Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label AI. Show all posts
WhatsApp
AI Cloud Instagram Messaging Technology Telegram WhatsApp

WhatsApp to Roll Out Username Feature, No Mobile Number Required


WhatsApp will launch a new feature where users can opt for usernames and connect with others without putting mobile numbers. The feature is similar to the famous messaging app Telegram and also Instagram. The new update will allow users to share a unique username instead of their contact number for chats.

About feature development

“WhatsApp has worked to ensure that the username experience is stable and secure. For this reason, the rollout of usernames is taking a significant amount of time. Over the years, the code of the app has been extensively updated to make sure all existing features are fully compatible with usernames. So WhatsApp focused on testing and refining the feature carefully before making it widely available. It seems that WhatsApp is set to roll out the username feature to users as part of a phased rollout strategy over the coming months,” Whatsapp said in its blog. 

Users will still have the option to continue using WhatsApp as usual if they so choose. Phone numbers will still be linked to accounts for login and recovery purposes, but each account will support a single username that can be changed at a later time without impacting chats or account activity.

How to setup

Soon, both Android and iPhone users of WhatsApp will be able to create usernames straight from the app's Settings menu. Users must visit their profile settings, select the Username option when it appears, and pick a distinctive handle for their account in order to set one up. Before the chosen username can be kept, WhatsApp will automatically check if it is legitimate and accessible.

Safety first

In order to avoid confusion and abuse, the site is also implementing strict guidelines for usernames. Usernames can only contain letters, digits, periods, underscores, and at least one letter; they must be between three and thirty-five characters long. Some formats will not be accepted, such as usernames that start with "www," finish in domain-style extensions, or have repeated periods.

What about user privacy?

By enabling users to communicate without disclosing their phone numbers, the function aims to increase privacy. Once enabled, users can speak with buyers, sellers, community organizations, or new connections using their usernames rather than their personal mobile numbers. Only the selected handle—rather than the associated phone number—will be visible to those who contact you using the username.

With a wider deployment anticipated later in 2026, WhatsApp has already begun testing usernames with a small number of iOS and Android users. According to the firm, usernames will continue to be optional, so users can continue to use WhatsApp with just their phone numbers if they so choose. Even once usernames are implemented, phone numbers will still be used for account sign-ins, verification, and recovery.

Read more »
Technology
AI ALPR Data Spying Surveillance Technology

School Buses Could Become Surveillance Vehicles for Government in The US


In the US, school buses may soon become surveillance vehicles, according to 404 media’s report. A review of leaked documents revealed plans to deploy buses with automatic license plate readers (ALPR). 

The data will be allegedly given to government agencies. Already, privacy is a concerning issue amid rising data safety violations. Equipping buses with surveillance cameras will be unconstitutional and national-level spying of citizens in the US. 

About the incident

Bus Patrol, US’ leading provider of school bus stop-arm cameras has  over 40,000 AI-based cameras throughout 24 states. These cameras are allowed in 30 states, and are installed on school buses, and capture images of vehicles violating traffic rules when the bus is stopped. 

The footages captured  by the buses are “recorded, reviewed, and submitted to local law enforcement for review and final approval,” says BusPatrol. 

Stop-arm cameras claim to improve driver behaviour near school buses and student safety, but they have faced backlashes for failing on both ends. Stop-arm cameras also generate millions of dollars for businesses like BusPatrol. 

Currently, the firm plans to increase its data collection, revenue, and teaming with local law enforcement by changing stop-arm camera into ALPRs, as per the leaked BusPatrol documents. 

Why is ALPR system an issue?

ALPR systems are run by firms such as Flock Safety. They record the license plate number of passing vehicles but unlike traffic signals or stop-cameras, ALPR "cameras photograph every vehicle that drives by and can use artificial intelligence to create a profile with identifying information that then gets stored into a massive data base,” said the Institute for Justice (I.J), a public interest law firm. 

The data can be sent to law agencies which might use it for searching a vehicle or driver without requiring a legal warrant. The ALPR cameras fixed on moving school buses will help enforcement agencies to capture every moving vehicle they come across.

Flawed implementation

Without ethical enforcement, these cameras can be exploited. joshua Windham, a senior I.J. attorney, announced a nationwide campaign to oppose the uncontrolled and unconstitutional deployment of ALPR technology. 

Earlier ALPR systems’ data security has come under scrutiny after cases of sharing databases with immigration agencies surfaced despite company policies forbidding it. 

In Kansas, an officer used the data to trace his ex-girlfriend whereas in Texas, officers used the data to search for a woman who got an abortion. Such incidents have caused a few communities to termiate their contracts and discontinue ALPR entirely.

Read more »
Surveillance
AI Cloud Data FROST Internet Privacy Spying Surveillance

FROST Attack: Websites Can Now Spy on Users Via SSDs


Websites have always tried to spy on user activity through browsing histories, mouse clicks and keystrokes, and device fingerprints. Even Yandex and Meta were caught spying on users recently.

Hackers exploiting SSDs

These days, hackers are exploiting SSDs to spy on user activity. Known as Fingerprinting Remotely using OPFS-based SSD Timing or FROST, the technique lets hackers spy on other websites a visitor is viewing and what other applications are open on a user device.

In a research paper, the authors explained the exploit tactic. Hackers exploit a side channel, creating a type of leak that results from data caches or electromagnetic emanations. By computing the physical manifestations, hackers can decode encoded traffic and hack other confidential information.

Sites spying on user activity

The exploit that FROST used was called a contention side channel, which calculates the communication of other processes all using a given resource. By measuring input-output (I/O) time of SSD operations that a visitor uses, the experts found out websites opened in different tabs and browsers; even the applications that were opened on the user device. FROST doesn’t need any communication from the visitor but only requires opening the site hosting the exploit.

The attack tactic

According to the researchers, “Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications.” They also said that “companies like Google, Microsoft, and Adobe have developed full-fledged office suites, photo- and video editors, or even integrated development environments (IDEs) that run entirely within the browser.” 

The impact

The authors also noted that, "while these features enhance the capabilities of web applications and allow completely novel use cases, they also increase the browser’s attack surface, and some have already been shown to introduce new vulnerabilities.”

About the exploit

The attack is different to older contention-side channel attacks on SSDs. FROST runs only in the browser and uses JavaScript that communicated with OPFS (origing private file system), a dedicated storage space that is kept for a particular site to rune codes needed to do a given task. Sites can make one with zero communication required by the user.

“The attacker continuously measures SSD contention by performing random reads from a large OPFS file. SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model,” said the researchers. 

Read more »
Phishing
AI Bug Cloud Cyber Attacks Data KnowledgeDeliver Phishing

Hackers Exploit KnowledgeDeliver Bug to Install Web Shells


Threat actors abused a critical zero-day bug in a server that ran a KnowledgeDeliver LMS to install the Godzilla. The bug is a deserialization problem tracked as CVE-2026-5426 and can be abused without verification. It originates from the use of “shared hardcoded machine key in the web portal configuration,” said Bleeping Computer, throughout all KnowledgeDeliver consumer deployments. 

