Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review.

The company said it is moving further toward a risk-based disclosure approach, placing greater attention on issues under active exploitation or those considered more likely to be used in attacks.

“Cisco is actively leveraging advanced AI Models to accelerate finding vulnerabilities and driving remediation. Deploying these models into our security processes allows us to find and fix vulnerabilities at a pace previously unattainable,” said Russ Smoak, VP Information Security at Cisco.

Smoak also warned that defenders will not be the only ones using these tools. “At the same time, we recognize that adversaries will also take advantage of these evolving AI capabilities, increasing the urgency and complexity of cybersecurity defense,” Smoak added.

The approach also changes how lower-risk findings are disclosed. Cisco said some internally discovered issues that would previously have received standalone advisories may no longer be published separately.

Instead, the company plans to provide higher-level information about software releases containing security patches and direct customers to security-hardened versions. Additional details describing software changes made to address findings may be published after the initial release.

Detailed disclosures will continue for issues considered critical, findings under active exploitation, and vulnerabilities viewed as more likely to be exploited. Cisco added that its handling of third-party and open-source vulnerabilities will remain unchanged.

“Cisco will use our voice in the vulnerability disclosure space with the intent of driving pragmatic changes that help the industry align and scale to this expected increase in volume,” Smoak concluded.

from Help Net Security https://ift.tt/am2t9QM

Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of those harnesses can run.

OpenHack is a set of agents and tools that mimics how Hadrian’s research team performs automated vulnerability research. The workflow runs inside a coding harness or a custom runner, with durable state kept in plain files such as cloned source, recon items, scenario prompts, scenario results, finding candidates, triage decisions, findings, and logs. The harness supplies model execution, terminal access, repository access, and human-in-the-loop approval.

“We’ve been working on this for some time, but our discovery of critical vulnerabilities made it concrete. OpenHack’s effectiveness proves that security teams don’t need Mythos to find critical vulnerabilities,” said Rogier Fischer, CEO of Hadrian.

Checkpointed, scenario-first review

The operating model is built around a state machine over files. A command advances the run to the next durable state, an agent answers the prompt for that state, and a recorder command validates the answer before materializing new work. A human operator approves every phase transition, including expert scope before reconnaissance, scenario routing after recon, the scenario backlog after the router answers, and the finding-triage backlog after candidate creation.

The durable chain runs from recon item to routing unit, scenario, scenario result, finding candidate, and triage decision. Recon agents discover review surfaces such as routes, sinks, auth boundaries, upload paths, parser entrypoints, manifests, and admin areas. A scenario-router agent turns those surfaces into scoped scenarios. Expert agents then prove or reject each scenario, and an independent triage agent decides which verified candidates become final findings.

Twelve expert families aligned to OWASP and MITRE

The current registry defines 12 expert families as Markdown manifests, each declaring its id, category, ownership, standards, and routing signals. The set covers OWASP Top 10:2025 categories including Broken Access Control, Security Misconfiguration, Software Supply Chain Failures, Cryptographic Failures, Injection, Insecure Design, Authentication Failures, and Software or Data Integrity Failures. Additional families cover CWE-119 memory buffer errors, CWE-200 sensitive information exposure, CWE-22 and CWE-434 path traversal and unrestricted upload, and API4:2023 unrestricted resource consumption. SSRF is folded into Broken Access Control, matching the OWASP 2025 mapping of CWE-918 to A01:2025.

Optional enrichment with bundled Semgrep rules is available during the recon phase. Semgrep hits are treated as hints, with verified vulnerabilities required to come through the recorded scenario and triage chain.

OpenHack is available for free on GitHub.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!

from Help Net Security https://ift.tt/1ERi6Uy

Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers use shadow AI, compared with 31% of employees below decision-maker level.

Net Shadow AI use (Source: TrustedTech)

The data suggests that shadow AI is not mainly driven by junior employees experimenting with consumer tools. The people creating policies and overseeing teams appear to be some of the most active users of unapproved AI systems.

Employees continue using AI because they see practical value in it. Around 70% of respondents said AI tools have improved team performance, and more than half reported saving at least three hours a week through AI use.

