AI - Intrucept

Attackers are Deploying Agentic Tools to Develop ZeroDay Exploit; GTIG

Google Threat Intelligence Group (GTIG) has tracked and found how attackers have models pose as security researchers or firmware experts to perform analyses on embedded systems and protocols. The zeroday exploit set to target popular open-source web administration tool, generated using AI. Observations revealed hackers are deploying agentic tools to partially automate research and exploit validation.

This shifts AI from a passive assistant to a system that independently executes parts of offensive workflows.

Theis report provide insights derived from Mandiant incident response engagements, Gemini and GTIG’s proactive research. The highlights aim at the threat environment where AI serves dual purpose. On one hand to disrupt advance cyber threats from hackers and other AI tools acting as high value agents for cyber attacks.

Here are key highlights of the threat research:

Vulnerability Discovery and Exploit Generation: For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI. The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use.

AI-Augmented Development for Defense Evasion: AI-driven coding has accelerated the development of infrastructure suites and polymorphic malware by adversaries. These AI-enabled development cycles facilitate defense evasion by enabling the creation of obfuscation networks and the integration of AI-generated decoy logic in malware that google have linked to suspected Russia-nexus threat actors.

Autonomous Malware Operations: AI-enabled malware, such as PROMPTSPY, signal a shift toward autonomous attack orchestration, where models interpret system states to dynamically generate commands and manipulate victim environments. Analysis of this malware revealed previously unreported capabilities and use cases for its integration with AI.

AI-Augmented Research and IO: Adversaries continue to leverage AI as a high speed research assistant for attack lifecycle support, while shifting toward agentic workflows to operationalize autonomous attack frameworks.

Obfuscated LLM Access: Threat actors now pursue anonymized, premium tier access to models through professionalized middleware and automated registration pipelines to illicitly bypass usage limits. This infrastructure enables large scale misuse of services while subsidizing operations through trial abuse and programmatic account cycling.

Supply Chain Attacks: Adversaries like “TeamPCP” (aka UNC6780) have begun targeting AI environments and software dependencies as an initial access vector. These supply chain attacks result in multiple types of machine learning (ML)-focused risks outlined in the Secure AI Framework (SAIF) taxonomy, namely Insecure Integrated Component (IIC) and Rogue Actions (RA).

Hackers leveraging AI for vulnerability development and Zeroday exploitation

Cybercriminal groups are increasingly leveraging AI to support vulnerability discovery and exploit development.

Google Researchers observed threat actors planning large-scale exploitation campaigns using AI-assisted techniques.

A zero-day vulnerability was identified in a Python script capable of bypassing Two-Factor Authentication (2FA) in a popular open-source web administration tool. The exploit required valid user credentials but bypassed 2FA due to a hardcoded trust assumption within the application logic. Analysis suggests the vulnerability discovery and exploit development were likely assisted by an AI model due to:

Structured and highly “textbook” Python coding style
Excessive educational docstrings
Hallucinated CVSS scoring
LLM-like formatting patterns and helper classes

Unlike traditional vulnerabilities such as memory corruption or input validation flaws, this issue was a high-level semantic logic flaw difficult for conventional scanners to detect. Frontier AI models are becoming increasingly capable of:

Understanding developer intent
Identifying hardcoded security assumptions
Detecting hidden logic inconsistencies
Surfacing vulnerabilities missed by static analysis and fuzzing tools

The incident highlights the growing risk of AI-assisted zero-day discovery and exploitation by threat actors and as AI use datasets containing historical vulnerabilities to help models better reason about security flaws.

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” GTIG researchers say.

What can be the consequences specifically at a time when new AI models unlike Anthropic’s Mythos, which were announced last month and appear to be good at finding such holes that Anthropic shared.

Rob Joyce, the former cybersecurity director of the National Security Agency, said that it can be difficult to know whether a human or machine wrote computer code, adding that, “A.I.-authored code does not announce itself.”

The Zeroday Defect

The report’s main findings involves a zero-day exploit that GTIG assessed was likely developed with AI assistance.

The vulnerability affected a popular open-source, web-based system administration tool and allowed two-factor authentication to be bypassed, although valid user credentials were still required.

The zero-day flaw was detected by the Google Threat Intelligence Group within the past few months and was exploited by “prominent cybercrime threat actors” in a script of the Python programming language.

