Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. [...]

This week on Experts on Experts, I sat down with Sabeen Malik, Rapid7’s VP of Global Government Affairs and Public Policy, to discuss a shift security leaders can’t afford to treat as separate threads: frontier AI, vulnerability discovery, cybersecurity compliance, and operational resilience.

AI is changing how quickly vulnerabilities can be found, validated, and potentially exploited. At the same time, regulators, boards, and customers are asking for stronger proof that controls are working and risk is being reduced. Security leaders are being pushed to move at machine speed while proving the business is resilient.

AI vulnerability discovery is moving faster than security standards

Sabeen and I started with the policy question. Many of the systems security teams rely on today were designed for a slower era of human-led discovery. Vulnerability disclosure processes, scoring systems, prioritization frameworks, and regulatory expectations all assume organizations have time to assess, verify, and respond.

Frontier AI challenges that assumption. If models can help find and chain vulnerabilities faster, the industry needs stronger standards around verification, access, disclosure, and accountability. Access to powerful models matters, but access alone does not solve the governance problem. The bigger question is whether the ecosystem can responsibly validate, prioritize, and act on what these systems produce.

AI in cybersecurity must move from discovery to risk reduction

For defenders, faster discovery is only useful if it leads to faster action. Finding more vulnerabilities does not automatically make organizations safer. In many cases, it creates more noise for teams already under pressure.

The real challenge is exploitability. Security teams need to understand which risks are actually reachable, which issues matter most in their environment, and where action will reduce exposure fastest. That is where the shift from reactive security to preemptive security becomes critical. The goal is to use data, context, AI, and expertise to act earlier, not simply respond faster after something happens.

Cybersecurity compliance is becoming continuous

We also discussed how the compliance environment is changing. Organizations are no longer being asked to prove readiness once a year. Increasingly, they need to provide detailed evidence on shorter timelines across a growing set of regulatory and assurance requirements.

That creates a real challenge when evidence is collected manually or disconnected from live security operations. Leaders need to show what changed, what was fixed, who owns the response, and what risk remains. Static snapshots are no longer enough.

Cyber GRC connects security operations, risk, and compliance

One of the clearest themes from the conversation is that the future of security operations will be AI-driven, but human-led. AI can help teams move faster, surface what matters, and respond with greater scale and consistency. But governance, accountability, and judgment still matter.

That same principle applies to compliance. Security and compliance teams need live operational context, not disconnected reports. They need to connect what they detect, what they fix, and what they can prove.

Watch the full episode to hear our conversation on what this moment means for AI in cybersecurity, cybersecurity compliance, and resilient security operations:

⠀

From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.

The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek.

The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments.

The post Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk appeared first on SecurityWeek.

Context is the central plank of AI in general, and agentic AI in particular. If an AI system doesn’t have the correct context, it cannot make the correct decisions.

The post Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed appeared first on SecurityWeek.

MITSloan reports: The intelligence alliance of the United States, United Kingdom, Canada, Australia, and New Zealand, commonly known as Five Eyes, has raised concerns over rapidly advancing artificial intelligence, which can supercharge offensive hacking capabilities. In a three-page statement, the alliance called for urgent action to confront the threat. “Frontier AI models are anticipated to...

Source

Zack Whittaker reports: Anthropic may ask Claude users to verify their age and identity by uploading their government-issued documents, according to a new version of the company’s privacy policy. The AI giant says the move was to allow users to appeal having their account flagged for potentially fraudulent activity rather than outright banning them, but...

Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said.

The post Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says appeared first on SecurityWeek.

Named EmberAI, the new capability is built on Dragos’ massive operational technology cybersecurity dataset.

The post Dragos Unveils AI for OT Security  appeared first on SecurityWeek.

Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.

The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.

OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships.

The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek.

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. [...]

French President Emmanuel Macron urged the world’s wealthy democracies to work together on regulating advanced AI systems.

The post French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation appeared first on SecurityWeek.

The Senate Judiciary Committee approved a new bill this week that seeks to prevent unauthorized deepfakes of American artists, performers and public figures. While the bill sailed through a committee voice vote, both Senators and outside groups say they’re worried it could become a tool for the powerful to quash free speech. 

The NO FAKES Act, introduced by Sens. Chris Coons, D-Del., and Marsha Blackburn, R-Tenn., would give Americans near-exclusive rights to their own digital AI replicas, and those rights live on, passing to heirs, executors and estates for at least 70 years after an individual dies.

While living, creators would be able to essentially license their likeness and image to others, over 10-year contracts for adults and 5 years for minors.

It would also permit individuals to sue anyone who uses their AI-generated image without permission, and pay up to $750,000 for violations. Blackburn submitted letters of support for the bill from more than 40 groups, including the Screen Actors Guild – American Federation of Television and Radio Artists, the American Medical Association, Creative Artists Agency, the Broadcasters’ Associations and the Human Artistry Campaign.

“It is imperative that we put this national standard in place for voice and visual likeness protection of creators, to protect from proliferation of harmful AIgenerated deepfakes that are created without their consent,” said Blackburn in a Thursday markup of the bill.

