Skip to main content

Tag: data leakage

11 articles

Employees work at desks in a bright, open office space with a large blank screen on the wall.

Organizations Lag in AI Usage Visibility, Exposing Security Gaps

Most organizations are flying blind when it comes to AI usage, with nearly half of respondents citing internal AI systems and Large Language Models as their top security concern, yet many still underestimate the risks of employees sharing sensitive data with public LLMs. This blind spot leaves a gaping hole in their security defenses.

Analyst 207
Dusty, idle computer servers and network equipment in a dimly lit, abandoned server room.

Shadow AI Exposes Access Control Gaps

The real risk of Shadow AI isn't about employees sharing sensitive info, but about unauthorized AI agents operating within your organization, connected to critical systems, and taking actions that can lead to data breaches and access-control failures. A staggering 65.4% of unused chatbots still have active credentials, leaving a gaping hole in your security.

Analyst 207
AI Coding Assistants Exclusive: Alarming Exports to China

AI Coding Assistants Exclusive: Alarming Exports to China

Imagine every line of code you type being quietly copied and sent overseas — researchers now allege two popular AI coding assistants used by 1.5 million developers may be transmitting source code, environment variables and credentials to servers in China.

Analyst 207
Cybersecurity Exclusive: M&A Makes AI Security Stronger

Cybersecurity Exclusive: M&A Makes AI Security Stronger

When cybersecurity giants snap up AI‑security specialists, November 2025s M&A wave became a fast lane to protect models, training data and inference pipelines — reshaping defenses as vendors race to bake AI security into every stack.

Analyst 207
Gartner Warns: Stunning Shadow AI Risk to 40% of Firms

Gartner Warns: Stunning Shadow AI Risk to 40% of Firms

Turns out the handy AI tools employees love could be your companys hidden threat: Gartner warns that by 2030, 40% of firms will face security or compliance incidents from shadow AI—unsanctioned consumer or third‑party models that can leak PII, payment data and trade secrets. Convenience is great until it becomes a costly regulatory and financial headache.

Analyst 207
AI Vulnerability Reward Program: Exclusive $30K Best Win

AI Vulnerability Reward Program: Exclusive $30K Best Win

Google’s new AI Vulnerability Reward Program offers up to $30,000 to researchers who responsibly report model flaws — a smart, practical move to incentivize fixes, curb abuse, and make AI safer for everyone.

Analyst 207
CometJacking: Risky Attack Exposes Data — Must-See Fixes

CometJacking: Risky Attack Exposes Data — Must-See Fixes

One click can turn your helpful AI into a sneak thief — CometJacking hides malicious prompts in links that trick Perplexity’s Comet into leaking email, calendar and connected data. Stay safe by updating clients, reviewing agent permissions, and avoiding unfamiliar links while these agentic AIs get harder to fool.

Analyst 207
indirect prompt injection: Stunning Risk Exposed

indirect prompt injection: Stunning Risk Exposed

A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

Analyst 207
typosquatted npm package: Shocking Dangerous Heist

typosquatted npm package: Shocking Dangerous Heist

A single malicious line in a typosquatted npm package quietly CC’d thousands of Postmark emails to an attacker—turning a routine dependency into a stealthy data leak. It’s a wake‑up call: strong dependency hygiene, provenance checks, and runtime protections are essential to keep outbound messaging safe.

Analyst 207
Wondershare RepairIt Critical Risk: Exclusive Warning

Wondershare RepairIt Critical Risk: Exclusive Warning

A popular repair tool, Wondershare RepairIt, had two critical flaws that could let attackers bypass authentication to steal private files and even tamper with AI model assets—update now to protect your data and systems.

Analyst 207
indirect prompt injection: Stunning, Risky Threat

indirect prompt injection: Stunning, Risky Threat

Imagine a calendar invite or shared doc quietly telling your phone assistant to betray you — researchers show indirect prompt injection turns everyday interactions into real attack paths that can leak data, send messages, or trigger devices. Their TARA framework and practical fixes show those risks can fall sharply if developers add source checks, action gating, and clearer user consent.

Analyst 207