claim.
OpenAI and Anthropic's expected IPO valuations (both projected over $800 billion) depend on maintaining high pricing power, but cheaper AI alternatives are rapidly emerging and becoming competitive. Chinese AI labs like DeepSeek and Kimi charge a fraction of what OpenAI and Anthropic do for comparable work, and enterprises are adopting cost-reduction strategies like "advisor models" (where a cheap open-source model handles most tasks and only calls expensive frontier models when needed), causing usage of Chinese models on some platforms to jump from 1% to 60% in just one year.
This research paper proposes DEGAN, a machine learning approach using dual-enhanced GAN (generative adversarial network, a type of AI that learns by having two competing neural networks) to detect botnets (networks of infected computers controlled remotely) in IIoT (industrial internet of things, devices like sensors and machines in factories connected to the internet). The method addresses the challenge of imbalanced data, where there are far fewer examples of botnet attacks than normal network activity, which makes training detection systems difficult.
Microsoft has released two open-source tools, Rampart and Clarity, designed to catch safety problems in AI agents (software systems that can take actions autonomously) earlier in development. Rampart automates repeated safety testing throughout the development process to find issues like prompt injection (tricking an AI by hiding instructions in its input) and unsafe tool use, while Clarity helps engineers document and validate their design assumptions before coding begins.
Fix: Microsoft's explicit solutions are: (1) Rampart, which transforms red-team findings into repeatable automated tests that run continuously in CI/CD workflows (continuous integration/continuous deployment, the automated systems developers use to test and release code) to surface issues before production; and (2) Clarity, a tool available as a desktop app, web UI, or embedded in coding agents that guides engineers through structured conversations about agent behavior, permissions, and trust boundaries, with outputs saved as markdown files in the repository for review and version control.
CSO OnlineEnterprises are rapidly deploying AI agents (software systems that can act independently to complete tasks), and these agents need identity management (systems that verify who or what is accessing resources and what they're allowed to do). New research shows that budgeting for AI agent security differs significantly from how companies budget for traditional identity management projects.
Security teams need to adopt AI tools to defend against increasingly automated cyberattacks, but AI should only be added after securing security fundamentals like system hardening and access control. Experts stress that humans must maintain oversight of AI security systems, and security roles are evolving to focus on validating AI decisions and managing AI model hallucination (when an AI generates false information) rather than purely monitoring alerts.
Fix: The issue is resolved in version 3.10.0.
NVD/CVE DatabaseCrowdStrike has integrated Anthropic's Claude Compliance API into its Falcon platform to give security teams real-time visibility into Claude AI activity, addressing the problem that AI usage is often invisible to security teams and creates audit and compliance gaps. The integration combines Claude audit data (authentication events, user activity logs, administrative changes, API usage) with other security events in Falcon Next-Gen SIEM (a security information and event management system that collects and analyzes security data) to help analysts detect threats and correlate suspicious patterns across AI and other systems. CrowdStrike's Charlotte Agentic SOAR (a tool that automates security response workflows) can then automatically trigger investigations and containment actions based on detected anomalies.
Fix: Organizations can implement the Claude Compliance API integration with CrowdStrike Falcon to ingest Claude audit data into their SOC (security operations center, the team monitoring systems for threats). As stated in the source: 'security teams can ingest and act on this data using existing SOC workflows.' The integration brings 'authentication events, user activity logs, administrative changes, and API usage' into the Falcon platform, allowing analysts to 'investigate AI-related incidents using the same workflows they already rely on' and enabling automated response through Charlotte Agentic SOAR to 'automatically trigger investigation and response workflows based on detection logic and defined policies.'
CrowdStrike BlogTrend Micro Apex One (on-premise) has a directory traversal vulnerability (a flaw that lets attackers access files outside their intended directory) that allows a local attacker without authentication to modify a key table on the server and inject malicious code to be sent to managed agents. This vulnerability is currently being actively exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesAI agents (autonomous systems using LLMs to solve problems) create security risks because LLMs are unpredictable and vulnerable to prompt injection (tricking an AI by hiding instructions in its input), so they can make harmful decisions with confidence. The solution is to place authorization controls (decisions about which actions are allowed) at the boundary where the agent calls external tools, rather than relying on hard-coded workflows or human approval alone. Amazon Bedrock AgentCore uses Cedar, an open-source authorization policy language, to centralize and enforce these controls outside the LLM where they cannot be bypassed.
Fix: Amazon Bedrock AgentCore Gateway sits between the agent and the tools it calls. When you associate a Policy (written in Cedar) with a Gateway, it blocks everything by default and selectively allows only specified tool invocations under defined conditions. Cedar is an open source authorization policy language developed by AWS that is purpose-built for authorization, readable by humans, and analyzable by machines using automated reasoning.
AWS Security BlogFARO-Droid is a new system that uses AI to detect malware (malicious software) on Android phones by analyzing multiple types of code features and combining them intelligently, even when attackers try to hide the malware through obfuscation (code transformation techniques that make programs harder to read and analyze). The system is designed to be reliable and resistant to these hiding techniques.
This academic article examines how hospital staff adopt defensive cybersecurity practices, focusing on the influence of leadership, human-centered skills, and rule-following requirements. The research explores organizational and behavioral factors that help healthcare workers protect systems and data from security threats, rather than technical fixes alone.
This academic paper describes FastPoS, a new security method for verifying that data is actually stored in fog-cloud IoT systems (networks of internet-connected devices distributed between local edge servers and central cloud storage). The method uses polynomial commitments (a cryptographic technique that lets someone prove they're storing data without revealing the data itself) to make verification faster and more efficient than existing approaches.