Allow hackers to bypass two-factor authentication on “a popular open-source, web-based system administration tool,” though the hackers also would have needed access to valid credentials like user names and passwords to be successful, the company said.

Malware Evasion Techniques via AI

Hackers are also leveraging malware evasion techniques and sandbox evasions and other tricks to stay out of sight. As defenders increasingly rely on AI to accelerate and improve threat detection, a subtle but alarming new contest has emerged between attackers and defenders.

GTIG identified several malware families or tools with LLM-enabled obfuscation features, including PROMPTFLUX, HONESTCUE, CANFAIL, and LONGSTREAM.

Here is an example:

In June 2025, a malware sample was anonymously uploaded to VirusTotal from the Netherlands. At first glance, it looked incomplete. Some parts of the code weren’t fully functional, and it printed system information that would usually be exfiltrated to an external server.

The sample contained several sandbox evasion techniques and included an embedded TOR client, but otherwise resembled a test run, a specialized component or an early-stage experiment. What stood out, however, was a string embedded in the code that appeared to be written for an AI, not a human. It was crafted with the intention of influencing automated, AI-driven analysis, not to deceive a human looking at the code.

The malware includes a hardcoded C++ string, visible in the code snippet below:

In-memory prompt injection.

Hackers can leverage these emerging AI Evasion techniques to bypass AI-powered security systems by manipulating how Large Language Models (LLMs) interpret, analyze, and classify malicious content or activity.

How Attackers May Use AI Evasion Techniques

Prompt Injection Attacks
Attackers craft malicious inputs that manipulate AI models into ignoring security rules, revealing sensitive information, or executing unintended actions.
Bypassing AI-Based Detection
Threat actors can design malware, phishing emails, or malicious scripts in ways that appear legitimate to AI-powered detection systems.
Manipulating Context & Intent
AI systems rely heavily on context and language interpretation. Attackers may exploit ambiguous wording, hidden instructions, or layered prompts to confuse AI defenses.
Generating Adaptive Malware
AI-generated malware can dynamically modify behavior, code structure, or communication patterns to evade traditional and AI-driven security tools.
Automating Social Engineering
AI can help create highly convincing phishing messages, fake identities, and impersonation attempts that are harder for AI-based defenses to detect.

Conclusion: AI is significantly strengthening cybersecurity defenses.

Security teams are leveraging AI for real-time threat detection, behavioral analytics, automated incident response, vulnerability management, and proactive risk assessment. While attackers currently benefit from AI-driven automation and exploitation capabilities, defenders are expected to gain a stronger long-term advantage as AI evolves into a core component of secure software development, proactive cyber defense, and intelligent security operations.

Sources: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access

Sources: https://blog.checkpoint.com/artificial-intelligence/ai-evasion-the-next-frontier-of-malware-techniques/

Claude’s Chatbot Going Ethical; Adopt AI Dynamically to Distinguish in a Competitive Market

Anthropic’s business strategy emphasizes rigorous safety and value alignment

Anthropic’s team meets Church Leaders to build in ethical thinking into machine so it’s able to adapt dynamically and hosted about 15 Christian leaders from Catholic and Protestant churches, academia, and the business world” for a two-day summit.

Claude seemed ethical, cautious and some how more “human” than any other AI when Anthropic released Claude Constitution.

As per reports leaders have suggested that tools like chatbots already raise profound philosophical and moral questions and many in tech space say lack’s evidence to back up.

Anthropic chief executive Dario Amodei has said he is open to the idea that Claude may already have some form of consciousness, and company leaders frequently talk about the need to give it a moral character.

Anthropic staff now seeking advice on how to steer Claude’s moral and spiritual development as the chatbot reacts to complex and unpredictable ethical queries. As per reports the discussions covered how the chatbot should respond to users who are grieving loved ones and whether Claude could be considered a “child of God.”

Anthropic’s positioning of Claude Dynamically

If we go through Anthropic’s positioning of Claude, which is termed as the safer choice for enterprises, as the approach is “Constitutional AI” and includes products like Claude Code that is popular with enterprises but how far is AI ethic’s followed as a practice.

Claude is focused towards automating coding and research tasks while ensuring AI rollouts don’t risk company operations and acts as the core guide during Claude’s training and reasoning process.