Most respondents said they understand the risks associated with unapproved AI tools, including security and data privacy concerns. Employees continue using them because approved alternatives do not meet their needs or because organizations have not provided suitable options.

Around 14% of employees said they use AI tools at work without knowing whether those tools are approved by their employer. The number exceeds the share of respondents who said they never use AI at work.

“Organizations have been trying to control employee behavior, but what this data shows is that leadership teams are moving faster than the policies designed to guide them. When executives are using unapproved tools to move quickly, it creates a ripple effect across the entire organization,” said Julian Hamood, Founder of TrustedTech.

Senior employees are driving shadow AI use

Decision-makers were more likely than other employees to believe their organization monitors AI use. Some may avoid approved platforms because they do not want their activity tracked or connected to their name. For employees whose professional reputation depends on appearing knowledgeable and capable, visible AI usage can create concerns about how they are perceived.

The research showed differences between the US and UK. US employees reported slightly higher shadow AI usage, with more intensive use among workers who rely on these tools regularly. The study noted that US organizations often combine formal AI programs with informal workarounds inside the same workplace.

Workers are learning AI on their own

Differences in AI confidence and training exist between senior employees and the rest of the workforce. Nearly 78% of decision-makers said they felt confident using AI tools in their role, compared with 43% of employees below decision-maker level.

Self-learning was the most common source of AI knowledge, with workers relying on videos, blogs, and online resources more often than formal employer training. Employees below decision-maker level relied more on self-learning, while senior employees were more likely to receive structured training.

Around 44% of respondents believe their organization lacks training on how to use AI safely and securely.

Bans may not stop AI use

Restrictions alone may not prevent shadow AI use. Nearly one-third of employees said they would continue using AI tools even if workplace rules prohibited them and disciplinary action was possible.

Employees said they would likely turn to personal AI tools if organizations limited access because of higher software costs.

Download: The IT and security field guide to AI adoption

from Help Net Security https://ift.tt/8jvmAop

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise.

Earbud sensors can authenticate users by their heartbeat, study finds
Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal.

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday.

Communicating cyber risk in dollars boards understand
In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised.

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)
Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data.

Why AI changed the threat model for travel technology
In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology.

Deleted Google API keys keep working for up to 23 minutes, researchers warn
Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if Gemini is enabled, access uploaded files and cached conversations. The assumed fix is simple: delete the key. But Aikido Security has found that deletion doesn’t actually work right away.

Microsoft open-sources tools for designing and testing AI agents
Microsoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework.

AI red teaming agents change how LLMs get tested
Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source frameworks including Microsoft’s PyRIT, NVIDIA’s Garak, and Promptfoo.

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs.

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog.

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report.

PureLogs infostealer is stealing credentials worldwide
A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered.

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found.

AI is drowning software maintainers in junk security reports
AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems.

Attackers accessed, downloaded code from Grafana Labs’ GitHub
A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday.

The end of unencrypted Discord calls is here
Discord has protected voice and video calls in DMs, group DMs, voice channels, and Go Live streams with end-to-end encryption (E2EE) by default.

The AI backdoor your security stack is not built to see
Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from Microsoft and the Institute of Science Tokyo demonstrates that this defensive posture has a blind spot, and the cost of that blind spot could be measured in leaked proprietary data and regulatory exposure.

When ransomware hits, confidence doesn’t restore endpoints
Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security.

AI shrinks vulnerability exploitation window to hours
Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report.

Most dark web activity revolves around a handful of topics
A six-year dataset covering more than 25,000 dark web sites tracked what people discussed in underground forums and marketplaces and how those discussions changed over time.

Public Instagram posts provide raw material for AI phishing campaigns
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington and Louisiana State University showed how public social media activity can be turned into phishing messages that appear personal and credible to human recipients.

CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours or days after writing the code. CVE Lite CLI, now an officially recognized OWASP Incubator Project, moves that check to the developer’s terminal.

What happens when your identity provider becomes the kill chain
In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in behind you.

7 hard truths security pros should know: 2026 DevOps Threats Report
In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect.

Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin
Bitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, unsafe websites, and account exposure.