Deserialization of ViewState

Hackers found the stolen machine key and used it in ViewState deserialization campaigns to sign infected ViewState payloads and launch remote code execution (RCE) at the OS level. 

In 2025, Mandiant responded to a campaign on a KnowledgeDeliver server and said that in the beginning, the bug was abused as a zero-day to deploy a compromised script into the web platform.

Attack tactic

The compromise was also possible as threat actors used “identical pre-shared ASP.NET machine keys across multiple customer deployments,” the experts said. 

According to Mandiant, “KnowledgeDeliver installations deployed before Feb. 24, 2026 relied on a standardized web.config file provided by the vendor. This configuration file contained hardcoded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads.”

Experts said that the code on the platform lured users to download a malicious installer, which compromised the machine with a Cobalt Strike beacon by deploying a backdoor. 

The encrypted payload used a key “that used the name of the compromised organization, which indicated that the threat actor prepared this payload specifically for the targeted organization,” Mandiant report said.

Similar attacks in 2025

In August last year, experts from ASEC also disclosed that Godzilla was planted in ASP.NET environments in ViewState deserialization attacks against firms in the finance industry.

Threat actors could modify a JavaScript file with code that asked users to run a ‘security authentication plugin’ and install a malicious script from a domain that hackers used.

Hackers targeting unsecured machines

In recent years, threat actors are increasingly exploiting unsafe  machine keys in Viewstate deserialization attacks against web platforms for a few products.

Threat actors utilized a hardcoded machine key in March of last year to create a malicious payload that gave them access to Gladinet CenterStack's secure file-sharing servers.

After obtaining the machine key to generate signed malicious ViewState payloads, hackers gained access to 85 Microsoft SharePoint systems in July 2025.

Additionally, state-sponsored actors utilized ViewState deserialization assaults to install WeepSteel, a spying tool that revealed the ASP.NET machine key on Sitecore servers.

Read more »
Technology
AI Anthropic Bugs ChatGPT Claude Mythos Preview Technology

Anthropic's Mythos Preview Detects Over 10,000 Software Bugs in Project Glassing


Recently, Anthropic disclosed that its Project Glasswing initiative found over 10,000 critical or high vulnerabilities in system software in its first month of operation.

Claude Mythos Preview finds bugs

Claude and 50 other partners deployed Claude Mythos Preview to find critical software infrastructure. The AI company said the initiative progress is now restricted by the pace at which flaws can be authorized, patched, and disclosed instead of discovery rates. 

The discovery of flaws

Cloudflare detected 2,000 vulnerabilities throughout its critical-path systems, with around 400 labelled as critical or high severity. Claude said that its bug-finding rate surged by over ten times. Various other partners reported the same surges in flaw detection rates.

About bug patches

The UK’s AI Security Institute reported that Mythos Preview has been the only model to patch both of its cyber issues end-to-end. Mozilla detected and patched 271 bugs in Firefox while analyzing Mythos Preview. The number is ten times more than Firefox 148 with Claude Opus 4.6. 

More about Anthropic patching flaws

Anthropic analyzed over 1,000 open-source projects via Mythos Preview, and found 6,202 estimated high or critical severity bugs out of 23,019. Out of 1,752 critical or high bugs studied by independent security research institutes, 90.6% were acknowledged as valid and 62.4% were confirmed as critical or high severity.

One bug was found in wolfSSL, a cryptographic library that billions of devices use. If successful, the bug would have allowed a threat actor to make fake certificates and host fake sites for email providers or banks. The bus was labelled as CVE-2026-5194 and has been fixed.

Critical vulnerabilities

Anthropic has revealed 530 critical or high bugs to researchers. Seventy-five have been fixed and sixty-five have been given public advisories. Claude said that a high or critical flaw detected by Mythos Preview roughly takes two weeks to fix on average.

In its recent release, Palo Alto Networks added more than five times as many patches as normal. Microsoft stated that it will keep releasing further fixes. Oracle is identifying and resolving vulnerabilities in all of its products many times more quickly than in the past.

Three weeks ago, Anthropic made Claude Security available to clients of Claude Enterprise in a public beta. Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities.

To help maintainers handle bug reports, the corporation partnered with the Alpha-Omega project of the Open Source Security Foundation. Anthropic has not made Mythos-class models available to the general public, citing the necessity for more robust security measures to stop abuse.
Read more »
quantum computing
AI AI in cybersecurity Blockchain Security Cyber Security post-quantum cryptography quantum computing

AI and Quantum Computing Convergence Raises New Security Concerns for Crypto and Digital Infrastructure

 

The long-standing debate within the cryptocurrency sector over whether quantum computing could threaten blockchain networks such as Bitcoin and Ethereum is taking on renewed urgency. Industry experts now believe that artificial intelligence (AI) may be speeding up the arrival of quantum breakthroughs, prompting concerns about the future of digital security.

Specialists working in blockchain protection and post-quantum cryptography say the intersection of AI and quantum computing is reshaping cybersecurity. AI is increasingly being used both by attackers seeking vulnerabilities and by developers strengthening defenses. At the same time, it is helping advance quantum computing research at a faster pace.

“The security landscape of the future is going to be different,” said Alex Pruden, CEO of Project Eleven, a company focused on quantum-resistant infrastructure for crypto.

“Between quantum and AI, we’re going to go into a world where security, and this is more broadly than just crypto, you simply cannot count on the way you’ve always done things,” Pruden said.

The growing concern follows warnings from technology companies and researchers suggesting that quantum computers capable of breaking current cryptographic systems could arrive sooner than expected. While experts continue to debate the exact timeline, many agree that AI could significantly accelerate progress in the field.

“AI is definitely being used to accelerate the development of quantum computing,” Pruden said. Researchers are already using machine learning systems to optimize quantum error correction, one of the field’s biggest engineering bottlenecks.

Illia Polosukhin, co-founder of NEAR Protocol and a former Google AI researcher, noted that AI has been enhancing scientific innovation for years.

“AI is becoming more and more of an accelerator,” Polosukhin said. “The rate of research is going to accelerate from here, and we have already seen progress that people didn’t expect would come this early.”

Reflecting on his experience at Google in 2016, Polosukhin explained that machine learning was already contributing to the discovery of new materials. “It might be that the next generation quantum computer will be built with AI and quantum computers of this generation,” he said. “It’s feeding into itself.”

Security experts are increasingly focused on a strategy known as “harvest now, decrypt later,” where sensitive encrypted information is collected today in anticipation of future quantum systems being able to decode it.

“If I know quantum computers are coming in a couple of years, I will start trying to capture all possible data that’s going around,” Polosukhin said.

“Everything we’re putting on the internet, if you’re identifiable as a person of interest, you can assume will be decrypted in two years,” he added. “It’s most likely happening already.”

For the cryptocurrency industry, the risks are particularly significant. Most blockchain networks rely on elliptic curve cryptography, a security standard widely used across the internet. A sufficiently advanced quantum computer could potentially derive private keys from public keys, exposing wallets and digital assets to theft.

However, experts argue that the real challenge lies not in quantum computing alone but in its combination with AI, creating an ongoing cybersecurity arms race.