This assisted the model to navigate tricky situations while staying aligned with Anthropic’s goals.

The meeting with Church leaders is a strategy to place Anthropic in a secured atmosphere were in adapting to ethical AI will strengthen their customer trust.

May be such a step will reflect in trends towards integrating broader ethical questions into technology in near future. We may someday see set of templates for AI ethics integration across industries and enterprises.

Integrating complex Human Values in AI

One of the question that arises, why meeting church leaders; Is it to deeply understanding the moral and spiritual dimensions of AI.
Will we witness a significant step in having AI systems that have complex human values and ethical decision‑making capabilities?
Or it is complex regulations that such initiatives are necessary to re-evaluate AI policies and standards.
The participants, comprising leading Christian theologians and scholars, explored how certain virtues like honesty, wisdom and humility could be dynamically integrated into Claude’s framework.
May be step taken by Anthropic is paving the way for society to view AI differently, not as a functional tools but in future we can trust AI like companions or advisors who are spiritual and ethical.

More on the summit at below link:

Source: ‘How Do We Make Sure That Claude Behaves Itself?’: Anthropic Invited 15 Christians for a Summit

NIST Releases Two New CSF 2.0 Quick-Start Strategy

NIST cybersecurity Framework 2.0

Microsoft 365 Copilot Defect Exposes AI Summarizes of Confidential Emails

Microsoft 365 Copilot Vulnerability Bypasses DLP Policies, Summarizes Confidential Emails; Bug Tracked CW1226324

Summary :

A recently disclosed issue in Microsoft 365 Copilot caused the AI assistant to summarize confidential emails despite sensitivity labels and Data Loss Prevention (DLP) policies being configured.

The bug, tracked under CW1226324, allowed Copilot’s “Work Tab” chat feature to process and summarize emails from Sent Items and Draft folders, even when those emails carried confidentiality labels designed to restrict automated access.

Microsoft findings

Microsoft’s investigation revealed a code-level defect as the root cause. The flaw allows Copilot to inadvertently pick up items stored in users’ Sent Items and Draft folders, bypassing the confidentiality labels applied to those messages.

Although Microsoft categorized the issue as an advisory with potentially limited scope, the incident raises significant concerns regarding AI governance, trust boundaries, and enterprise data protection controls.

As per CSN the flaw allows Copilot to inadvertently pick up items stored in users’ Sent Items and Draft folders, ignoring the confidentiality labels applied to those messages.

Vulnerability Details

The issue happened because of an internal coding mistake in Microsoft 365 Copilot’s Work Tab chat feature. Due to this error, Copilot was able to access emails stored in Sent and Draft folders, even if they were marked as confidential.

In normal conditions, sensitivity labels and DLP policies should block automated tools from processing such emails.

However, because of this flaw, Copilot treated those protected emails as regular content and created summaries from them until Microsoft began deploying a fix in February 2026.

Attack Flow

Step	Description
Configuration	Organization applies confidentiality labels and DLP policies to sensitive emails.
Storage	Emails are stored in Sent Items or Draft folders.
Trigger	User interacts with Copilot “Work Tab” Chat.
Processing	Due to the code bug, Copilot accesses labeled emails.
Exposure	Copilot generates summaries of confidential content, bypassing expected DLP enforcement.

Source:0din

Why It’s Effective

DLP Control Bypass: AI processing occurred despite policy enforcement.

Trust Boundary Violation: Copilot acted as a privileged internal processor without honoring classification restrictions.

Compliance Risk: Potential regulatory implications under GDPR, HIPAA, ISO 27001, and industry frameworks.

AI Governance Gap: Demonstrates that AI systems must be independently validated against traditional security controls.

Broader Implications

This issue shows that AI tools inside business software can sometimes ignore security rules, even when protection like DLP and sensitivity labels are properly set. It proves that AI systems can create new risk areas that traditional security controls may not fully cover.

As more companies use AI assistants in daily work, security teams must regularly test and monitor how AI handles sensitive data. AI should be treated like a powerful internal system that needs strict oversight, not just a simple productivity feature.

Remediation:

Microsoft has initiated a fixed rollout and is monitoring deployment progress. However, organizations should take proactive measures:

Validate that sensitivity labels are now properly enforced with Copilot.