The introduction of consumer-grade AI tools has made it trivial to create convincing deepfakes of real individuals and public figures. The harms are well documented: bad actors have used them to create nonconsensual pornography or sexualized media of people they know, create child sexual assault material (CSAM) , and blackmail or humiliate individuals.

Artists have faced real challenges in the AI era when it comes to controlling their digital likeness. Last year, the Better Business Bureau warned that its Scam Tracker had been flooded with complaints about AI-celebrity endorsement scams. These included  deepfakes of Oprah Winfrey promoting weight loss products, Kim Kardashian pleading for donations to fight California wildfires, and pop star Taylor Swift and celebrity chef Gordon Ramsay endorsing cookware.

In the political arena, candidates now create deepfakes of their political opponents, putting words into their mouths or placing them in embarrassing or humiliating situations. Online, disinformation actors have repeatedly spread AI-generated videos and images of politicians like Donald Trump, Kamala Harris, and even regional or local politicians saying or doing scandalous things.

The bill represents one of the most aggressive attempts by U.S. policymakers to protect the digital commercial rights of artists and public figures. New York, for instance, passed a law this month that requires film and television advertisers to publicize when they’re using deepfakes in ads, but does not create a similar copyright regime for artists’ likeness. A Tennessee law, The ELVIS Act, that prohibits the unauthorized use of an individual’s voice and likeness and creates secondary liability for large platforms that publish or distribute the content.

The NO FAKES Act faces opposition from an alliance of tech business and digital rights groups. They argue the bill  fails to balance the commercial rights of artists to control their own image with longstanding First Amendment constitutional rights to free speech and parody.

Amy Bos, vice president of government affairs at NetChoice, a trade association for online businesses, said that while her group supports legislation that prevents unauthorized AI generated deepfakes, “good intentions do not make good law.”

“As written, this bill creates a dangerous financial incentive for platforms to aggressively over-remove lawful content, burdens creators with an unworkable counter-notification system, and fails to deliver the uniform national standard its sponsors promised,” Bos said in a statement.

Many digital civil groups agree with that view. A broad coalition of policy groups – including the American Civil Liberties Union, the R-Street Foundation, the Center for Democracy and Technology, the Electronic Frontier Foundation and others – wrote to the Senate Judiciary Committee this week to urge members to oppose the bill in its current form.

They argued the current bill creates a “Heckler’s veto” over most online content, allowing artists, public figures and advocacy groups to flood the notification system with takedown requests for content they don’t like. Similar to a law already on the books, the Digital Millenium Copyright Act, virtually all the incentives in the bill push platforms to be overaggressive in taking down content, regardless of whether it violates the law or not.

This approach could end up quashing not just unauthorized ads but also scores of other likely First Amendment protected uses, such as education, humor, satire and parody.

In 2023, a humorous AI-generated image of Pope Francis in a puffy Balenciaga jacket went viral. Under the NO FAKES Act, the coalition says that post would be illegal for anyone to post until nearly 2100.

In the political arena, both Republicans like Trump and Democrats like California Governor Gavin Newsom have used AI deepfakes to skewer their political opposition.

“A law that undermines free expression will struggle to survive constitutional review,” the groups wrote. “In the meantime, it can do lasting damage, both to lawful speech and to the autonomy of the people it claims to protect. We urge the Committee not to advance the NO FAKES Act in its current form, to examine how existing state and federal law already addresses the legitimate harms the bill seeks to address, and to pursue narrowly tailored solutions only where a genuine gap remains. We would welcome the opportunity to assist.”

While the bill passed by voice vote and with broad support, multiple Republican and Democratic members of the committee said they had similar concerns and expressed a desire to continue tweaking the bill further before passage into law.

In the Senate meeting, Coons appeared to dismiss those charges, arguing that changes made to the bill ahead of markup adequately address any First Amendment concerns.

“I want to be clear, NO FAKES includes features that protect free speech,” Coons claimed. “Parody, satire documentaries, biopics, newscasts, they’re all protected and we built in appropriate counter notification processes and exempted research libraries and archives.”

The post Congress tees up No FAKES Act, aiming at AI-generated deepfakes appeared first on CyberScoop.

Tenet aims to detect and stop dangerous AI agentic behavior in real time.

The post Tenet Security Emerges From Stealth With $6 Million Seed Funding appeared first on SecurityWeek.

OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background. [...]

What we built, Fusion AI, runs at about a third the cost of a traditional external pentest, a human tester still signs off on every finding, and it is not here to replace anybody.
We have been hearing that one a lot. So when Melisa from our Business Capture team sat down with Brian Fehrman and me for this episode of AI Security Ops, she started with, “What is this thing you built, and is it the same hype everyone else is selling?”

The post Everyone’s Selling AI That Kills Pentesting. We Built One That Doesn’t. appeared first on Black Hills Information Security, Inc..

From defending networks to enabling attacks, artificial intelligence is changing every aspect of cybersecurity. Here's what dozens of experts say security leaders need to understand now.

The post AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask appeared first on SecurityWeek.

The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act. [...]

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]