Artificial intelligence is becoming increasingly capable of identifying coding weaknesses, software flaws, and security vulnerabilities. According to Pruden, these advances may increase the frequency and sophistication of cyberattacks.

“I would expect the advent of AI to accelerate… even more hacks,” Pruden said. “You have these AI models that are able to find either implementation bugs in the underlying cryptography or increasingly, I think, break the cryptography itself.”

At the same time, developers are leveraging AI to improve software security through code reviews, testing, and formal verification processes.

“AI can help with formal verification of post-quantum systems,” Pruden said. “That theoretically makes them more secure.”

Researchers believe this evolving environment means security can no longer be treated as a static framework that receives occasional updates. Instead, digital systems may require constant adaptation to stay resilient.

“Nothing is going to be as static as it’s been in the future,” Pruden said. “Either a quantum computer comes online to break some fundamental assumption, or AI gets smart enough to break that assumption too.”

This shift is already influencing blockchain ecosystems. Networks including Ethereum, Zcash, Solana, Ripple, and NEAR are exploring or implementing strategies designed to support post-quantum security.

NEAR recently revealed plans to integrate post-quantum cryptography into its account architecture, enabling users to switch cryptographic methods without moving assets to new wallets.

“Back in 2018, when we were designing [NEAR], we were like: ‘Hey, quantum will come, we should have an easy way to do it,’” Polosukhin said.

Despite growing momentum, the transition remains challenging. Current post-quantum cryptographic solutions often require more computational resources and larger data sizes than existing standards.

“The cryptography that’s currently standardized for post-quantum is very big and slow,” Polosukhin said.

According to researchers, the broader impact of AI and quantum computing is forcing a rethink of one of the digital era’s core assumptions—that encryption can remain secure for extended periods. As technology evolves, cybersecurity may increasingly depend on continuous upgrades and adaptive protection mechanisms rather than long-term static safeguards.

Read more »
Software security
AI GitHub Global Supply-Chain Attack malware Software security

TeamPCP’s Supply Chain Campaign Raises Fresh Concerns Over Open-Source Software Security

 



A cybercrime group known as TeamPCP has been linked to an expanding series of software supply chain attacks that researchers say have affected hundreds of organizations, with GitHub becoming the latest high-profile name connected to the campaign.

GitHub recently disclosed that it had identified thousands of repositories impacted after a developer reportedly installed a compromised extension for Visual Studio Code (VSCode), Microsoft's widely used source-code editor. TeamPCP later claimed on the cybercrime forum BreachForums that it had gained access to roughly 4,000 GitHub repositories and attempted to advertise what it described as GitHub source code and internal organizational data for sale. GitHub stated that it had identified at least 3,800 affected repositories but said its investigation indicated the exposed repositories contained the company's own code rather than customer code.

The incident highlights the growing danger of software supply chain attacks. Unlike traditional intrusions that target a company directly, these operations focus on software that developers trust and use every day. By secretly inserting malicious code into legitimate tools, attackers can potentially reach thousands of downstream users through a single compromise.

Security researchers tracking TeamPCP believe the group has transformed what was once considered an occasional cybersecurity threat into a recurring problem. According to software supply chain security firm Socket, the group has launched around 20 separate attack waves in recent months, embedding malicious code into more than 500 unique software projects. When different compromised versions are counted, that number rises to well over a thousand malicious releases.

Researchers say the group's success stems from a self-reinforcing attack cycle. TeamPCP typically begins by compromising a development environment associated with an open-source project. Malware is then inserted into software packages that are downloaded by other developers. Once installed, the malicious code can steal credentials, authentication tokens, and publishing permissions, allowing attackers to compromise additional software projects and continue spreading through the development ecosystem.

Recent investigations indicate that TeamPCP has increasingly automated this process through a worm known as Mini Shai-Hulud. The malware has been observed creating GitHub repositories containing encrypted credentials stolen from victims while leaving references to Frank Herbert's science-fiction universe Dune. Researchers note that although the name resembles an earlier worm called Shai-Hulud, there is currently no evidence linking TeamPCP to that previous campaign.

GitHub is not the only organization mentioned in connection with the operation. Researchers have previously linked TeamPCP activity to incidents involving OpenAI, Mercor, and several widely used software development projects. During a major expansion of its campaign earlier this year, the group reportedly compromised software and infrastructure associated with Trivy, LiteLLM, Checkmarx, pgserve, TanStack, and Mistral AI. The stolen credentials obtained through those attacks were allegedly used to fuel further compromises.

Security analysts describe credential theft as the group's primary enabler. Long-lived access tokens and poorly managed credentials allow attackers to move from one environment to another with relatively little effort. According to researchers, once a single trusted credential is stolen, it can provide access to additional repositories, cloud resources, and development systems.

The group's activities have also evolved beyond software tampering. Threat intelligence researchers report that TeamPCP has engaged in ransomware deployment, data extortion, and data-sale operations. In April, the group reportedly began adopting elements of a ransomware-as-a-service model through associations with cybercriminal platforms such as BreachForums and DragonForce. Researchers have additionally observed activity involving CanisterWorm, malware that targeted Kubernetes environments and reportedly deployed destructive functionality against selected Iranian targets.

The scale of the campaign has renewed debate over how organizations should safely consume open-source software. Experts recommend strengthening credential management practices, regularly rotating access tokens, limiting permissions wherever possible, and closely monitoring software dependencies. They also advise organizations to avoid automatically installing newly released software updates without first validating their integrity. In some recent cases, security teams detected malicious updates within minutes, but users who relied on automatic updates had already installed the compromised code.

The bigger lesson, researchers say, is that trust alone is no longer sufficient in modern software development. Open-source software remains a cornerstone of the global technology ecosystem, but organizations increasingly need verification processes, update review procedures, and continuous monitoring to reduce the risk posed by rapidly spreading supply chain attacks.

Read more »
workplace monitoring
AI Meta Meta layoffs 2026 Meta surveillance software Technology workplace monitoring

Meta Employees Protest New Workplace Surveillance Measures Ahead of Planned Layoffs

 


Meta Platforms, Inc. employees have reportedly initiated an internal campaign opposing the company's newly introduced workplace monitoring practices, according to recent reports.

Staff members at multiple Meta offices across the United States distributed flyers criticizing software that tracks employee computer activity. The monitoring tool records information such as cursor movement, mouse clicks, and navigation behavior while employees work.

The pamphlets were placed in common areas including meeting rooms, vending machine locations, and restrooms. Organizers urged coworkers to challenge what they described as an "Employee Data Extraction Factory."

The protest emerges just days before Meta is expected to reduce its workforce by approximately 10%, a move that has intensified concerns among employees about job stability. Many workers reportedly suspect that the monitoring system serves a broader purpose beyond measuring productivity. Some believe the collected behavioral data could be used to train artificial intelligence systems capable of automating workplace tasks.

In a statement emailed to Benzinga, Meta referenced its previous comments regarding AI training data. A company spokesperson defended the initiative, explaining that the information provides "real examples" of computer use that help improve AI agents designed to complete routine digital activities.

“There are safeguards in place to protect sensitive content and the data is not used for any other purpose,” the spokesperson added.