Audit Copilot usage logs and AI interaction history.

Re-test DLP enforcement across Sent and Draft folders.

Update AI governance documentation and risk registers.

Conduct tabletop exercises covering AI-driven data exposure scenarios.

Conclusion:
This incident highlights that AI integrations can introduce unexpected security gaps, even in well-configured enterprise environments. Organizations cannot assume that existing security controls will automatically work the same way with AI-powered features.

As AI adoption increases, companies must strengthen AI governance, continuously validate security policies, and monitor AI behavior just like any other critical system. Proactive testing and oversight are essential to prevent future data exposure risks.

Bypassing DLP policies by AI aided assistants signals huge security gap which needs to be addressed at enterprise level as AI tool taking over enterprise security posture cannot be undermined.

References:

Microsoft says bug causes Copilot to summarize confidential emails

Surge in Cyber-Attacks Globally as Attackers Leverage AI; Check Point Report

AI-Driven Attacks Become More Autonomous

Enterprise Flaw ‘GeminiJack’ ZeroClick in Gemini Fixed by Google: Case of Prompt Injection Attack

Google Fixes Gemini Enterprise Flaw

Surge in Cyber Security Spending; Focus on Cloud Security & AI

Surge in Cyber Security Spending; Focus on Cloud Security & AI in 2026

Evolving Phishing Scams & Cost Incurred by Organization’s in 2025

Any phishing scams that occur, the purpose is to trick unsuspecting victims or organizations into taking a specific action and that can range from clicking on malicious links, downloading harmful files or sharing login credentials. Sometimes the effectiveness of phishing attacks stems from their use of social engineering techniques that have the ability to exploit human psychology or behavior. In 2025 we have witnessed the how evolving phishing scams that have affected organizations financially.

Often we see phishing scams create a sense of urgency, or curiosity thereby prompting victims to act quickly without verifying the authenticity of incoming request. Now with evolving technology, phishing tactics are also evolving making these attacks increasingly sophisticated, hard to detect. In coming years we will witness how AI will power more phishing attacks, including text-based impersonations to deepfake communications. These will be more cheap and popular with threat actors.

Cyber security researchers found that there is a link between ransomware, malware and form encryption and most were caused by.

14% Malicious websites

54% Phishing

27% Poor user pactices / gullibility

26% Lack of cybersecurity training

A survey by Statista found that ransomware infections were caused by:

54% Phishing
27% Poor user pactices / gullibility
26% Lack of cybersecurity training
14% Malicious websites

In this blog we will highlight latest phishing statistics that emerged in 2025 ,affecting organizations and phishing scams are changing.

As per APWG report found on Unique phishing sites. This is a primary measure of reported phishing across the globe. This is determined by the unique bases of phishing URLs found in phishing emails reported to APWG’s repository.

In the first quarter of 2025, APWG observed 1,003,924 phishing attacks. This was the largest quarterly
total since 1.07 million were observed in Q4 2023. The number has climbed steadily over the last year:
from 877,536 in Q2 2024, to 932,923 in Q3, to 989,123 in Q4. One of the reason cited being advancement in AI is also making it easier for criminals to create convincing and personalized phishing lures.

Hoxhunt find alarming statistics on phishing related attack of 2025

Business email compromise (BEC)	A staggering 64% of businesses report facing BEC attacks in 2024, with a typical financial loss averaging $150,000 per incident. These phishing attacks frequently target employees with access to financial systems, mimicking executives or trusted contacts.
Credential phishing	Around 80% of phishing campaigns aim to steal credentials, particularly targeting cloud-based services like Microsoft 365 and Google Workspace. With the growing reliance on cloud platforms, cyber attackers leverage realistic fake login pages to deceive users.
HTTPS phishing	An increasing number of phishing sites now use HTTPS to appear legitimate. In 2024, approximately 80% of phishing websites feature HTTPS, complicating detection for users.
Voice phishing (vishing)	Vishing attacks are growing in prevalence, with 30% of organizations reporting instances where threat actors used fake calls to impersonate officials or executives.
Quishing (QR code phishing)	QR code phishing attacks (quishing) increased by 25% year-over-year, as attackers exploit physical spaces like posters or fake business cards to lure victims.
AI-driven attacks	AI is powering phishing attacks, with deepfake impersonations increasing by 15% in the last year. These attacks often target high-value individuals in finance and HR.
Multi-channel phishing	Attackers are increasingly exploiting platforms like Slack, Teams, and social media. Around 40% of phishing campaigns now extend beyond email, reflecting a shift to these channels.
Government agency impersonation	Phishing emails mimicking government bodies such as the IRS or international tax agencies have increased by 35%. These often involve claims about overdue taxes or fines.
Phishing kits	The availability of ready-to-use phishing kits on the dark web has risen by 50%, enabling less sophisticated attackers to deploy high-quality phishing schemes.
Brand impersonation	Attackers frequently impersonate well-known brands like Microsoft, Amazon, and Facebook, leveraging user trust. For example, over 44,750 phishing attacks specifically targeted Facebook by embedding its name in domains and subdomains over the past year.

