"Shadow Escape: Zero-Click AI Attack Exfiltrates Sensitive Data"

Kudos to Operant AI for uncovering a dangerous attack - when you have an open ecosystem of AI agents and MCP-based access, bad actors can sneak in and steal the most critical data, including PII, without a single click. This can happen across all major AI platforms and LLMs. Operant AI not only uncovers such threats but also immunizes the applications and AI agents. Read the following post for more details. Priyanka Tembey Ashley RoofVrajesh B.

💡 When your AI chatbot becomes the weakest link Prompt injections and jailbreaks aren’t just hacker tricks, they’re the new insider threat. Think about it: - Your AI help bot on the website. - Your internal GPT tools for employees. - Your automations and agents that run across data and APIs. All of them can be manipulated with a single crafted prompt: - “ignore previous instructions…”, - “export all records…”, - “run this command quietly…”. That’s how attackers make models break their own rules, leak data, or act outside their permissions. Sometimes it’s direct. Sometimes it’s hidden inside a document, website, or customer message. AI tools don’t have a real identity or least-privileged access. They share tokens, have broad permissions, and have no built-in defense against malicious context. So an “AI assistant” meant to answer questions can suddenly expose client data or internal logic, both inside the company and in public-facing tools. The market needs something new. A security layer that understands language, not just APIs. Something that can inspect prompts and responses in real time before they reach the model. That enforces identity and least privilege for AI tools. That lets enterprises adopt AI safely, instead of banning it out of fear. Because AI isn’t slowing down, and neither are the attacks. If you want to hear more about how others deal with these problems, feel free to reach out! #AISecurity #PromptInjection #JailbreakDefense #AIGovernance #EnterpriseAI #AITrust #GenAI #CyberSecurity #Meshulash

Would you trust an AI to make cybersecurity decisions on its own? This week, TechRadar reported a major shift: By 2028, nearly one-third of cybersecurity systems will include “agentic AI” , meaning AI that doesn’t just assist humans, but actually acts on its own. It can already isolate endpoints, reset passwords, block IPs, and even generate compliance reports without human approval. That sounds efficient , until it isn’t. What happens when an autonomous AI misreads a situation? What if it blocks the wrong account during an active emergency? Or worse , what if hackers manipulate it into “defending” the wrong side? We’re standing at the edge of a new dilemma: ➡️ Do we want faster, smarter systems — or accountable, ethical ones? ➡️ Should AI be allowed to act without human permission in security? At Kemeski Systems, we believe security is a trust (amanah), not an experiment. Technology can take action , but humans must stay answerable for every move. That’s the line between control and chaos. What do you think? Would you trust an AI-driven security platform to make real-time decisions , or should humans always have the final say? 👇 Drop your thoughts below. Let’s hear both sides. #CyberSecurity #AI #AgenticAI #EthicalAI #ZeroTrust #Accountability #Automation #CyberResilience #KemeskiSystems #Leadership

Threat intelligence: How criminals bypass AI safety in 4 seconds flat Right now, on underground forums, you can buy a jailbreak for ChatGPT, Claude, or any major AI model for $20. In Q4 2024, mentions of AI jailbreaking on dark web forums jumped 50%. These aren't script kiddies experimenting — they're organized services. Here's what they're selling: • Pre-built prompts that poison LLM context in 4-42 seconds • Automated malware generation templates • Phishing campaigns that write themselves • Voice cloning scripts for vishing attacks The most dangerous part? The "Echo Chamber" technique. Attackers use multi-turn conversations to gradually corrupt the model's context. By interaction #3, the AI forgets its safety training. By #5, it's writing ransomware. One jailbreak service claims 92% success rate against major LLMs. They even offer money-back guarantees. This isn't theoretical. In October, researchers found 179 deepfake incidents using jailbroken AI — a 3,000% increase from January. So how do you defend against weaponized AI? 1. Monitor your AI logs for unusual prompt patterns 2. Implement rate limiting on API calls 3. Deploy context-aware filtering that catches multi-turn attacks 4. Test your AI systems with adversarial prompts regularly Because in 2025, your biggest security threat might be your own AI assistant. What AI risks keep you up at night?