Employee dissatisfaction has reportedly grown amid Meta's ongoing workforce reductions, increased productivity monitoring, and strategic shift toward becoming a more AI-focused organization.

Earlier, during a company town hall, CEO Mark Zuckerberg stated that AI efficiency tools were not the main reason behind the planned job cuts.

The distributed flyers also highlighted employee rights under U.S. labor laws, indicating the beginning of broader organizing efforts within the company.

Meanwhile, reports suggest that Meta employees in the United Kingdom have started unionization efforts through United Tech and Allied Workers. Organizers have criticized what they called "draconian surveillance" measures and expressed concerns over the company's aggressive AI-driven direction.

On the market front, Meta shares finished Tuesday's trading session at $603.00, gaining 0.69%. The stock later slipped 0.18% in after-hours trading to $601.93.

According to Benzinga Edge Rankings, Meta ranks in the 89th percentile for growth performance. However, the company's stock has continued to display negative price momentum across short-, medium-, and long-term periods.
Read more »
Technology
AI Anthropic AI Claude coding assistants Malicious Activities Technology

Researchers Find Security Gap in Anthropic Skill Scanners




Security researchers have uncovered a gap in the way Anthropic Skill scanning tools inspect third-party AI packages, allowing malicious code hidden inside test files to execute on developer systems even after scanners marked the Skills as safe.

The issue centers on Anthropic Skills, reusable packages designed for AI coding assistants such as Claude Code, Cursor, and Windsurf. These packages often include instructions, scripts, and configuration files that help AI agents perform development tasks inside IDE environments.

Researchers from Gecko Security found that existing Skill scanners focus primarily on files tied directly to agent behavior, particularly SKILL.md, while ignoring bundled test files that can still run locally through standard developer tooling.

In the demonstrated attack chain, a Skill passed all scanner checks because its visible instruction files contained no prompt injection attempts, suspicious shell commands, or malicious instructions. However, the repository also included a hidden .test.ts file stored elsewhere in the directory structure. Although the file was outside the agent execution layer, it still executed through the project’s testing framework with full access to local resources.

According to researcher Jeevan Jutla, the problem begins when developers install a Skill using the npx skills add command. The installer copies nearly the entire repository into the project’s .agents/skills/ directory. Only a few items, including .git, metadata.json, and files prefixed with underscores, are excluded during installation.

Once placed inside the repository, testing frameworks such as Jest and Vitest automatically discover matching test files through recursive glob patterns. Both frameworks reportedly enable the dot:true option, allowing them to search inside hidden directories including .agents/. Mocha follows similar recursive discovery behavior in many default configurations.

A malicious Skill can therefore include a file such as reviewer.test.ts containing a beforeAll function that silently executes before visible tests begin. Researchers said these payloads can access environment variables, .env files, SSH keys, AWS credentials, deployment tokens, and other sensitive information commonly available inside local developer environments and CI pipelines. The data can then be transmitted to external servers without triggering obvious warnings during test execution.

The researchers stressed that the AI agent itself is never involved in the compromise. Instead, the malicious behavior occurs through trusted developer tooling already integrated into the software workflow. Existing scanners inspect the files the AI agent can interpret, but not the files executed separately by testing infrastructure.

The technique resembles older software supply-chain attacks involving malicious npm postinstall scripts and poisoned pytest plugins. However, Gecko Security noted that the Anthropic Skill ecosystem creates an additional propagation problem because installed Skills are often committed into shared repositories so teams can reuse them collaboratively.

GitHub’s default .gitignore templates do not automatically exclude .agents/ directories. Once a malicious test file enters the repository, every teammate cloning the project and every CI pipeline running automated tests may execute the payload across branches, forks, and deployment workflows.

The findings arrived shortly after multiple large-scale security audits examining the broader Anthropic Skills ecosystem. A January academic study named SkillScan analyzed 31,132 Skills collected from two major marketplaces and found that 26.1% contained at least one vulnerability spanning 14 separate patterns. Data exfiltration appeared in 13.3% of examined Skills, while privilege escalation appeared in 11.8%. Researchers also determined that Skills bundling executable scripts were 2.12 times more likely to contain vulnerabilities than instruction-only packages.

Several weeks later, Snyk published its ToxicSkills audit covering 3,984 Skills from ClawHub and skills.sh. The company reported that 13.4% of scanned Skills contained at least one critical-level security issue. Automated analysis combined with human review identified 76 confirmed malicious payloads, while eight malicious Skills reportedly remained publicly accessible on ClawHub when the findings were released.

In April, Cisco introduced an AI Agent Security Scanner integrated into IDE platforms including VS Code, Cursor, and Windsurf. The scanner can detect prompt injection attempts, suspicious shell execution patterns, and data exfiltration behaviors within Skill definitions and agent-referenced scripts. However, Gecko Security said bundled test files remain outside the scanner’s documented detection surface because the tool was designed around agent interaction layers rather than developer execution layers.

Researchers noted that other products, including Snyk Agent Scan and VirusTotal Code Insight, face similar structural limitations. These tools inspect what the agent is instructed to execute but may overlook code paths triggered separately through local development frameworks.

Elia Zaitsev described the broader issue as a distinction between interpreting intent and monitoring actual execution behavior. In this case, the malicious code did not depend on prompt manipulation or AI instructions. It operated as ordinary TypeScript executed through legitimate test runners with full local permissions.

Zaitsev also warned that enterprise AI agents increasingly operate with privileged access to OAuth tokens, API keys, and centralized data sources. If those credentials are accessible through environment variables during automated testing, malicious test payloads can reach sensitive infrastructure without requiring direct agent compromise.

Mike Riemer added that threat actors frequently reverse engineer security patches within 72 hours of release, while many organizations take far longer to deploy fixes. In the case of the Anthropic Skill test-file issue, researchers warned that the exposure window becomes more difficult to manage because the malicious files may execute immediately after installation without triggering scanner alerts.

Security researchers are urging development teams to block test discovery inside .agents/ directories and inspect Skill repositories for files such as *.test.*, *.spec.*, conftest.py, __tests__/, and suspicious configuration scripts before merging code.

The report also recommends pinning Skill installations to verified commit hashes rather than installing the latest repository version. Researchers said this reduces the risk of attackers submitting clean repositories for scanner approval before later inserting malicious files. The approach aligns with guidance published in the OWASP Agentic Skills Top 10 project.

Organizations that already store Skills inside repositories are advised to audit existing .agents/ directories immediately, rotate exposed credentials if suspicious files are discovered, inspect CI logs for unexplained outbound network traffic, and review repository history to identify when potentially malicious files entered development pipelines.

The researchers additionally called on security vendors to provide greater transparency regarding which directories, execution surfaces, and file categories their scanners actually inspect. They argued that security teams evaluating Anthropic Skill scanners should verify whether products analyze bundled test files, build scripts, and CI configurations rather than focusing exclusively on prompt injection and agent instruction analysis.

Read more »
Data Leak
AI Bug Management Cloud Cyber Security Data Data Leak

9-Year-Old Linux bug Found by Researchers, Could Leak Data


Experts have revealed details of a bug in the Linux kernel that stayed unnoticed for nine years. The flaw is tracked as CVE-2026-46333 (CVSS score: 5.5). 

