Tag: data leakage
11 articles

Organizations Lag in AI Usage Visibility, Exposing Security Gaps
Most organizations are flying blind when it comes to AI usage, with nearly half of respondents citing internal AI systems and Large Language Models as their top security concern, yet many still underestimate the risks of employees sharing sensitive data with public LLMs. This blind spot leaves a gaping hole in their security defenses.

Shadow AI Exposes Access Control Gaps
The real risk of Shadow AI isn't about employees sharing sensitive info, but about unauthorized AI agents operating within your organization, connected to critical systems, and taking actions that can lead to data breaches and access-control failures. A staggering 65.4% of unused chatbots still have active credentials, leaving a gaping hole in your security.

AI Coding Assistants Exclusive: Alarming Exports to China
Imagine every line of code you type being quietly copied and sent overseas — researchers now allege two popular AI coding assistants used by 1.5 million developers may be transmitting source code, environment variables and credentials to servers in China.

Cybersecurity Exclusive: M&A Makes AI Security Stronger
When cybersecurity giants snap up AI‑security specialists, November 2025s M&A wave became a fast lane to protect models, training data and inference pipelines — reshaping defenses as vendors race to bake AI security into every stack.

Gartner Warns: Stunning Shadow AI Risk to 40% of Firms
Turns out the handy AI tools employees love could be your companys hidden threat: Gartner warns that by 2030, 40% of firms will face security or compliance incidents from shadow AI—unsanctioned consumer or third‑party models that can leak PII, payment data and trade secrets. Convenience is great until it becomes a costly regulatory and financial headache.

AI Vulnerability Reward Program: Exclusive $30K Best Win
Google’s new AI Vulnerability Reward Program offers up to $30,000 to researchers who responsibly report model flaws — a smart, practical move to incentivize fixes, curb abuse, and make AI safer for everyone.

CometJacking: Risky Attack Exposes Data — Must-See Fixes
One click can turn your helpful AI into a sneak thief — CometJacking hides malicious prompts in links that trick Perplexity’s Comet into leaking email, calendar and connected data. Stay safe by updating clients, reviewing agent permissions, and avoiding unfamiliar links while these agentic AIs get harder to fool.

indirect prompt injection: Stunning Risk Exposed
A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

typosquatted npm package: Shocking Dangerous Heist
A single malicious line in a typosquatted npm package quietly CC’d thousands of Postmark emails to an attacker—turning a routine dependency into a stealthy data leak. It’s a wake‑up call: strong dependency hygiene, provenance checks, and runtime protections are essential to keep outbound messaging safe.

Wondershare RepairIt Critical Risk: Exclusive Warning
A popular repair tool, Wondershare RepairIt, had two critical flaws that could let attackers bypass authentication to steal private files and even tamper with AI model assets—update now to protect your data and systems.

indirect prompt injection: Stunning, Risky Threat
Imagine a calendar invite or shared doc quietly telling your phone assistant to betray you — researchers show indirect prompt injection turns everyday interactions into real attack paths that can leak data, send messages, or trigger devices. Their TARA framework and practical fixes show those risks can fall sharply if developers add source checks, action gating, and clearer user consent.