Latest news with #AIsecurity
Yahoo
2 days ago
- Business
- Yahoo
Zenity Labs Exposes Widespread "AgentFlayer" Vulnerabilities Allowing Silent Hijacking of Major Enterprise AI Agents Circumventing Human Oversight
Groundbreaking research reveals working 0click compromises of OpenAI's ChatGPT, Microsoft Copilot Studio, Salesforce Einstein, Cursor, and more, exposing widespread vulnerabilities across production AI environments LAS VEGAS, Aug. 6, 2025 /PRNewswire/ -- At Black Hat USA 2025, Zenity Labs revealed AgentFlayer, a comprehensive set of 0click exploit chains that allow attackers to silently compromise enterprise AI agents and assistants without requiring any user action. The research, presented by Zenity co-founder and CTO Michael Bargury and threat researcher Tamir Ishay Sharbat in their session, "AI Enterprise Compromise: 0Click Exploit Methods," demonstrates how widely deployed AI agents from major vendors can be hijacked to exfiltrate data, manipulate workflows, and act autonomously across enterprise systems—all while users remain completely unaware. The findings represent a fundamental shift in the AI security landscape to attacks that can be fully automated and require zero interaction from users. Zenity Labs successfully demonstrated working exploits against OpenAI ChatGPT, Microsoft Copilot Studio, Salesforce Einstein, Google Gemini, Microsoft 365 Copilot, and developer tools like Cursor with Jira MCP. "These aren't theoretical vulnerabilities, they're working exploits with immediate, real-world consequences," said Michael Bargury, CTO and co-founder, Zenity. "We demonstrated memory persistence and how attackers can silently hijack AI agents to exfiltrate sensitive data, impersonate users, manipulate critical workflows, and move across enterprise systems, bypassing the human entirely. Attackers can compromise your agent instead of targeting you, with similar consequences." Key Research Findings: OpenAI ChatGPT was compromised via email-triggered prompt injection, granting attackers access to connected Google Drive accounts and the ability to implant malicious memories, compromise every future session, and transform ChatGPT into a malicious agent A Microsoft Copilot Studio customer support agent, showcased by Microsoft on stage, was shown to leak entire CRM databases. Additionally, we found over 3,000 of these agents in the wild that can reveal their internal tools, making them susceptible to exploitation Salesforce Einstein was manipulated through malicious case creation to reroute all customer communications to attacker-controlled email addresses Google Gemini and Microsoft 365 Copilot were turned into malicious insiders, social engineering users and exfiltrating sensitive conversations through booby-trapped emails and calendar invites Cursor with Jira MCP was exploited to harvest developer credentials through weaponized ticket workflows "The rapid adoption of AI agents has created an attack surface that most organizations don't even know exists," said Ben Kilger, CEO, Zenity. "Our research demonstrates that current security approaches are fundamentally misaligned with how AI agents actually operate. While vendors promise AI safety, attackers are already exploiting these systems in production. This is why Zenity has built the industry's first agent-centric security platform—to give enterprises the visibility and control they desperately need." Industry Response and Implications Some vendors, including OpenAI and Microsoft Copilot Studio, issued patches following responsible disclosure. However, multiple vendors declined to address the vulnerabilities, citing them as intended functionality. This mixed response underscores a critical gap in how the industry approaches AI agent security. The research arrives at a pivotal moment for enterprise AI adoption. With ChatGPT reaching 800 million weekly active users and Microsoft 365 Copilot seats growing 10x in just 17 months, organizations are rapidly deploying AI agents without adequate security controls. Zenity Labs' findings suggest that enterprises relying solely on vendor mitigations or traditional security tools are leaving themselves exposed to an entirely new class of attacks. Moving from Research to Defense As a research-driven security company, Zenity Labs conducts this threat intelligence on behalf of the wider AI community, ensuring defenders have the same insights as attackers. The