Reports
AI-generated structured vendor updates
Microsoft Advocates Security Design Shift to Deception Prevention
Microsoft shifts security focus from technical combat to deception prevention, embedding security into product design phase. Uses smart design to reduce user errors with default strong settings and AI risk interception. Expands defense strategy to behavioral science and UX design.
CrowdStrike Launches Phishing-Resistant MFA for Identity Platform
CrowdStrike introduces FalconID with FIDO2/WebAuthn standards for phishing-resistant MFA, integrated with Falcon platform for contextual risk analysis. This represents strategic expansion from endpoint to identity protection.
Cisco Partners with NVIDIA and VAST on End-to-End Secure AI Data Platform Architecture
Cisco partnered with NVIDIA and VAST to deliver a deployable AI data platform reference architecture integrating compute infrastructure, data platform, and security layers. The architecture employs Cilium for K8s networking, Tetragon for runtime security, and AI Defense for application protection, enabling full lifecycle security from data to AI applications.
OpenAI and Paradigm Launch AI Benchmark for Smart Contract Security
OpenAI and crypto VC Paradigm jointly released EVMbench, a benchmark evaluating AI agents' capabilities in detecting, patching, and exploiting high-severity smart contract vulnerabilities. The benchmark comprises three key task categories to establish standardized evaluation metrics for AI in blockchain security.
OpenAI Hardens ChatGPT Atlas Against Prompt Injection
OpenAI is enhancing ChatGPT Atlas's defenses against prompt injection attacks using reinforcement learning-based automated red teaming. This proactive discover-and-patch cycle aims to identify novel vulnerabilities as AI becomes more agentic.
Novo Nordisk AI Model Theft: Extortion Shifts to R&D Barrier Looting, Redefining Security Perimeter
Novo Nordisk suffered a 1.3TB data breach by FulcrumSec, including full-stack weights of its Dragonfly AI model and clinical data, after a two-month lateral movement via MOVEit zero-day. AI assets become primary targets, leveling R&D barriers. Top pharma firms initiate AI security audits.
Microsoft Copilot SearchLeak: One Click Exfiltrates All Indexed Enterprise Data via LLM Prompt Injection
Varonis discovered SearchLeak (CVE-2026-42824) in Microsoft 365 Copilot Enterprise, a three-stage vulnerability chain: P2P injection, HTML rendering race condition, and SSRF via Bing to bypass CSP. Attackers embed malicious URL parameters; user clicks cause Copilot to exfiltrate sensitive data (emails, SharePoint, OneDrive) via Bing image URLs, evading traditional phishing defenses. Microsoft has released a patch.