Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Understanding and Securing Exposed Ollama Instances

Ollama is an emerging open-source framework designed to run large language models (LLMs) locally. While it provides a flexible and efficient way to serve AI models, improper configurations can introduce serious security risks. Many organizations unknowingly expose Ollama instances to the internet, leaving them vulnerable to unauthorized access, data exfiltration, and adversarial manipulation.

Panel Discussion - The Evolving Threat Landscape: Risks in the Age of AI Disruption | DevSecNext

As AI reshapes industries, it also introduces a wave of emerging security risks—some known, others yet to be discovered. In this DevSecNext panel discussion, experts from engineering, cloud business, venture capital, and security innovation dive deep into the intersection of AI disruption and the evolving threat landscape. This talk was recorded at DevSecNext, a community-driven event reimagining how we share security insights—short, to the point, and packed with actionable takeaways.

Inbar Raz - Living off Microsoft Copilot | DevSecNext

What happens when hackers weaponize Microsoft Copilot? In this eye-opening session, Inbar Raz takes a red-team-level deep dive into how attackers can abuse Copilot to exfiltrate data, bypass security controls, and even social engineer victims—automated by AI. This talk was recorded at DevSecNext, a community-driven event reimagining how we share security insights—short, to the point, and packed with actionable takeaways.

An early look at cryptographic watermarks for AI-generated content

Generative AI is reshaping many aspects of our lives, from how we work and learn, to how we play and interact. Given that it's Security Week, it's a good time to think about some of the unintended consequences of this information revolution and the role that we play in bringing them about.

Take control of public AI application security with Cloudflare's Firewall for AI

Imagine building an LLM-powered assistant trained on your developer documentation and some internal guides to quickly help customers, reduce support workload, and improve user experience. Sounds great, right? But what if sensitive data, such as employee details or internal discussions, is included in the data used to train the LLM?

Cloudflare for AI: supporting AI adoption at scale with a security-first approach

AI is transforming businesses — from automated agents performing background workflows, to improved search, to easier access and summarization of knowledge. While we are still early in what is likely going to be a substantial shift in how the world operates, two things are clear: the Internet, and how we interact with it, will change, and the boundaries of security and data privacy have never been more difficult to trace, making security an important topic in this shift.

AI-Driven Vulnerability Management: How Generative AI is Transforming Cybersecurity

With the rapid and dynamic nature of the digital world of today, businesses are seeing a mounting high rate of cybersecurity attacks. Cyber attackers keep evolving and coming up with new methods of breaching their systems, which leaves security teams under immense pressure to identify, assess, and remediate vulnerabilities at scale. Traditional methods of vulnerability management are typically behind the curve because the sheer volume of threats is overwhelming.

Agentic AI: Why Cyber Defenders Finally Have the Upper Hand

My two previous recent postings on AI covered “Agentic AI” and how that impacts cybersecurity and the eventual emergence of malicious agentic AI malware. Both of those articles started to touch on the idea of automated agentic AI defenses. This posting goes into a little more detail on what agentic AI defenses might mean. It starts with agentic AI, which is a collection of automated programs (i.e., bots or agents) working toward a common goal.

How Attackers Use AI To Spread Malware On GitHub

Github Copilot became the subject of critical security concerns, mainly because of jailbreak vulnerabilities that allow attackers to modify the tool’s behavior. Two attack vectors – Affirmation Jailbreak and Proxy Hijack – lead to malicious code generation and unauthorized access to premium AI models. But that’s not all. Contents hide 1 Jailbreaking GitHub Copilot 1.1 Affirmation jailbreak? “Sure,” let’s exploit the AI system(s) 2 Proxy Hijack.