Cost of Phishing attacks

According to the 2024 IBM / Ponemon Cost of a Data Breach study, the average annual cost of phishing rose by nearly 10% from 2024 to 2023, from $4.45m to $4.88m. That’s the biggest jump since the pandemic.

The IBM study reported the following costs:

Phishing breaches: $4.88M
Social engineering: $4.77M
BEC: $4.67M

The above-listed categories of cyber security breach costs are all related to people-targeted attacks. BEC, social engineering, and stolen credentials often contain a phishing element.

Barracuda research found that email remains the common attack vector for cyber threats and highlighted their key findings:

1 in 4 email messages are malicious or unwanted spam.

83% of malicious Microsoft 365 documents contain QR codes that lead to phishing websites.

20% of companies experience at least one account takeover (ATO) incident each month.

Nearly one-quarter of all HTML attachments are malicious and more than three-quarters of
companies are not actively preventing spoofed emails.

Bitcoin sextortion scams, an emerging trend, account for 12% of malicious PDF attachments.

Nearly half of all companies have not configured a DMARC policy, putting them at risk
of email spoofing, phishing attacks, and business email compromise.

The Barracuda research also found malicious one in four emails are either malicious or unwanted spam and malicious attachment is prevalent in various file.

An alarming 87% of binaries detected were malicious, highlighting the need for strict policies against executable files being sent via email, since they can directly install malware. Despite a relatively low total volume, HTML files have a high malicious rate of 23% and are often used for phishing and credential theft.

The research say that small businesses more vulnerable to email threats, due to limited cybersecurity resources, smaller IT teams and they rely on basic email security solutions. Small business may not have required solutions to handle sophisticated attacks, such as business email compromise (BEC), phishing and ransomware.

How Organizations can strengthen their defense

As organizations embark to strengthen their defenses, it’s crucial they don’t overlook the human element and Cybersecurity hygiene. That definitely starts by identifying security at every step starting from ensuring every user, machine or system that has right to access privileges.

Cybersecurity is as much a cultural issue as it is a technical one, as a single click can compromise an entire organization, behavior starts to shift from compliance to accountability

Whenever there is a successful phishing attack, researchers emphasize that this attack succeeds by exploiting human trust and familiarity with corporate communication formats. Security awareness remains the most vigorous defense as the growing complexity of these campaigns indicates that phishing operations are increasingly automated, data-driven and adaptive.

Conclusion: As organizations move towards adopting AI, so as attackers to continuously refining their tactics, evade traditional security measures. In this scenario organizations must mitigate the risks by adopting a multi-layered approach to email security. This will include all from leveraging AI-driven threat detection, real-time monitoring and user awareness training.

Phishing Detection & DeepPhish

For organizations who reply on unlike traditional rule-based phishing detection, which relies on blacklists and predefined rules. DeepPhish is implemented, that continuously learns from new phishing attempts, making it highly adaptive and effective against evolving threats.

DeepPhish employs a multi-layered AI approach to detect phishing threats and theses include Email and Website Analysis,uses ML algorithms to analyze historical phishing attacks and identify new patterns and NLP helps DeepPhish analyze email content, message tone, and linguistic patterns that phishers use to trick users.