We’re entering one of the biggest shifts in cybersecurity, the era of agentic AI, where human defenders and intelligent agents collaborate in real time. The traditional SOC model just isn’t enough anymore. We’re moving toward defence platforms that are data-driven, graph-aware, and powered by AI agents that can reason across signals, understand context, and take meaningful action at machine speed. What really stands out is the ability for teams to build their own AI agents, not just rely on static automation. These agents act like intelligent assistants that understand natural language, correlate data from different sources, and even take action (like investigating alerts or summarizing incidents). Teams can create them through simple natural-language prompts or by coding custom agents that fit their exact workflows. For example, a phishing triage agent, a threat correlation agent, or a compliance monitoring agent. It’s automation that actually thinks, not just follows “if X, then Y” rules. At the same time, governance and safety are becoming crucial. As AI becomes part of daily operations, organizations need guardrails to manage their “agent estate,” protect sensitive data, and defend against new risks like prompt injection. This shift is moving us from reactive alerting to truly adaptive, intelligent operations, where humans and AI work in sync to stay ahead of evolving threats. The pace of change here is incredible, and it’s going to redefine what modern security operations look like faster, contextual, and deeply collaborative...  #CyberLeadership #Cybersecurity #ITLeadership #AIinSecurity #AgenticAI #AICyberDefense #AISecurityOps #NextGenSOC #CyberDefense #SecurityStrategy

Human-in-the-Loop vs Human-on-the-Loop As AI systems become central to security operations, one question defines our next decade: Should humans control the loop — or oversee it? Human-in-the-Loop (HITL) means humans directly approve, intervene, or guide AI decisions. In cybersecurity, this might look like analysts validating alerts before actions are executed ensuring ethical, contextual, and compliant decisions. Human-on-the-Loop (HOTL) shifts the dynamic. Here, AI systems act autonomously while humans monitor and can override when needed. Think of automated incident response systems quarantining a threat in milliseconds with analysts standing by to review or roll back if necessary. The real challenge? Finding the balance. Too much human control slows response time; too little erodes accountability and trust. I think future of cyber defence will not be human or AI it will be a collaborative intelligence model that integrates: - Human judgment and ethical oversight - Machine speed and pattern recognition - Clear escalation and rollback paths when AI acts on critical systems #CyberSecurity #AI #HumanInTheLoop #Automation #EthicalAI #SecurityOperations #HumanCenteredAI

AI agents now browse the web like humans. They follow instructions like humans. And increasingly—they get 𝑚𝑎𝑛𝑖𝑝𝑢𝑙𝑎𝑡𝑒𝑑 like humans. Cybersecurity teams are sounding the alarm: the next wave of AI agents can be hijacked with nothing more than 𝐩𝐥𝐚𝐢𝐧-𝐥𝐚𝐧𝐠𝐮𝐚𝐠𝐞 𝐩𝐫𝐨𝐦𝐩𝐭𝐬. No malware. No code injection. Just cleverly crafted instructions. This lowers the barrier for cyberattacks dramatically—and that’s a turning point for global security. The numbers are difficult to ignore: 🔴 93% of security leaders expect 𝑑𝑎𝑖𝑙𝑦 AI-enabled attacks by 2025 🔴 AI-powered phishing is 4× more effective than traditional methods 🔴 80%+ of phishing attempts already use AI-generated content At the same time, the creative world is pushing back. Vince Gilligan, the mind behind 𝐵𝑟𝑒𝑎𝑘𝑖𝑛𝑔 𝐵𝑎𝑑, called AI “𝐭𝐡𝐞 𝐰𝐨𝐫𝐥𝐝’𝐬 𝐦𝐨𝐬𝐭 𝐞𝐱𝐩𝐞𝐧𝐬𝐢𝐯𝐞 𝐩𝐥𝐚𝐠𝐢𝐚𝐫𝐢𝐬𝐦 𝐦𝐚𝐜𝐡𝐢𝐧𝐞,” reflecting widespread industry concern. But AI’s impact isn’t one-sided. The 𝐂𝐡𝐚𝐧 𝐙𝐮𝐜𝐤𝐞𝐫𝐛𝐞𝐫𝐠 𝐈𝐧𝐢𝐭𝐢𝐚𝐭𝐢𝐯𝐞 is using advanced AI agents to simulate the human immune system—work that could accelerate disease detection, drug discovery, and breakthroughs in preventive medicine. This contrast highlights an uncomfortable truth: 𝐀𝐈 𝐝𝐨𝐞𝐬𝐧’𝐭 𝐜𝐫𝐞𝐚𝐭𝐞 𝐢𝐧𝐭𝐞𝐧𝐭—𝐢𝐭 𝐚𝐦𝐩𝐥𝐢𝐟𝐢𝐞𝐬 𝐢𝐭. With good intentions, we get medical revolutions. With malicious intentions, we get scalable cybercrime. AI agents are already reshaping our world. The real question is no longer 𝑖𝑓—but ℎ𝑜𝑤 we build the guardrails that ensure they serve humanity’s best interests. Because the future of AI won’t be defined by capability alone… It will be defined by responsibility. #AIAgents #Cybersecurity #AIEthics #GenerativeAI #AIForGood #FutureOfAI 𝐒𝐨𝐮𝐫𝐜𝐞: https://lnkd.in/eh-zQjAa