complete research, including technical breakdowns and defense recommendations, will be available at following the presentation. See the Research in Action Attendees at Black Hat USA 2025 can visit Zenity at booth #5108 for live demonstrations of the exploits, in-depth technical discussions, and practical guidance on securing AI agents in production environments. For those unable to attend Black Hat, Zenity will host deeper discussions at the AI Agent Security Summit 2025 on October 8 at the Commonwealth Club in San Francisco. Reserve your spot now. About Zenity Zenity is the agent-centric security and governance platform that gives enterprises visibility and control over AI agent behavior—what they access, what they do, and the tools they invoke—with full-lifecycle protection across SaaS, custom agent platforms, and end-user devices. Founded by security researchers and engineers from Microsoft, Meta, and Unit 8200, Zenity enables organizations to embrace AI innovation without compromising security. Learn more at About Zenity Labs Zenity Labs is the threat research arm of Zenity, dedicated to uncovering and responsibly disclosing vulnerabilities in AI systems. Through cutting-edge research and real-world attack simulations, Zenity Labs helps organizations understand and defend against emerging AI threats. Subscribe to research updates at Media Contact:Diana DiazForce4 Technology View original content to download multimedia: SOURCE Zenity Sign in to access your portfolio
Gizmodo
2 days ago
- Gizmodo
Get Ready, the AI Hacks Are Coming
Think twice before you ask Google's Gemini AI assistant to summarize your schedule for you, because it could lead to you losing control of all of your smart devices. At a presentation at Black Hat USA, the annual cybersecurity conference in Las Vegas, a group of researchers showed how attackers could include hidden commands in something as simple as a Google Calendar invite and use it to hijack smart devices—an example of the growing attack vector that is prompt injection attacks. The hack, laid out in a paper titled 'Invitation Is All You Need!', the researchers lay out 14 different ways they were able to manipulate Gemini via prompt injection, a type of attack that uses malicious and often hidden prompts to make large language models produce harmful outputs. Perhaps the most startling of the bunch, as highlighted by Wired, was an attack that managed to hijack internet-connected appliances and accessories, doing everything from turning off lights to turning on a boiler—basically wrestling control of the house from the owner and potentially putting them in a dangerous or compromising situation. Other attacks managed to make Gemini start a Zoom call, intercept details from emails, and download a file from a phone's web browser. Most of those attacks start with something as simple as a Google Calendar invitation that is poisoned with prompt injections that, when activated, will make the AI model engage in behavior that bypasses its built-in safety protocols. And these are far from the first examples that security researchers have managed to put together to show the potential vulnerabilities of LLMs. Others have used prompt injection to hijack code assistants like Cursor. Just last month, Amazon's coding tool got infiltrated by a hacker who instructed it to delete files off the machines it was running on. It's also becoming increasingly clear that AI models appear to engage with hidden commands. A recent paper found that an AI model used to train other models passed along quirks and preferences despite specific references to such preferences being filtered out in the data, suggesting there may be messaging moving between machines that can't be directly observed. LLMs largely remain black boxes. But if you're a malicious actor, you don't necessarily need to understand what is happening under the hood. You just need to know how to get a message in there that will make the machine work in a specific way. In the case of these attacks, the researchers informed Google of the vulnerability, and the company addressed the issue, per Wired. But as AI gets integrated into more platforms and more areas of the public's lives, the more risk that such weaknesses present. It's particularly concerning as AI agents, which have the ability to interact with apps and websites to complete multi-step tasks, are starting to roll out. What could go wrong?