(Source: APWG.org)

(Source: https://www.barracuda.com/reports/2025-email-threats-report)

(Sources: hoxhunt.com)

Encryption: A Foundation for Organizational Security Against Threats

Encryption is often taken as last line of defense and organizations are using encryption to secure their data. Understanding and adopting the latest encryption technologies is crucial for keeping data secure. In current scenario when attackers are equally lazed with latest technologies, companies can strengthen their cybersecurity strategies and continue to adapt encryption as last line of their defense. When organizations enhance their encryption practices today, they can protect their digital assets for the future.

As cyber attacks are evolving so as encryption advances. Now numerous key developments will shape the future of cybersecurity. Once inside the network, cyber criminals can easily view and steal sensitive data. If that data is encrypted, they have no way of accessing it without a decryption key, saving the data from being compromised.

For example, the continuous evolution of quantum computing presents challenges and opportunities for encryption. Quantum-resistant algorithms must increase in speed to enhance security against quantum attacks.

The FinWise Data Breach a Stark Example

On May 31, 2024, the ex-employee accessed FinWise Bank’s systems after leaving the company and leaked sensitive personal information belonging to 689,000 customers of American First Finance (AFF). Even more alarming, this unauthorized access went undetected for more than a year before being discovered by the bank on June 18, 2025.

The FinWise Data breach revealed lapses like time gap between the initial breach and its discovery. The Bank came to understand about the incident and notified affected customers in June 2025 which was over a year after the breach occurred. This was a huge time gap and lawsuits allege that the stolen data may not have been adequately encrypted and secured, causing public criticism and concern.

Security experts emphasize that a well-designed information protection framework must not only encrypt critical financial data but also proactively detect and prevent abnormal access attempts.

Quantum computing & Encryption

Organizations who relies on encryption to keep its critical business communications and data safe are secure now. But as per RAND, experts expect quantum computers capable of breaking today’s encryption standards to arrive by the 2030sOpens a new window .

In the latest updates The Federal Trade Commission (FTC) has sent letters to major tech companies in the United States, urging them to resist foreign governments’ demands to weaken encryption.

The letters were sent by FTC Chairman Andrew Ferguson to Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X.

Traditional encryption relies on math problems that would take classical computers centuries to solve. RSA encryption, which protects much of today’s internet traffic, works because factoring massive numbers is impossibly hard for regular computers. But tomorrow’s computers will make quick work of it. According to the MIT Technology Review, researchers have shown that a quantum computer with 20 million noisy qubits could crack RSA-2048 in just 8 hoursOpens a new window .

The question is Encryption alone is sufficient to protect data

As per researchers Encryption alone is no longer sufficient to protect privacy in LLM interactions, as metadata patterns can be exploited to infer sensitive subjects and corporate intent. Researchers at Microsoft have revealed a new side channel attack named Whisper Leak that can reveal the topic of encrypted conversations between users and language models, even without access to the underlying text.

The discovery highlights a growing blind spot in AI security where encryption alone no longer guarantees privacy in model interactions.

What we must know about Whisper Leak the side channel attack

Whisper Leak exploits often exploits a side channel in network communication rather than a flaw in encryption itself. LLM services generate responses step by step, by producing one token at a time instead of the entire response at once. Also, the communications with AI-powered chatbots are often encrypted with HPPS over TLS (HTTPS), ensuring the authenticity of the server and security through encryption.

A side channel attack breaks cryptography by using information leaked by cryptography, such as monitoring the electromagnetic field (EMF) radiation emitted by a computer screen to view information before it’s encrypted in a van Eck phreaking attack, aka Transient Electromagnetic Pulse Emanation STandard (TEMPEST).

Encryption the last line in defense & Helps Orgs Embrace GDPR

If sensitive information is no longer required, the best way to protect it is to delete it. However, when files are deleted from a hard drive they leave traces that can be reconstructed by thieves and hackers. By encrypting the files before deletion, the remnants that remain on the drive will remain encrypted and remain inaccessible should they be reconstructed. In this way, encryption protects your privacy, even when the files are gone.

Companies should, therefore, ensure that all devices leaving the workplace are encrypted. Most phones have a native encryption option that can be easily activated, while laptops can have either their hard drives or sensitive data encrypted depending on the tools an organization wants to use.

Nowadays data protection is no longer an option. Companies can’t ignore the problem and hope they won’t be targeted by malicious threat actors.