Improper bug management 

The incident is improper privilege management that could have allowed threat actors to reveal sensitive data as unprivileged local users and launch arbitrary commands on default installs such as Ubuntu, Debian, and Fedora. Its alias is aka ssh-keysign-pwn.

Vulnerability existed since 2016

Cybersecurity firm Qualys found the flaw. Since November 2016, the problem has been present in mainstream Linux (v4.10-rc1). 

Distribution updates and upstream patches are already accessible. There are publicly available working exploits, thus administrators should install vendor kernel upgrades right away, Qualys said.

Privilege compromise tactic

TRU discovered a small window in which a privileged process that is dropping its credentials can still be accessed through ptrace-family operations, despite the fact that its dumpable flag should have blocked that path, during ongoing study into Linux kernel privilege boundaries.  

Qualys also added that an attacker can obtain open file descriptors and authenticated inter-process channels from a dying privileged process and utilize them under their own uid by combining this window with the pidfd_getfd() syscall (introduced in v5.6-rc1, January 2020)

What is successful exploit?

Successful bug exploit can allow a local threat actor to reveal /etc/shadow and ho'st private keys under /etc/ssh/*_key, and deploy arbitrary commands as root via four distinct hacks attacking ssh-keysign, accounts-daemon, chage, and pkexec.

PoC exploit

The bug reveal is a proof-of-concept (PoC) exploit for the bug. It was released recently, and soon after, a public kernel surfaced. CVE-2026-46333 is the latest security bug revealed in Linux after Dirty Frag, Fragnesia, and Copy Fail in recent months.

How to stay safe

Experts have advised to use the latest kernel update released by Linux distributions. If users are unable to do it immediately, temporary patchwork includes raising "kernel.yama.ptrace_scope" to 2.
Qualys added, "On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed. Rotate host keys and review any administrative material that lived in the memory of set-uid processes,” Qualys said.

Incident impact

The incident happened after the release of a PoC for a local privilege exploit known as PinTheft that lets local hackers get access to root privileges on Arch Linux systems. The hack requires the Reliable Datagram Sockets (RDS) module to be deployed on the victim system, readable SUID-root-binary, io_ring enabling, and x86_64 support for the given payload.

Read more »
Instructure
AI Canvas Cloud Data Breach Data Leak data security Instructure

Data Leak: Instructure, Canvas Allegedly Hacked, ShinyHunters Claim Responsibility


Instructure, a cloud-based LMS Canvas company was hit by a massive data attack. Ransomware gang ShinyHunters claimed responsibility for the attack, saying that it had stolen data related to 280 million students, teachers, and school staff.

100s of GBs data leaked

The data breach accounts for hundreds of gigabytes, possibly leaking Canvas users’ email ids, private messages, and names. 

Instructure revealed in May that it was hit by a data breach. The Canvas incidents of 8,809 universities, educational platforms, schools were impacted by the attack. ShinyHunters said that the numbers range between tens of thousands to several millions per institution.

It is concerning that a lot of K-12 students’ data has been leaked. If your child has been affected by the data breach, Malware Bytes can help in what to do next and how to stay safe.

Canvas compromised

Various students who tried using Canvas after the cyberattack received the message from ShinyHunters blackmailing to leak the data if Instructure did not contact the hackers by May 12. Canvas was shut down offline for various students following the incident, but it is now available for most users. 

GTA 6, Studio Rockstar were blackmailed too

ShinyHunters has been killing it this year, with only high profile targets in its track records. The group asked for a ransom from GTA 6 (a video game) Studio Rockstar in April. But in reality, it was a hoax demand as the hackers did not have anything important/worthy to leak. 

Nvidea Geforce allegedly hacked

But recently, the group allegedly claimed responsibility for the Nvidea’s GeForce Now breach, claiming to have “pulled their entire database straight from the backend."

Shiny hunters all over the place

In the Canvas incident, ShinyHunters allegedly stole user records through exposrting features inside the platform. This consists of DAP queries, APIs, and provisioning reports, according to Bleeping Computers. “The unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts,” Instructure said. 

It also added that it “revoked privileged credentials and access tokens, deployed platform-wide protections, rotated certain internal keys, restricted token creation pathways, and added monitoring across our platforms." 

The impact

Instructure also “engaged a third-party forensic firm and notified law enforcement. Beyond the immediate response, we're hardening administrative access, token management, permissions, monitoring, and related workflows. The investigation may inform further improvements.”

However, it might be too little, too late—parents are unlikely to overlook the possibility of disclosing their children's information. The much bigger problem, though, is the disastrous harm ShinyHunters has caused to Canvas's operations and reputation, as malware historian vx-underground stated on X.

Read more »
Token Theft
AI AI Economy Crypto Technology Token Pilfering Token Theft

Token Pilfering: How Token Theft is Plaguing Cybersecurity


AI economy and computing threat

The rising AI economy is bringing a new type of cybercrime. Cybercriminals are scamming AI firms by signing up for new accounts to steal tokens via computing power. The problem is getting worse, according to Patrick Collison, CEO of payment behemoth Stripe. The token hackers now amount for one in every six new customer subscriptions.

Token pilfering

Experts said that the threat actors steal the tokens to later sell them on the dark web. ‘Token pilfering’ has plagued the cybersecurity world and is becoming quite expensive for AI startups to give free trials to potential customers.

Startups attacked for money

It is not new for hackers to attack startups. With the AI economy rising, it has created fractures for hackers because with traditional software trials, a registration for an AI firm brings valuable tokens for compute power that hackers can sell later.

The token theft

The most neglected subject in AI is token theft. Because they are using tokens at machine speed, these attackers can swiftly accrue enormous consumption bills that they never plan to pay and burn inference costs. This is one of the most frightening aspects of that.

In order to use the tokens for purposes unrelated to what the company is delivering or to resell them, token theft sometimes involves thieves creating many accounts at an AI company and across multiple firms. They always vanish after using up all of the tokens; Sands compared this swindle to those who "dine and dash" at restaurants.

Attack tactic

The problem surfaces as the crooks use agents to steal the tokens in minutes. Unlike a traditional software company, the cybercrime happens too fast for the organization to address the issue.

It is hell for AI firms who want to give out free trials to get more new users. Typically, it costs nothing for a firm to give out free trials on a temporary basis, but for AI firms, the customer-acquisition costs can go up to $500 due to scammers abusing the startup policies of giving out free tokens for trial accounts.

Token epidemic

The token epidemic has created problems for startups. Few have stopped free trials, but it has affected their growth as it shuts down the opportunities to get new customers.

Luckily, one solution exists. According to Stripe, there exists a product called Radar that works as a default fraud detector in the credit card payment network, adapts tools, and helps clients find and block token fraud.

Read more »
Technology
AI Bitcoin Crypto ETH Etherium Quantum Computing Technology

Crypto at Risk: Experts Believe Quantum Threat Arriving by 2030


A recent report has warned that cryptographic foundations that secure trillions of dollars in digital currency can be hacked by quantum computers within the next four to seven years, and the blockchain industry is not prepared for damage control.

