AI Security
Cybersecurity innovations, AI-powered threat detection, responsible disclosure, and the defenders shaping the digital frontier.
31 articles
CSA's 2026 AI Cybersecurity Survey: 92% of Security Leaders Are Concerned About AI Agents
The Cloud Security Alliance surveyed 1,500+ security leaders for its 2026 report, finding near-universal concern about AI agent security alongside meaningful year-over-year progress in AI-powered defenses.
CrowdStrike, AWS, and NVIDIA Pick 35 AI Security Startups for Their 2026 Accelerator
Three of tech's heavyweights selected 35 AI-native security startups from hundreds of global applications for their prestigious 8-week cybersecurity accelerator announced March 24.
Cybersecurity Spending Tops $244 Billion in 2026 as AI Reshapes Defense
Gartner projects global information security spending will hit $244 billion in 2026, driven by AI-powered threats, cloud security at 28.8% growth, and post-quantum cryptography preparation.
Zenity Launches Guardian Agents at RSA 2026 for Real-Time AI Agent Security
Zenity's Guardian Agents platform brings continuous, real-time security to enterprise AI agents — detecting multi-step prompt injection and tool misuse across full interaction chains.
Google Cloud Launches an AI-Powered Agentic SOC With Mandiant Threat Intelligence
At RSAC 2026, Google Cloud unveiled an Agentic SOC where autonomous AI agents detect and respond to threats at machine speed, powered by Mandiant's frontline intelligence.
PwC's 2026 Threat Report: AI-Powered Identity Defense Is Outpacing the Attackers
PwC's Annual Threat Dynamics 2026 shows how security teams are deploying AI-powered identity defenses to counter automated attack tooling — and the defensive tools are keeping pace.
Microsoft Brings Zero Trust to AI Agents With Agent 365 and New Framework
Microsoft unveils Zero Trust for AI and Agent 365 at RSAC 2026, giving enterprises unified visibility, shadow AI detection, and governance over AI agents at scale.
Agentic AI Defense Dominates the 2026 Cybersecurity Excellence Awards at RSA
The 2026 Cybersecurity Excellence Awards at RSA crowned AI security as its most competitive category, recognizing purpose-built tools for governing and protecting autonomous AI agents.
CrowdStrike Expands Falcon Platform to Secure Autonomous AI Agents
CrowdStrike announces Falcon expansion at RSAC 2026 with AI Runtime Protection, Shadow AI Discovery, and data security for GenAI tools across enterprises.
Cisco Releases DefenseClaw: Open-Source Framework for Securing AI Agents
Cisco unveils DefenseClaw at RSAC 2026, an open-source framework that scans AI agents for vulnerabilities across MCP tools and can quarantine threats in 2 seconds.
Sysdig Catches Langflow AI Platform Exploitation Within 20 Hours of Disclosure
Attackers reverse-engineered exploits for CVE-2026-33017 in Langflow within 20 hours of the advisory, with no public PoC available. Sysdig tracked 6 IPs across 48 hours.
An AI Agent Just Found Its First Critical CVE — XBOW Autonomously Discovers a 9.8-Severity Microsoft Vulnerability
XBOW, a fully autonomous AI penetration testing agent, independently discovered CVE-2026-21536, a critical RCE flaw in a Microsoft service — marking a milestone for AI-powered defense.
International Coalition Dismantles Four Record-Breaking IoT Botnets That Hijacked 3 Million Devices
The DOJ, Canadian, and German authorities take down Aisuru, Kimwolf, JackSkid, and Mossad botnets that powered 30+ Tbps DDoS attacks targeting hundreds of thousands of victims.
Perseus Android Malware Evolves From Cerberus to Steal Financial Data From Notes Apps
Security researchers discover Perseus, a Cerberus descendant that monitors note-taking apps for passwords and financial details, distributed through fake IPTV streaming apps.
GlassWorm Returns With a Second Wave — The Supply Chain Attack Expands From GitHub to npm Packages and VSCode Extensions
The invisible Unicode malware campaign that hit 151 Python repos has evolved, with security researchers detecting coordinated injections across npm, GitHub, and VSCode/OpenVSX extension marketplaces.