Cybersecurity jobs available right now: May 19, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: May 22, 2026
Here’s a look at the most interesting products from the past week, featuring releases from ASAPP, Babel Street, CTERA, Forward, Riverbed, and Trust3 AI.

from Help Net Security https://ift.tt/jG1lB7C

The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

from Schneier on Security https://ift.tt/KbWTijI

Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with a price tag that the security industry will have to reckon with.

The system, presented at Ekoparty Miami, pairs AI-driven static analysis with automated Docker provisioning and dynamic verification through Chrome DevTools MCP. It surfaced more than 300 critical zero-day vulnerabilities across the WordPress plugin ecosystem in 72 hours of scanning. Every finding was manually verified by the researchers and responsibly disclosed before publication.

The economics

The AgentForge orchestration dashboard logged roughly 222 million tokens consumed across 95 tasks during the campaign. Steven Yu, a threat research engineer at TrendAI, translated that to an average of about $20 per vulnerability discovered.

He qualified the number carefully. “This doesn’t mean you can easily find a vulnerability in any WordPress site for just $20,” Yu told Help Net Security. “It depends heavily on the security of the codebase. The WordPress ecosystem is extremely vast and complex, leading to highly variable code quality. In other frameworks or ecosystems, we might not see the same results at this cost threshold.”

The qualifier matters because WordPress plugins are an outlier. The ecosystem runs to more than a million plugins, many maintained by solo volunteers without security budgets, and the code quality reflects that. A hardened enterprise codebase would not surrender bugs at the same rate or at the same cost.
What is settled, by Yu’s account, is that the price floor is already crossed for someone willing to look. “We are already in a state where any motivated attacker with a credit card can execute this,” he said. “Both white-hat and black-hat actors are already implementing these types of actions at scale.”

Vulnerability classes the pipeline surfaced

The 300-plus findings span pre-authentication remote code execution, SQL injection hidden behind PHPCS annotations that mark vulnerable queries as safe, privilege escalation through the WordPress hook system, server-side request forgery, and a downgrade attack chain. One pre-auth RCE was identified in a plugin with more than 1,000 GitHub stars.

The downgrade chain was assembled by the AI without human guidance. The agent located a vulnerability that allowed it to roll a target plugin back to an earlier version, recognized that the earlier version carried its own exploitable flaws, and chained the two into a working attack. Yu confirmed no manual prompts or pre-taught patterns were involved. The same vulnerability class was identified through pattern hunting across OpenCart and Joomla codebases.

Disclosure infrastructure under strain

The pipeline addresses what the security industry has taken to calling “AI slop,” the wave of low-quality, AI-generated vulnerability reports that has pushed several major open-source projects to reject AI submissions outright. By requiring every AI-generated finding to pass dynamic verification before reaching the disclosure queue, the system eliminated more than 80% of false positives.

The downstream pressure remains. Yu said manual verification of each WordPress plugin vulnerability took his team between 30 and 60 minutes. He described the human review layer as the primary bottleneck.

“Organizations such as ZDI and NIST are currently struggling with massive backlogs due to the explosion of AI-assisted vulnerability reports,” Yu said. “When AI can scale discovery from a few findings per day to hundreds per second, the traditional human-centric triage model becomes unsustainable.”

His expectation for the next six months is a higher volume of disclosed vulnerabilities and a parallel rise in zero-day abuse by attackers running similar pipelines. He anticipates a structural shift in how disclosure programs accept submissions, with several vendors moving toward invite-only or membership-based models that prioritize researchers with established track records and ban accounts that submit AI-generated noise.

The longer-term answer Yu pointed to is more automation, applied at the receiving end. “The ultimate solution is to fight AI magic with AI magic,” he said. AI-assisted triage that automates environment setup and verification would let human experts concentrate on the most complex cases.

Where the AI still stops

Yu was direct about the ceiling. Drag-and-drop builders such as Elementor sit in the “computer use” category and will likely yield to the next wave of agent tooling within months. Other failure modes are harder. Exploits that need a working payment API key, a valid user account, or an SMS verification code stop the agent because the gap is in the environment, not in the model. Some calls require a human to define whether a feature is intended or malicious in the first place, a judgment that more training data will not resolve.

Download: Automating Pentest Delivery Guide

from Help Net Security https://ift.tt/qLvjZ8N

A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5.

News article.

from Schneier on Security https://ift.tt/aY56edl