About quantum computing and threats

Project Eleven, a quantum security firm, published a report that said these quantum computers, even one, is powerful enough to hack the elliptic curve digital signatures securing Ethereum, Bitcoin, and other big blockchains. Experts say they won’t exist beyond 2033, and may end soon by 2030. The window for action is closing fast. According to the report, “Migration to quantum-resistant cryptography is no longer optional but imperative for any blockchain system expected to be trusted and secure into the future." 

Why is quantum computing so fast?

Recent innovations have significantly lowered the hardware bar needed to launch such attacks. A breakthrough Google paper said that breaking the elliptic curve cryptography threshold could be achieved within 1,200 logical cubits, and less than 90 minutes of computing time on a supercomputing hardware.

Google has put a Q-Day (like D-day)  at 2032. Project Eleven’s research has decreased the timeline by two years: 2030. The report estimates that 6.9 million Bitcoin (one third of the total estimated supply) have already been leaked on-chain, exposed to the potential quantum attack. For ETH, exposure is more, with over 65% of all ETH held in quantum-exposed addresses.

Why are blockchains weak against quantum computing?

The public ledgers and bearer-instruments offer no security. Blockchains has no scam department, no redressal platform for stolen funds, and no chargeback measures. If a quantum hacker recovers a private key and steals money, the loss is permanent. The transition problem is further fouled by slow-moving blockchain governance. 

What makes blockchains particularly vulnerable, the report explains, is that their public ledgers and bearer-instrument design offer no safety net. Unlike a bank, a blockchain has no fraud department, no chargeback mechanism, and no way to reverse a forged transaction. Once a quantum attacker recovers a private key and drains a wallet, the loss is permanent. 

Why is crypto migration difficult?

Bitcoin SegWit upgrade took more than two years to complete whereas ETH’s transition of proof stake took around 6 years to build. Quantum migration reaches the most basic layer of any blockchain mechanism.

The tech world has already started moving. More than half of web traffic (human) is currently post-quantum encrypted, Cloudflare data from December 2025 said. 

Is the digital industry prepared?

The digital asset industry lacks preparedness. Crypto developers are suggesting various proposals but these plans will take years to execute while the threat is already brushing businesses and users.

"The internet has already moved," the report added. "The digital asset industry—which arguably has more at stake because blockchains directly protect bearer value with the exact cryptographic primitives that quantum computers threaten—has barely started."

Read more »
Technology
agentic AI AI ChatGPT Cloud GenAI Internet Technology

4 Key Areas in 2026 for Organisation Safety Against Advanced AI Threats

4 Key Areas in 2026 for Organisation Safety Against Advanced AI Threats

2026 has not been a kind year to cybersecurity, as organizations and industries globally have been hit by ruthless cyberattacks. 

2026 and cybersecurity

Cybersecurity entered 2026 under stress to deploy AI tech while building foundations for a quantum future. Cybersecurity experts have to defend against advanced AI and hybrid attacks while facing talent scarcity, a rapidly shifting threat scenario, and rising operational challenges. 

It is the first time that hackers have access to the same advanced enterprise-level tech that security experts are using to defend their digital assets.

Is the convergence good or bad?

Organizations are in need of the transformational advantage that Quantum computing promises, however, it also risks affecting the cryptographic infrastructure that protects today’s digital world. Worse, cyber attackers are getting together and outbeating experts. 

Like experts, threat actors don’t mind playing the long game either, they gain initial access and stay hidden inside systems for longer periods of time. When the right opportunity arrives, they move laterally and hack important data that can affect operations, cause financial damage, and tarnish reputations.

So, what are these four key areas that businesses and users need to address or stay safe from?

1. System and skills problem

As per the ICS2 2025 report, 69% respondents suffered multiple cybersecurity breaches due to skill gaps. This is due to various factors such as budget constraints, misalignment in academia, and high enterprise demand.

2. Bug management shift to active exposure reduction

Hackers use GenAI to advance their attacks, scaling, and escape security experts. This reactive cycle delays response times, and gives just basic protection. What businesses need today is Continuous Threat Exposure Management (CTEM) approach that offers real-time visibility before flaws can be exploited. But the success depends on AI-based risk prioritization.

3. Advanced deepfake protection is the need of the hour

Reliability is the new attack vector. Deepfakes have plagued every digital aspect of human life. Traditional measures fail to address content due to AI, therefore AI-based protection is needed. Adaptive deepfake systems can address identity workflows and respond immediately to threats, flagging malicious activity and capturing attacks with detailed metadata for research and audit work.

4. Post-quantum protection 

Quantum computing is making strides in applicability; if sufficiently advanced, the systems can break public-key cryptographic systems in ransomware attacks such as RSA, where hackers extort millions. Hackers are already using the “harvest now, decrypt later” approach, stealing coded data with no promise of returning it. 

Thus, the National Institute of Standards and Technology (NIST) have advised to adopt post-quantum cryptography (PQC) and tracking quantum-vulnerable assets.

Read more »
User Safety
AI ChatGPT Cloud Data GenAI Internet Tech Technology User Safety

New ChatGPT Settings Will Improve User Privacy and Data Training


Almost everyone has used ChatGPT now. Sometimes we share our personal information and files with the Chatbot. 

Do not feed your personal info to AI bots

To be safe, users should avoid feeding personal data to the AI, as it can be misused, and there are thousands of cases now. Users at the receiver end can not do much except using multifactor authentication, and creating a strong password and using two-factor authentication. But users can be happy now that a new feature is available to individual ChatGPT users.

What is Advanced Account Security

The new feature is called Advanced Account Security, it aims to provide better security to your account and protect your data. The option is aimed for security-minded users like journalists, politicians, activists, and researchers. 

With better security, Advanced Account Security provides four setting standards. The first one requires using a passkey or physical security key to log in. The second one requires better tactics to recover an account besides SMS or email authorization. In the third setting, our active session with an AI chatbot is limited to restrict its exposure. The fourth setting protects your chats from AI misuse.

About new safety settings

1. Use passkeys to avoid unauthorized access. Advanced Account Security asks for signing in with a passkey. Users can set up either one or both, but will also have to create two authentication methods.

2. Two-factor authentication for securing your account will help in recovering lost data. However, SMS and Email authentication are vulnerable to attacks. Advanced Account Security disables these two methods, so users are sometimes helpless.

3. Try to shorten your login sessions. Longer sessions are more exposed to malware or cyberattacks.

4. Turn off AI training. ChatGPT uses your conversations for AI training and learns to be human. But this capability is a risk to user privacy.

Enterprise support soon

Advanced Account Security protects users in Codex  if they use it to make and fine tune their code. Currently, this feature is only available to paid and free ChatGPT users with their personal accounts. However, OpenAI has said it is planning to expand it to the enterprise public.

Advanced Account Security also protects you in Codex if you use it to develop and fine-tune your own code. For now, the feature is available to free and paid ChatGPT users with their own accounts. But OpenAI said it expects to expand it to the enterprise crowd.

