6 Lessons Security Leaders Must Learn About AI and APIs

Most organizations treating AI security as a model problem are defending the wrong layer. Security teams filter prompts, patch jailbreaks, and tune model behavior, which is all necessary work, while the actual attack surface sits largely unexamined underneath. That surface is the API layer: the...

Breach Highlights AI and API Vulnerabilities in Software Supply Chains

...

The insider’s guide to Black Hat 2025

Cut through 100+ talks to find what matters: AI vulnerabilities, cloud attacks, and where to grab drinks...

MCP Inspector < 0.14.1 Remote Code Execution

According to the self-reported version number, the version of MCP Inspector hosted on the remote is affected by a Remote Code Execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. This detectio...

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...

New Reports Uncover Jailbreaks, Unsafe Code, and Data Theft Risks in Leading AI Systems

Various generative artificial intelligence GenAI services have been found vulnerable to two types of jailbreak attacks that make it possible to produce illicit or dangerous content. The first of the two techniques, codenamed Inception, instructs an AI tool to imagine a fictitious scenario, which...

DeepSeek Failed Over Half of the Jailbreak Tests by Qualys TotalAI

A comprehensive security analysis of DeepSeek 's flagship reasoning model reveals significant concerns for enterprise adoption. Introduction DeepSeek-R1, a groundbreaking Large Language Model recently released by a Chinese startup, DeepSeek, has captured the AI industry’s attention. The model...

API Security’s Role in Responsible AI Deployment

By now, you will almost certainly be aware of the transformative impact artificial intelligence AI technologies are having on the world. What you may not be aware of, however, is the role Application Programming Interfaces APIs are playing in the AI revolution. The bottom line is that APIs are...

Secure Your Generative Investments: Qualys Advances Enterprise TruRisk Platform with Qualys TotalAI to Protect Your LLM Investments

Artificial intelligence AI and large language models LLMs are reshaping industries, streamlining enterprise operations, and fueling unprecedented innovation. However, as adoption accelerates, so do the associated risks. While 70% of enterprises plan to deploy LLMs in production within the next 12...

Fedora 41 : chromium (2024-3a6f9ab958)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a6f9ab958 advisory. Update to 130.0.6723.58 High CVE-2024-9954: Use after free in AI Medium CVE-2024-9955: Use after free in Web Authentication Medium CVE-2024-9956:...

Introducing the Prompt Airlines CTF: Test Your AI Security Skills

Wiz is excited to announce "Prompt Airlines," a new cloud security Capture The Flag CTF event focused on AI vulnerabilities...

SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts

Wiz Research uncovers vulnerabilities in SAP AI Core, allowing malicious actors to take over the service and access customer data...

Report Uncovers Massive Sale of Compromised ChatGPT Credentials

By Deeba Ahmed Group-IB Report Warns of Evolving Cyber Threats Including AI and macOS Vulnerabilities and Ransomware Attacks. This is a post from HackRead.com Read the original post: Report Uncovers Massive Sale of Compromised ChatGPT Credentials...

Security Risks of AI

Stanford and Georgetown have a new report on the security risks of AI--particularly adversarial machine learning--based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI...

ChatGPT writes insecure code

Research by computer scientists associated with the Universite du Quebec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou...