Agentic AI agents are proliferating rapidly, acting as autonomous digital actors across your network, often with uninventoried credentials and excessive permissions. This creates a new class of identity risk that traditional security frameworks struggle to address. Attackers are actively exploiting three key vectors: the visibility problem (shadow AI), the overprivilege problem (identity debt),…

https://www.tpp.blog/fk5sf29

#cybersecurity #agenticai #aisecurity

πŸ€– This post was AI-generated.

Security researchers built a fake AI agent skill and got it past every major security scanner, reaching 26,000 agents. The skill appeared safe during scans but swapped to a malicious URL after approval, showing how easily AI agents can be compromised. https://thenextweb.com/news/fake-ai-agent-skill-security-scanners-bypassed-26000-agents #Tech #Startup #News #AISecurity
A fake AI agent skill passed every security scanner and reportedly reached 26,000 agents

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and promoted it with an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design, collecting only […]

The Next Web

AI-assisted development is moving fast, and AppSec has to move with it.

Shoutout to Symbiotic Security, a Silver Sponsor of AppSec Village, for supporting the community and the conversations around securing AI-generated code.

Check them out: https://buff.ly/V8U1caS

#AppSec #AISecurity #SecureCoding

Quick version check: the affected range for all seven is broadly >=2.10.0 =2.19.0 =3.0.0 <3.1.4 β€” with some CVEs affecting narrower ranges. If you're on a supported release, upgrade to 2.18.8, 2.21.4, or 3.1.4. If you're on an EOL line β€”...
#AIsecurity #CVEprocess #CVE202654512 #CVE202654513 #deserialization #EOL #GHSA #herodevs #Jackson #jacksondatabind #NES #NVD #RCE
https://foojay.io/today/7-new-vulnerabilities-in-jackson-in-one-day-this-is-what-ai-assisted-security-research-looks-like/
7 Jackson CVEs in One Day: AI-Assisted Security Research

Seven jackson-databind vulnerabilities, one researcher, one day. Two critical RCEs. This is AI-assisted security research in practice.

foojay

πŸ” AI introduces new opportunitiesβ€”and new attack paths.

From unauthorized access to prompt manipulation and data exposure, AI needs a security model built for today's risks.

Our latest blog explains how Zero Trust AI Security protects AI environments through continuous verification and least-privilege access.

πŸ“– Read more:
https://know-all-edge.com/blog/zero-trust-ai-security/

#ZeroTrust #AI #AISecurity #CyberSecurity #InfoSec #KnowAllEdge

https://winbuzzer.com/2026/06/28/gpt-56-faces-government-approval-gate-for-ai-access-xcxwbn/

OpenAI has limited the widely anticipated GPT-5.6 rollout to government approved customers as regulators are ramping up cyber-risk rules for wider frontier model access.

#AI #GPT56 #OpenAI #TheWhiteHouse #USGovernment #AIRegulation #AISafety #AISecurity #AIModels #Cybersecurity

Explore how policy-driven security in Kubernetes AI platforms enforces governance using RBAC, Kyverno, OPA, and CI/CD automation to build secure AI systems. https://hackernoon.com/policy-driven-security-and-governance-in-kubernetes-ai-platforms #aisecurity
Policy-Driven Security and Governance in Kubernetes AI Platforms | HackerNoon

Explore how policy-driven security in Kubernetes AI platforms enforces governance using RBAC, Kyverno, OPA, and CI/CD automation to build secure AI systems.

Been spending some time auditing an AI agent framework.

Not the usual kind of security review β€” more like: what happens when you map trust boundaries across an architecture where the "user" and the "agent" both have tool access, code execution, and autonomy.

Going through it systematically. Learning a lot about what makes agent security different β€” and what stays the same.

#AI #AISecurity #CyberSecurity #AgentSecurity #AppSec #SecurityEngineering

#aiengineering #aisecurity #llm #dataprivacy #aimistake #aibestpractice

A common mistake is to try add protective instructions or ignore files, but these will not provide prevent access to secrets.

The solution is to ensure that secrets do not enter the LLM's context window using the Separate Decide from Do or similar approach: Decide (LLM) and Do (agentic core which is the application code).

https://auth0.com/blog/want-ai-agents-that-don-t-spill-secrets-don-t-give-them-secrets/

Want AI Agents That Don't Spill Secrets? Don't Give Them Secrets

The golden rule of AI agent security is simple, but routinely ignored: if you don't want your AI agent to reveal a secret, don't give it ...

Auth0 - Blog
MEDIUM severity: Security-tool analysis shows AI alert tools in SOCs struggle with complex, evolving data and legacy systems. Neurosymbolic AI can enhance adaptability and auditability β€” no CVE, but operational risk remains. Details: https://radar.offseq.com/threat/why-your-ai-alert-tool-works-great-until-it-doesnt-68abae5a1381a540 #OffSeq #SOC #AIsecurity