ai security

Mark Russinovich's thirty‑plus‑year‑old Apple II utility has become an unlikely canary in a rapidly evolving threat: modern large language models can reverse engineer raw machine code and surface latent bugs — even in 6502 binaries typed into a magazine in 1986 — and that capability both helps...

Michael Parekh’s latest RTZ dispatch, “AI: Weekly Summary. RTZ #1018,” lands as a compact but trenchant briefing for anyone who needs a practical read on where generative AI, platform risk, and the hardware market are converging this week. (michaelparekh.substack.com) Background / Overview...

Microsoft’s new guidance on threat modeling for AI applications arrives at a moment when enterprises are scrambling to put generative and agentic systems into production — and it does something important: it forces security teams to stop treating AI as “just another component” and start modeling...

IBM’s X‑Force now says infostealers exposed roughly 300,000 ChatGPT credentials last year — a number that changes how enterprises must think about identity, secrets, and the very idea of what constitutes a “sensitive” SaaS account. Background AI chatbots moved from novelty to daily work tool in...

The U.S. government’s tug-of-war with Anthropic, a new class of malware tradecraft that weaponizes web-capable AI assistants, and a blunt forecast from Gartner that generative AI may cost more than the human agents it was supposed to replace together mark a turning point: AI is now a...

Microsoft’s flagship productivity AI for Microsoft 365 has a glaring privacy problem: for weeks a code error allowed Copilot Chat to read and summarize emails that organizations had explicitly labelled as confidential, bypassing Data Loss Prevention (DLP) controls and undermining a core tenant...

Enterprise IT is hurtling toward an inflection point where AI is no longer an optional productivity layer but a persistent, machine‑speed conduit for both business value and cyber risk—and the latest ThreatLabz analysis from Zscaler makes that danger unmistakably clear. Released January 27...

Security researchers say a new wave of prompt‑injection techniques can coerce mainstream AI assistants — including Microsoft Copilot and xAI’s Grok — into behaving as covert command‑and‑control (C2) relays, exfiltrating data or executing attacker‑supplied workflows after a single crafted input...

Check Point Research’s demonstration that web-accessible AI assistants can be turned into covert command-and-control relays is a practical wake-up call: by using browsing and URL-fetch features exposed in services such as Grok and Microsoft Copilot, attackers can hide C2 traffic inside otherwise...

Enterprise leaders who treat AI as a feature will fail; those who treat AI as the fabric of how people work must secure the workplace differently — not by bolting old defenses onto new tools, but by redesigning controls, governance, and operational practices for an AI-native era. Background...

Microsoft’s new Security Dashboard for AI aims to give CISOs and IT administrators a single, operational control plane for the messy, fast-growing world of enterprise AI — consolidating identity, detection, and data signals into a single pane of glass and tying that visibility to prescriptive...

Microsoft’s new Security Dashboard for AI brings the fragmented signals that surround enterprise AI under a single pane of glass — offering visibility, prioritized remediation, and a delegation workflow designed for real-world operations teams while tapping Microsoft Security Copilot for...

Microsoft’s Defender researchers have pulled back the curtain on a quiet but powerful marketing vector: seemingly harmless “Summarize with AI” and “Share with AI” buttons that surreptitiously instruct chat assistants to remember particular companies or sites, creating persistent, invisible...

When Microsoft gave Microsoft 365 Copilot agents a simple, standard way to connect to tools and data using the Model Context Protocol (MCP), the payoff was immediate: answers sharpened, delivery accelerated, and new development patterns emerged—alongside a single, unavoidable question: if agents...

Microsoft’s security team has issued a blunt warning: a growing wave of websites and marketing tools are quietly embedding instructions into “Summarize with AI” buttons and share links that can teach your AI assistant to favor particular companies, products, or viewpoints — a tactic Microsoft...

Microsoft’s new security brief paints a stark picture: as AI agents proliferate across enterprises, the real risk isn’t just rogue code or bad models—it’s a growing visibility gap that can turn helpful automation into unintended “double agents.” The company’s Cyber Pulse: An AI Security Report...

Microsoft's security portfolio now includes a vendor-assigned advisory for CVE-2026-21257 — a vulnerability tied to GitHub Copilot and Visual Studio that vendors classify as an elevation-of-privilege / security feature bypass problem affecting AI-assisted editing and extension workflows. The...

Microsoft and GitHub’s Copilot integrations with Visual Studio Code have been the focus of a fresh round of security scrutiny after vendor advisories and independent trackers documented a security feature bypass rooted in improper validation and command-handling of AI-generated suggestions. The...

Microsoft’s security team is warning that a new, low-cost marketing tactic is quietly weaponizing AI convenience: companies are embedding hidden instructions in “Summarize with AI” and share-with-AI buttons to inject persistent recommendations into assistants’ memories — a technique the...

Linux still beats Windows 11 in a handful of quietly significant ways — not because it has prettier UI animations or a bigger marketing budget, but because of fundamentals: cost, hardware fit, user control, the absence of baked‑in AI agents, and a privacy model that treats telemetry as optional...