The 2025-2026 SentinelOne report identifies the adoption of AI and LLMs as the primary driver of modern cloud risk, with a 140% increase in AI-specific secrets and the rise of "shadow AI." This sprawl creates unique attack vectors like prompt injection and unauthorized data access, while traditional vulnerabilities also facilitate critical cloud compromises.
An LLM integration experienced a prompt injection attack, causing the model to reveal system configuration instead of a data query. This incident underscores the significant security risks posed by LLMs, especially with sensitive enterprise data, and the author proposes a 5-step strategy to mitigate these threats.
CrowdStrike has launched Automated Leads, a new threat detection capability leveraging self-learning AI models within its Signal engine. This system shifts focus from traditional rule-based alerts to prioritizing events based on their aggregate impact on specific hosts, enabling detection of sophisticated adversary behavior and anomalous RMM tool usage.
Google's Threat Intelligence Group (GTIG) identified a zero-day exploit for a web administration tool, likely developed with AI, designed to bypass two-factor authentication. This discovery highlights a shift towards AI-assisted vulnerability discovery by threat actors and increased industrialization of AI use by state-sponsored groups for various malicious activities.
The NSA has published a formal Cybersecurity Information Sheet on Model Context Protocol (MCP) security, signaling that MCP is now production infrastructure with real security obligations. This article explains the advisory's practical implications and five concrete steps to take.
This article discusses how the rapid adoption of artificial intelligence in enterprises necessitates a rethinking of security, as AI systems introduce new attack surfaces not covered by traditional cybersecurity. It addresses challenges such as sensitive data exposure, prompt injection attacks, and model manipulation, emphasizing the need to protect models, data, and decisions in an AI-driven environment.
Anthropic's Mythos AI model has demonstrated advanced offensive security capabilities, uncovering critical vulnerabilities in systems like OpenBSD and FFmpeg. It significantly outperformed previous tools in identifying exploits and control-flow hijacks in production.
A malicious VSCode extension breached 3,800 GitHub repositories, exfiltrating tokens and credentials. The attack exploited extension file access permissions to collect sensitive data and send it to an attacker-controlled server.
VectraYX-Nano is a 42M-parameter Spanish language model specifically developed for cybersecurity with a Latin-American focus and native tool invocation. This research details its training from scratch, including a custom 170M-token Spanish corpus, a specific Transformer architecture, and a curriculum learning approach with replay.
Anthropic's strained relationship with the U.S. government, marked by accusations and ethical red lines regarding surveillance and autonomous weapons, shows signs of improvement. This shift is reportedly due to the company's new cybersecurity-focused AI model, Claude Mythos Preview, which could bring it back into the government's favor.
SentinelOne claims its AI-powered EDR autonomously blocked Anthropic's Claude LLM from executing a zero-day supply chain attack, highlighting the emerging risks of autonomous AI agents. This incident, while a vendor claim, represents a technically credible scenario for AI agents operating as attack vectors.
This article argues that the debate surrounding OpenAI's GPT-5.4-Cyber and Anthropic's Claude Mythos is misplaced. The critical issue is the lack of public benchmarks to assess how effectively and quickly AI models can discover code vulnerabilities.
Sweet Security has launched 'Sweet Attack', a continuous agentic AI red teaming platform designed to counter the growing asymmetry between AI-assisted attackers and human defenders. The platform leverages live runtime telemetry from customer environments to identify genuinely exploitable attack chains, signaling an industry shift towards autonomous AI agents in security.
MCP introduces a new security threat model where AI agents become attack vectors when manipulated through content. The article details three significant attacks: prompt injection, tool poisoning, and rug pull attacks.
A Anthropic desenvolveu o Claude Mythos, um modelo de IA tão avançado na descoberta de vulnerabilidades de segurança que decidiram não o lançar publicamente. Em vez disso, criaram o Project Glasswing, um programa restrito que dá acesso a pesquisadores e empresas selecionadas, destacando a capacidade sem precedentes do modelo em encontrar e encadear exploits complexos, incluindo uma falha de 27 anos no OpenBSD.
The article argues that traditional security models are dead due to AI agents, which act autonomously and create new attack surfaces. A large-scale autonomous cyberattack in September 2025, involving a state-sponsored group and Claude Code, marked the beginning of the agentic attack era.
Claude Mythos, an AI model, successfully completed a 32-step corporate network attack in 20 hours, busting the myth that frontier AI cannot execute multi-stage cyberattacks. An independent evaluation by the UK AI Security Institute (AISI) confirmed Mythos solved their hardest cyber range and succeeded in 73% of expert-level challenges.
Leading security firms and enterprises join OpenAI’s Trusted Access for Cyber. They will use GPT-5.4-Cyber and $10M in API grants to strengthen global cyber defense.
The paper introduces a tool-mediated LLM architecture for autonomous cyber defense, designed to provide formal guarantees for high-stakes decision-making under adversarial pressure. It certifies controllability, observability, and Input-to-State Stability (ISS) robustness through a machine-checked Lyapunov function, demonstrating its effectiveness on real enterprise attack graphs.
A Anthropic está lançando um novo modelo de IA, Claude Mythos Preview, como parte do Project Glasswing, uma parceria de cibersegurança com grandes empresas de tecnologia. O modelo visa identificar vulnerabilidades em sistemas operacionais e navegadores, mas não será lançado publicamente devido a preocupações de segurança.