Blog

OpenAI wants AI to fix vulnerabilities, not just find them

OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to support vulnerability discovery and remediation. Organizations can use the initiative to identify, validate, and fix software vulnerabilities, while developers, maintainers, and security teams can use its tools to strengthen defensive security capabilities. Codex Security scan (Source: OpenAI) Codex Security targets remediation bottlenecks Advances in vulnerability discovery are exposing more issues, increasing the pressure on … More → The post OpenAI wants AI to fix vulnerabilities, not just find them appeared first on Help Net Security.
http://news.poseidon-us.com/TT9VzV

F5 launches AI Security Platform to uncover and secure shadow AI

F5 has introduced the F5 AI Security Platform to give CISOs continuous visibility, governance, and protection across enterprise AI applications, models, agents, and the APIs connecting them. F5 also announced the acquisition of SurePath AI, as a key component in the launch of the new F5 AI Security Platform to safeguard enterprise AI deployments. Through a continuous, adaptive loop approach to governing, discovering, testing, and protecting enterprise AI workloads, the new platform is designed to … More → The post F5 launches AI Security Platform to uncover and secure shadow AI appeared first on Help Net Security.
http://news.poseidon-us.com/TT9VyX

Phishing hides in routine Microsoft 365 workflows

Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what looks like a normal group addition, internal update, shared resource, or calendar item before being pushed toward an action,” said Daud Jawad, Security Engineer on Fortra’s Intelligence & Threat Management team. The attack begins when … More → The post Phishing hides in routine Microsoft 365 workflows appeared first on Help Net Security.
http://news.poseidon-us.com/TT9SlH

A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security

A research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the underlying AI model fixed and improves only an external “playbook” that tells the agent how to work. One result stands out for anyone buying security tools. An open-source model running an evolved playbook found real vulnerabilities at a higher rate than OpenAI’s commercial Codex … More → The post A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security appeared first on Help Net Security.
http://news.poseidon-us.com/TT9MMW

Residential proxy SDKs are hiding in LG and Samsung smart TV apps

Smart TVs in living rooms run small apps that show fish tanks, clocks, solitaire games, and slideshows of puppies. A share of those apps can also send other people’s internet traffic out through the home connection. Spur Intelligence scanned 6,038 apps across LG webOS and Samsung Tizen and found 2,058 that contain residential proxy software. On LG webOS, 42.5 percent of apps carried such code. On Samsung Tizen, the rate was 26.9 percent. Across both … More → The post Residential proxy SDKs are hiding in LG and Samsung smart TV apps appeared first on Help Net Security.
http://news.poseidon-us.com/TT9MMP

Free, no-signup World Cup streams serve scams instead of football

Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors through a chain of advertising pages designed to generate revenue for their operators. Fake World Cup streaming website (Source: Malwarebytes) “We’ve identified more than 40 websites that are effectively identical. They use different World Cup-themed names, but behind the scenes they’re running the same page template, the same code, and … More → The post Free, no-signup World Cup streams serve scams instead of football appeared first on Help Net Security.
http://news.poseidon-us.com/TT9MLP

Only 7% of companies are ready for the AI agents they deployed

Most organizations now run or pilot AI agents that operate on company data with limited human direction at each step, a share that reaches 88% in Veeam Software’s Data and AI Trust Gap report. The systems that are supposed to keep an eye on them have not caught up. That gap is the heart of the report. Most executives say their data problems are already holding their AI back. The issues are familiar ones: data … More → The post Only 7% of companies are ready for the AI agents they deployed appeared first on Help Net Security.
http://news.poseidon-us.com/TT9K9q