NVIDIA Open-Sources NemoClaw — A Security-First Stack for Deploying Autonomous AI Agents on Any Hardware
Built on the OpenClaw platform, NemoClaw bundles Nemotron models with sandboxed execution and privacy controls, enabling secure AI agent deployment from RTX laptops to DGX clusters.
GlassWorm Supply Chain Attack Hides Malware in Invisible Unicode Across 151+ GitHub Python Repos — Here's How Defenders Caught It
Security researchers at Aikido discover a novel attack using stolen tokens and invisible PUA Unicode characters to inject undetectable payloads into Django apps, ML code, and PyPI packages.
OpenAI's Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Vulnerabilities in Open-Source Projects
The AI-powered security agent discovers critical bugs in OpenSSH, Chromium, PHP, and GnuTLS during its research preview, with false positive rates dropping 50% over 30 days.
Europol Dismantles SocksEscort — A Global Botnet That Enslaved 369,000 Routers Across 163 Countries for Fraud
Operation Lightning takes down the SocksEscort proxy service, seizing 34 domains and freezing $3.5M in crypto after the botnet enabled millions in fraud through hijacked home routers.
Google Closes Its $32 Billion Wiz Acquisition — The Largest Deal in Google's History Reshapes Cloud Security
After a year of regulatory review, Google officially completes the all-cash acquisition of Wiz, which will join Google Cloud while maintaining multi-cloud security support.
Microsoft's March Patch Tuesday Fixes 2 Zero-Days and 79 Vulnerabilities — Including Critical Office Preview Pane Bugs
The March 2026 Patch Tuesday addresses 79 flaws across Windows, Office, and SQL Server, with two publicly disclosed zero-days and three Critical-rated remote code execution bugs.
Mandiant Founder Kevin Mandia Raises $190M for Armadin — An AI Security Startup That Hunts Threats Autonomously
After selling Mandiant to Google for $5.4B, Kevin Mandia is back with Armadin — an autonomous AI security agent platform backed by Accel, Google Ventures, and Kleiner Perkins.
OpenClaw's 'ClawJacked' Vulnerability Exposed 135,000 AI Agent Instances — And 820 Malicious Skills Were Hiding in Plain Sight
The fastest-growing GitHub repo in history faces its first security crisis as researchers find a critical WebSocket hijack flaw and hundreds of malicious marketplace skills.
Amazon Introduces Mandatory Senior Review for AI-Generated Code Deployments After Learning Hard Lessons
After incidents involving autonomous AI coding tools, Amazon now requires senior manager sign-off before junior engineers can deploy AI-assisted code to production environments.
Claude AI Discovers 22 Security Vulnerabilities in Firefox in Just 14 Days — Ushering In AI-Powered Bug Hunting
Anthropic's Claude Opus 4.6 found 22 CVEs in Firefox during a two-week audit with Mozilla, including 14 high-severity flaws that traditional fuzz testing had missed.
NIST Launches the AI Agent Standards Initiative to Get Ahead of Autonomous AI Security Risks
With 83% of organizations planning to deploy agentic AI but only 29% security-ready, NIST is building guardrails before the first major incident forces reactive regulation.
Pakistan-Linked APT36 Floods Indian Government Networks With AI-Generated 'Vibeware' Malware
Bitdefender reveals a nation-state campaign using AI coding assistants to mass-produce disposable malware in 12+ languages, overwhelming defenders with sheer volume.
Google's Threat Analysis Group Exposes 'Coruna' — An iOS Exploit Kit Packing 23 Zero-Day Vulnerabilities
Google TAG reveals a sophisticated commercial spyware vendor using a chain of 23 previously unknown iOS exploits to compromise iPhones without user interaction.
An AI-Powered Attacker Just Breached 600+ FortiGate Firewalls Using Automated Exploit Chains
Security researchers trace a mass exploitation campaign against Fortinet firewalls to an attacker using large language models to automate vulnerability discovery and exploit generation.
Push Security Ships Automatic Detection and Blocking for Malicious Browser Extensions
Push Security's new capability identifies and neutralizes known-malicious browser extensions before they can exfiltrate data or hijack sessions.
Federal Agencies Are Going All-In on AI for Cyber Defense — And the Results Are Already Showing
U.S. government agencies deploy AI-powered threat hunting and automated diagnostics as CISA's modernized defense strategy takes shape.