Read more »
India
AI AI tools API Cloud systems Cyber Security data security Digital Platform India

India’s Cybersecurity Workforce Struggles to Keep Pace as AI and Cloud Systems Expand

 



India’s fast-growing digital economy is creating an urgent demand for cybersecurity professionals, but companies across the country are finding it increasingly difficult to hire people with the technical expertise required to secure modern systems.

A new study released by the Data Security Council of India and SANS Institute found that businesses are facing a serious shortage of skilled cybersecurity workers as technologies such as artificial intelligence, cloud computing, and API-driven infrastructure become more deeply integrated into daily operations.

According to the Indian Cyber Security Skilling Landscape Report 2025–26, nearly 73 per cent of enterprises and 68 per cent of service providers said there is a limited supply of qualified cybersecurity professionals in the country. The report suggests that organisations are struggling to build teams capable of handling increasingly advanced cyber risks at a time when companies are rapidly digitising services, storing more information online, and adopting AI-powered tools.

The hiring process itself is also becoming slower. Around 84 per cent of organisations surveyed said cybersecurity positions often remain vacant for one to six months before suitable candidates are found. This delay reflects a growing mismatch between industry expectations and the skills available in the job market.

Researchers noted that many applicants entering the cybersecurity workforce lack practical exposure to real-world security environments. Around 63 per cent of enterprises and 59 per cent of service providers said candidates often do not possess sufficient hands-on technical experience. Employers are no longer only looking for basic security knowledge. Companies increasingly require professionals who understand multiple areas at once, including cloud infrastructure, application security, digital identity systems, and access management technologies. Nearly 58 per cent of enterprises and 60 per cent of providers admitted they are struggling to find candidates with this type of cross-functional expertise.

The report connects this shortage to the changing structure of enterprise technology systems. Many organisations are moving away from traditional on-premise setups and shifting toward cloud-native environments, interconnected APIs, and AI-supported operations. As businesses automate more routine tasks, demand is gradually moving away from entry-level operational positions and toward specialised cybersecurity roles that require analytical thinking, threat detection capabilities, and advanced technical decision-making.

Artificial intelligence is now becoming one of the largest drivers of cybersecurity hiring demand. Around 83 per cent of organisations surveyed described AI and generative AI security skills as essential for future operations, while 78 per cent reported strong demand for AI security engineers. The findings also show that nearly 62 per cent of enterprises are already running active AI or generative AI projects, which experts say can create additional security risks if systems are not properly monitored and protected.

As companies deploy AI systems, the attack surface for cybercriminals also expands. Security teams are now expected to defend AI models, protect sensitive datasets, monitor automated systems for manipulation, and secure APIs connecting multiple digital services. Industry experts have repeatedly warned that many organisations are adopting AI tools faster than they are building security frameworks around them.

Some cybersecurity positions remain especially difficult to fill. The report found that almost half of service providers and nearly 40 per cent of enterprises are struggling to recruit security architects, professionals responsible for designing secure digital infrastructure and long-term defence strategies. Demand is also increasing for specialists in operational technology and industrial control system security, commonly known as OT/ICS security. These professionals help protect critical infrastructure such as manufacturing facilities, power systems, transportation networks, and industrial operations from cyberattacks.

At the same time, companies are facing growing retention problems. Around 70 per cent of service providers and 42 per cent of enterprises said employees are frequently leaving for competitors offering better salaries and career opportunities. Limited access to advanced training and upskilling programs is also contributing to workforce attrition across the sector.

The findings point to a larger issue facing the cybersecurity industry globally: technology is evolving faster than workforce development. Experts believe companies, educational institutions, and training organisations may need to work more closely together to create industry-focused learning pathways that prepare professionals for modern cyber threats instead of relying heavily on theoretical instruction alone.

With India continuing to expand digital public infrastructure, cloud adoption, fintech services, AI development, and connected industrial systems, cybersecurity professionals are expected to play a central role in protecting sensitive information, maintaining operational stability, and preserving trust in digital platforms.

Read more »
Vulnerability
AI Anthropic AI Claude Mythos Cloud Security Cyber Security Vulnerability

Cybersecurity Industry Split Over Impact of Anthropic’s Mythos AI

 





Advanced artificial intelligence systems are rapidly reshaping the cybersecurity industry, but experts remain sharply divided over whether the technology represents a manageable evolution in security research or the beginning of a large-scale vulnerability crisis.

The debate escalated after Anthropic introduced Claude Mythos Preview, an experimental version of its language model that the company says demonstrates unusually strong performance in identifying software vulnerabilities and handling advanced cybersecurity tasks. Concerned about the possible risks of releasing such capabilities broadly, Anthropic restricted access to a limited initiative known as Glasswing, allowing only a select group of organizations to test the system while the security community prepares for the implications.

Since the announcement, discussions across the cybersecurity sector have centered not only on the model’s technical abilities, but also on whether restricting access to it is realistic at all. Reports surfaced this week suggesting unauthorized individuals may already have accessed the Mythos preview, raising concerns that attempts to tightly control the technology may prove ineffective once similar capabilities become reproducible elsewhere.

The industry’s reaction has largely fallen into three competing schools of thought.

One group believes AI-driven vulnerability discovery could overwhelm existing security infrastructure. Supporters of this view warn that highly capable models may dramatically increase the speed at which attackers uncover exploitable weaknesses, potentially leading to widespread cyber incidents before defenders can respond effectively. Analysts aligned with this perspective argue that the cybersecurity ecosystem is already struggling to keep pace with current levels of vulnerability reporting.

A second group has taken a more operational approach, focusing on how organizations can defend themselves if AI-assisted exploit discovery becomes commonplace. This position has been reflected in work published through the Cloud Security Alliance, where hundreds of chief information security officers collaborated on guidance discussing defensive strategies. However, even within this camp, some security professionals have criticized Anthropic’s rollout process, arguing that patch management and vulnerability remediation are far more complex than the company appears to acknowledge.

A third camp remains skeptical of the broader panic surrounding Mythos. Researchers associated with AISLE argued that the model’s capabilities are not entirely unique because similar vulnerability discovery results can already be reproduced using publicly accessible open-weight AI models. In one cited example, researchers reportedly recreated a FreeBSD exploit demonstrated during the Mythos announcement using multiple open models, including systems inexpensive enough to operate at minimal cost. The finding suggests that moderately skilled attackers may already possess access to comparable capabilities independent of Anthropic’s platform.

This debate arrives as the cybersecurity industry is already experiencing a dramatic increase in vulnerability disclosures. The National Institute of Standards and Technology recently adjusted how it processes entries for the National Vulnerability Database after reporting a 263 percent increase in submissions between 2020 and 2025, including a sharp rise within the past year alone. The agency stated that it would prioritize only the most critical Common Vulnerabilities and Exposures entries for enrichment, highlighting how existing human review systems are struggling to scale alongside the growing volume of reported flaws.

Some experts believe artificial intelligence is already contributing to that acceleration, even before systems such as Mythos become widely available.

At the same time, defenders argue that existing security architectures still provide meaningful protection. Anthropic’s own findings reportedly acknowledged that while Mythos could identify vulnerabilities, it was unable to remotely exploit many of them because layered security controls prevented deeper compromise. This concept, commonly referred to as “defense in depth,” relies on multiple overlapping safeguards designed to stop attackers even if one weakness is discovered.