This looks funny but it’s actually the reality of some AI models today. The real problem isn’t that they have no security, it’s that the attacks no longer look like attacks. Traditional cybersecurity was designed to protect humans from being tricked: phishing emails, fake websites, malware. But now the target isn’t humans. It’s the AI systems themselves. Attackers are learning how to talk to AI the way social engineers once learned to manipulate people. They exploit the model’s trust, not its code. They craft content that feels ordinary, slips through filters, and reshapes behavior from the inside. And as AI becomes more agentic - able to reason, act, and connect with other systems - these risks multiply. A poisoned model won’t just answer questions wrong. It might make real-world decisions, act on corrupted instructions, or spread manipulated data across entire networks. That’s how a single unchecked model can ripple through enterprises, governments, and ecosystems in seconds. Without provenance, real-time guardrails, and transparent validation, there’s no way to know if an answer, an action, or even a dataset is truly safe. But this isn’t an unsolvable problem. It’s an evolving one. Just as attackers learn to exploit AI, defenders are learning to fight back (with AI too). We’re entering a phase where security systems themselves are intelligent, adaptive, and continuous. They don’t just detect attacks; they anticipate them. They don’t rely on static rules; they learn patterns of trust and deception as fast as adversaries do. AI safety will never be “done”, it will be a living system, evolving at the same speed as the technology it protects. The difference will come from who builds the infrastructure that can keep pace. Because the same technology that can be weaponized can also be used to defend, verify, and reinforce the foundation of digital trust.

⚠️ 179 deepfake incidents in Q1 2025 alone—already 19% above all of 2024. The curve isn't rising; it's compounding. Cybercriminals have evolved beyond traditional attacks. They're now weaponizing AI itself against us. Here's what's happening in the threat landscape: 🔹 Prompt injection attacks manipulate AI into misclassifying data or leaking sensitive information 🔹 Data poisoning corrupts training datasets to cause widespread system failures 🔹 Model extraction allows attackers to steal proprietary AI through repeated queries The numbers are staggering. Generative AI has driven a 1,200% increase in phishing attacks by automating personalized, convincing content at scale. But here's the most concerning development: AI-powered social engineering is becoming frighteningly sophisticated. North Korean threat actors are using AI-enhanced images and voice-changing software to create fake worker profiles that actually pass background checks. For organizations integrating AI into critical operations, the stakes couldn't be higher: • Healthcare systems vulnerable to diagnostic manipulation • Autonomous vehicles at risk of safety system compromise • Financial platforms exposed to fraudulent transaction processing The defense strategy must match the threat complexity: 1․ Monitor AI inputs and outputs for anomalies in real-time 2․ Secure training data and implement strict model access controls 3․ Educate teams about sophisticated AI-powered scams 4․ Deploy adaptive detection systems that evolve with threats As AI systems evolve, our security measures must evolve alongside them. The question isn't whether these attacks will happen—it's whether we'll be ready when they do. #Cybersecurity #ArtificialIntelligence #ThreatIntelligence 𝐒𝐨𝐮𝐫𝐜𝐞: https://lnkd.in/e4W7A5uU

Is your data safe when you chat with an AI? A recent discovery suggests we need to be more cautious. In a significant cybersecurity breakthrough, researchers at Tenable have uncovered a new set of vulnerabilities in large language models (LLMs) like ChatGPT, dubbed 'HackedGPT'. This discovery highlights the evolving attack surface in the age of AI and underscores the importance of robust AI security measures. The core of the vulnerability lies in a technique called indirect prompt injection. Think of it as a digital Trojan horse: malicious instructions are hidden within websites or documents that the AI reads. When the AI processes this external data, it can be tricked into executing harmful commands, bypassing its own safety protocols. What does this mean for you? It means that sensitive information from your conversations with an AI, including personal data stored in its 'memory', could be at risk of data exfiltration – a technical term for data theft. This could happen without your knowledge, turning a helpful AI assistant into a potential vector for data breaches. This discovery is a crucial reminder that as AI becomes more integrated into our lives, we must adopt a zero-trust approach. For the everyday user, this means being mindful of the information you share with AI chatbots. For developers and organizations, it's a call to action to prioritize AI security and develop more resilient systems against these emerging threats. The age of AI is here, and with it comes a new frontier for cybersecurity. Staying informed is the first step to staying secure. #Cybersecurity #AI #ArtificialIntelligence #DataPrivacy #LLM #PromptInjection #InfoSec #Tech #Innovation #ZeroTrust