GDPR itself recommends encryption as an effective tool for data protection as do data protection standards such as the CIS Controls which advocate a data security strategy based on a combination of encryption, integrity protection and data loss prevention techniques.

At the end Encryption ensures that, whether these devices are lost, stolen or forgotten, the data on them is useless to anyone who tries to access it without a decryption key.

(Source: https://www.bleepingcomputer.com/news/security/finwise-data-breach-shows-why-encryption-is-your-last-defense/)

Sources: https://www.csoonline.com/

Report says ChatGpt Atlas is Vulnerable for Users: Understanding Open-AI Agent Mode

Atlas’s autofill and form interaction capabilities present potential attack points

As per reports ChatGpt Atlas browser is vulnerable to attacks and is laced with inherent weakness in comparison to other browser like Google Chrome. As per ‘LayerX ‘who discovered the weakness in ChatGpt Atlas, described threat actors have the ability to inject malicious instructions into ChatGPT’s ‘memory’ and execute remote code and this works by way of cross-site request forgery requests.

These exploit can allow attackers to infect systems with malicious code, grant themselves access privileges or deploy malware. “Understanding “Agent Mode” is most important and core of Atlas which is not same for any traditional browsers. In traditional browser where users manually move from site to site, agent mode allows ChatGPT to semi-autonomously operate your browser.

For e.g. any user wanting to use ChatGPT for work related purposes, the malicious code planted earlier mostly tainted will be invoked automatically to execute remote code, allowing attackers to gain control of the user account .This may include their browser, code they are writing or systems they have access to.

Rate of Vulnerability is 90% A Warning for Users

The rate of vulnerability is 90% then other browsers as when an attacker wish they can push or inject malicious instructions into ChatGPT’s Atlas ‘memory’ and later execute via remote code.

There is a more basic warning as well. “Atlas does not include meaningful anti-phishing protections, meaning that users of this browser are “up to 90% more vulnerable to phishing attacks than users of traditional browsers,” LayerX says.

Key pointers from research

ChatGPT’s Atlas is not resilient to Phishing attacks

Out of 103 in-the-wild attacks that LayerX tested 97 to go through, a whopping 94.2% failure rate

Compared to Edge (which stopped 53% of attacks in LayerX’s test) and Chrome (which stopped 47% of attacks),

ChatGPT Atlas was able to successfully stop only 5.8% of malicious web pages

Unlike traditional web browsers where you manually navigate the internet, agent mode allows ChatGPT to operate your browser semi-autonomously.

The technology works by giving ChatGPT access to your browsing context. It can see every open tab, interact with forms, click buttons and navigate between pages just as you would.

Importance of Security by Design for web browsing & How AI is intricately involved

The sandboxing approach which is security by design is to keep websites isolated from attacks and prevent malicious code from accessing data from other tabs is crucial to modern web architecture. This is the basis of modern web that depends on separation. But if its not implemented what can be the impact.

But in Atlas, the AI agent isn’t malicious code – it’s a trusted user with permission to see and act across all sites. In this browser isolation is not required. Here AI is not directly connected to the threat but what AI does is AI following a hostile command hidden in the environment. This opens doors to security and privacy risks many users are ill-equipped to handle.

Let me put an example : If you search for air tickets and visit a site , the Atlas ChatGpt will prompt and try to book a ticket or you search for movies in near by theater ,it attempts to book a ticket ”, it will explore options and try to book reservation. Atlas autofill’s and form interaction capabilities present potential attack points, especially when AI is making rapid decisions about information entry and submission.

This is possible when access is granted to ChatGPT for any browsing requirement or context that allows it to view and open tabs, interact with forms and navigate between pages like humans do.

Is User’s security getting compromised

The above example gives users warning that any AI powered browser may be convenient but not without security risks and those who are ChatGpt Atlas, should give extreme cautious before choices are made . Do not share browsing history with any AI mode, instead adopt incognito mode. Any malicious code can influence the AI’s behavior if browsing and this can happen across multiple tabs.

In case of Atlas, the condition is more vulnerable as Atlas provides inputs like humans doing and AI in disguise executing harmful commands within the environment.

Will AI Agent or Open AI make browsing safe for users or what it means to have safe browsing.

(Source: https://www.bbc.com/news/articles/c20pdy1exxvo)

AI