Despite disagreements over the severity of the threat, there is broad consensus that AI-assisted vulnerability discovery will continue advancing. The larger disagreement centers on how the software industry should adapt.

Some researchers argue that attempting to restrict access to advanced models through programs like Glasswing may ultimately fail because comparable capabilities are increasingly emerging in open-source ecosystems. Others believe the long-term answer may resemble principles already established in modern cryptography.

The discussion frequently references the work of 19th-century cryptographer Auguste Kerckhoffs, who argued that secure systems should remain safe even if attackers understand how they operate, except for protected keys or credentials. Over time, cybersecurity researchers have increasingly adopted a similar philosophy in software security, where openly scrutinized systems often become more resilient because flaws are exposed and corrected publicly.

Supporters of this approach believe AI could eventually force the software industry toward more rigorously tested open-source infrastructure. Under such a future, software components would face continuous AI-driven scrutiny before gaining widespread trust. However, experts also caution that this transition would be difficult because many companies still depend on proprietary code to protect intellectual property and maintain competitive advantages.

Another striking concern involves economics. Much of the modern internet depends heavily on open-source software, yet relatively few organizations financially contribute to securing and auditing the projects they rely upon. Although AI models may simplify vulnerability discovery, the computational resources required to run these systems remain expensive. Analysts warn that access to large-scale vulnerability analysis may increasingly depend on who can afford the computing power necessary to operate advanced models.

Some researchers fear this imbalance could create repeating cycles of major cyberattacks followed by emergency patching efforts before the industry temporarily stabilizes again. Recent supply chain attacks affecting widely used software tools have reinforced concerns that large-scale exploitation campaigns may become more frequent as AI-assisted discovery improves.

The sharp turn of events could also redefine the cybersecurity market itself. Companies specializing in vulnerability discovery may face mounting pressure as AI automates portions of their work. By contrast, vendors focused on remediation and layered defensive protections may see increased demand as organizations attempt to strengthen prevention measures and respond more rapidly to emerging threats.

For users and organizations heavily dependent on open-source software, the transition period may prove particularly difficult. However, some analysts remain cautiously optimistic that continuous scrutiny from increasingly advanced AI systems could eventually produce stronger and more resilient software ecosystems over the long term.

Read more »
Cyber Security
AI Artificial General Intelligence Cyber Risk Cyber Risk Management Cyber Security

Exposed by Design: What 1 Million Open AI Services Reveal About the Future of Cyber Risk

 

The rapid ascent of artificial intelligence, once heralded as the great accelerator of productivity, now casts a long and unsettling shadow, one that reveals not merely innovation, but a profound erosion of foundational security discipline. 

A recent large scale scan of internet facing AI infrastructure has uncovered a reality that is difficult to ignore. Over 1 million exposed AI services across more than 2 million hosts were identified, many of them operating with little to no protection, silently accessible to anyone who knows where to look. This is not a marginal oversight. It is a systemic condition, one that reflects how speed, ambition, and competitive pressure are quietly outpacing prudence. 

The Illusion of Progress: When Innovation Outruns Security 


For decades, the software industry painstakingly evolved toward secure by design principles, including authentication layers, least privilege access, and hardened deployments. Yet, in the fervour surrounding AI, many of these hard earned lessons appear to have been set aside. 

Organizations are increasingly self hosting large language models and AI agents, driven by the promise of efficiency and control. But in doing so, they are deploying systems that are, paradoxically, less secure than legacy software ever was. 

The result is a peculiar contradiction. The most advanced technologies of our time are often protected by the weakest defenses. 

Perhaps the most alarming discovery is deceptively simple. Many AI services have no authentication at all. Fresh installations frequently grant immediate, high level access without requiring credentials. This is not due to sophisticated bypass techniques or unknown exploits. It stems from defaults that were never hardened in the first place. In such environments, attackers simply walk through the front door. 

When Conversations Become Vulnerabilities 


Among the exposed systems were AI chat interfaces that inadvertently revealed complete conversation histories. In enterprise contexts, such data is far from trivial. These exchanges may contain internal operational strategies, infrastructure configurations, proprietary code snippets, and sensitive business queries. 

Even seemingly harmless prompts can, when combined, form a detailed map of an organization’s inner workings. The quiet intimacy of human and machine interaction, once considered private, is thus transformed into a potential intelligence goldmine. A deeper inspection of these systems reveals not isolated mistakes, but recurring design flaws. Applications are often running with elevated privileges. Credentials are sometimes hardcoded into deployment files. Containers are misconfigured and services are left exposed. AI agents operate without sufficient sandboxing. Within days of analysis, researchers were able to identify new vulnerabilities, including risks related to remote code execution, which highlights how immature much of this ecosystem remains. 

These are patterns that repeat across environments. Unlike traditional applications, AI systems often possess extended capabilities. They can execute code, interact with APIs, and manipulate infrastructure. 

When such systems are exposed, the consequences escalate dramatically. A compromised AI agent is not merely a data leak. It can become an active participant in its own exploitation. Weak sandboxing and poorly segmented environments further amplify this risk, allowing attackers to move from one system to another with alarming ease. 

In this sense, AI does not just introduce new vulnerabilities. It magnifies existing ones. This phenomenon does not exist in isolation. Across the cybersecurity landscape, AI is reshaping both offense and defense. Recent analyses indicate that the time required to exploit vulnerabilities has shrunk dramatically, often from years to mere weeks. AI generated phishing and malware are increasing in both scale and sophistication. Even individuals with limited technical expertise can now execute complex attacks. 

The exposed AI services are therefore part of a larger transformation in how cyber risk evolves. 

At the heart of this issue lies a cultural shift. Organizations today operate under relentless pressure to innovate, deploy, and iterate. In this race, security is often treated as a secondary concern rather than a foundational requirement. 

Developers focus on functionality. Businesses focus on speed. Security becomes something to address later, once the system is already live. The irony is difficult to ignore. The very tools designed to enhance efficiency are being deployed in ways that create inefficiencies of far greater consequence, including breaches, downtime, and reputational loss. 

Lessons from the Exposure: What Must Change 


If there is a singular lesson to be drawn, it is this. AI infrastructure must be treated with the same level of rigor as traditional systems, if not more. 

This requires secure default configurations, mandatory authentication and access controls, elimination of hardcoded secrets, proper isolation of AI agents, and continuous monitoring of external attack surfaces. Security cannot remain reactive. In an AI driven world, it must become anticipatory. 

Conclusion: A Turning Point, Not a Footnote 


The exposure of over a million AI services is a warning more than just headlines. It reveals a fragile foundation beneath a rapidly expanding technological landscape. If left unaddressed, these vulnerabilities will not remain theoretical. They will manifest as real world breaches, financial losses, and systemic disruptions. 

Yet within this warning lies an opportunity to pause, to reassess and to restore the balance between innovation and responsibility. In the end, the true measure of technological progress is how wisely we secure what we create.
Read more »
Subscribe to: Posts (Atom)