Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As the adoption of generative AI (GenAI) accelerates across enterprises, one of the most promising applications emerges in customer support. GenAI enables automated responses, allowing businesses to engage in natural conversations with customers and provide real-time chat support. However, this convenience comes with inherent risks, particularly concerning data privacy.

The modern enterprise relies on hundreds of SaaS apps, email services, generative AI (GenAI) tools, custom apps, and LLMs, which often contain sensitive data. For too long, security teams have been forced to patch together point solutions for coverage across these channels, increasing their workloads and creating opportunities for sensitive data to slip through the cracks. This is precisely where Nightfall’s single-pane-of-glass solution comes into play: With Nightfall Sensitive Data Protection.

Since the discovery of CRIME, BREACH, TIME, LUCKY-13 etc., length-based side-channel attacks have been considered practical. Even though packets were encrypted, attackers were able to infer information about the underlying plaintext by analyzing metadata like the packet length or timing information. Cloudflare was recently contacted by a group of researchers at Ben Gurion University who wrote a paper titled “What Was Your Prompt?

It has been over a year and a half since the latest generative AI revolution descended upon the world. All IT markets have seen a wave of both new AI products, as well as AI-driven capabilities in existing products being introduced with a breakneck pace.

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples. “At work, you get a voicemail from your boss,” the BBB says. “They instruct you to wire thousands of dollars to a vendor for a rush project. The request is out of the blue. But it’s the boss’s orders, so you make the transfer.

We have been fantasising about artificial intelligence for a long time. This obsession materialises in some cultural masterpieces, with movies or books such as 2001: A Space Odyssey, Metropolis, Blade Runner, The Matrix, I, Robot, Westworld, and more. Most raise deep philosophical questions about human nature, but also explore the potential behaviours and ethics of artificial intelligence, usually through a rather pessimistic lens.

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better. I get asked a lot to comment on AI, usually from people who wonder, or are even a bit scared, about how AI can be used to hurt them and others. It is certainly a top topic everyone in the cybersecurity world is wondering about. One of the key questions I get is: How much worse will AI make cybercrime? The quick answer is: No one knows.

Nearly one third of all data breaches are caused by insiders. While you might immediately think of malicious insiders, like disgruntled or departing employees, insider risk can take numerous forms, including: From these examples alone, it’s easy to see just how prevalent insider risk really is. Whether it’s intentional or unintentional, insider risks often have the same consequences as external risks, including data leaks, data loss, noncompliance, and more.

Bugcrowd offers crowdsourced security testing through a community of white hat hackers. CyCognito offers automated discovery of an organization’s externally exposed attack surface. Combined, the two solutions allow for a comprehensive inventory of exposed assets to be included in the scope of bug bounties or pentests.