Tahawul Tech
2 days ago
- Business
- Tahawul Tech
'AI is the most transformative force in the world, but without security, it is a liability.' – Tomer Weingarten, SentinelOne
SentinelOne, a global leader in AI-powered security, has announced it has signed a definitive agreement to acquire Prompt Security, a pioneer in securing AI in runtime, preventing AI-related data leakage and protecting intelligent agents. The deal is part of SentinelOne's strategy to extend its AI-native Singularity Platform to secure the rapidly growing use of generative (GenAI) and agentic AI in the workplace. This includes real-time visibility into how AI tools are accessed, what data is being shared, and automated enforcement to prevent prompt injection, sensitive data leakage, and misuse without slowing innovation. By adding Prompt Security's capabilities, SentinelOne can give CISOs and IT leaders the control they need to enable safe adoption at scale, while unlocking a new frontier of growth and platform expansion for SentinelOne and its partners. Prompt Security enables organizations to gain immediate visibility to all GenAI usage in the enterprise, and to secure and control employee usage of AI, eliminate shadow AI risks and confidently embrace tools like ChatGPT, Gemini, Claude, Cursor, and other custom LLMs, without compromising visibility, security, or control. By combining SentinelOne's industry-leading AI-powered endpoint, cloud, data and SecOps capabilities with Prompt Security's groundbreaking AI defense platform, the company will be positioned to deliver the most comprehensive approach to securing AI in the modern enterprise, from infrastructure to usage. 'AI is the most transformative force in the world today, but without security, it becomes a liability,' said Tomer Weingarten, CEO of SentinelOne. 'With Prompt Security, we're making it possible for every company to fully embrace GenAI and agentic AI without compromising safety and security. This is the foundation for secure AI adoption at scale.' Prompt Security's technology is purpose-built to solve one of the most urgent and underserved challenges in enterprise security today: protecting against the inherent risks in AI adoption. Its technology helps organizations embrace GenAI usage by integrating across browsers, desktop applications, and APIs to give organizations observability, enforcement, and automated protection. Unlike traditional security solutions, this approach provides real-time protection at the point of interaction, helping organizations stop prompt injections, data leakage and misuse before they escalate. This seamless design is highly complementary to SentinelOne's endpoint platform and creates a unique, integrated layer for GenAI, delivering combined value in a way no other solution on the market can match. With Prompt Security's capabilities, SentinelOne will give customers: Real-time AI visibility into how AI is being used across the enterprise, including who is using which tools, what data they are sharing, and how AI agents are responding, complementing SentinelOne's existing endpoint capabilities and accelerating its GenAI DLP. into how AI is being used across the enterprise, including who is using which tools, what data they are sharing, and how AI agents are responding, complementing SentinelOne's existing endpoint capabilities and accelerating its GenAI DLP. Policy-based controls to enforce safe use, block high-risk prompts, and prevent data leakage in real time. to enforce safe use, block high-risk prompts, and prevent data leakage in real time. AI Attack prevention against threats like prompt injection, malicious output manipulation, and model abuse. against threats like prompt injection, malicious output manipulation, and model abuse. Model-agnostic coverage across all major LLM providers, including OpenAI, Anthropic, and Google, as well as self-hosted or on-prem models. across all major LLM providers, including OpenAI, Anthropic, and Google, as well as self-hosted or on-prem models. MCP gateway security between AI applications and more than 13,000 known MCP servers, intercepting every call, prompt template, and response. Redefining Cybersecurity for the Age of AI This acquisition cements SentinelOne's leadership in securing the modern enterprise from endpoint to cloud to identity, and now to GenAI and agentic AI. Since its founding, SentinelOne has pioneered the use of AI to help security teams redefine how they do their jobs by detecting and responding to novel and sophisticated threats at machine speed. The company was also the first pure cybersecurity player to introduce agentic and GenAI into its platform, dramatically simplifying and speeding the triage, investigation and remediation of threats across all attack surfaces, moves that upleveled all security analysts in the SOC. Now, with the acquisition of Prompt Security, SentinelOne is looking to help those same security teams empower the very employees they protect by giving them a secure way to embrace AI tool usage and AI agents in the workplace. 'As enterprise adoption of GenAI and agentic AI accelerates, the security and privacy risks are rapidly shifting from theoretical to operational,' said Itamar Golan, CEO and co-founder of Prompt Security. 'SentinelOne shares our passion for empowering teams and organizations to embrace AI as a distinct advantage, while delivering real-time, automated protection built for the AI-native world. By bringing together our pioneering technology with SentinelOne's incredible platform, team, channel and customer base, we can make AI security a reality for virtually every organization in the world.' Transaction Details SentinelOne will acquire Prompt for a combination of cash and stock. The transaction is expected to close in SentinelOne's third quarter of fiscal year 2026, subject to any applicable regulatory approvals and customary closing conditions.
Yahoo
2 days ago
- Business
- Yahoo
Infoblox Supercharges Threat Defense to Deliver Enhanced Preemptive Protection Against Sophisticated, AI-Driven Attacks
Advancing preemptive security with powerful innovations designed to safeguard users, devices, IoT/OT, cloud workloads and shut down threats before they start Launching new and enhanced Protective DNS capabilities to help organizations predict threats, preempt AI-driven attacks and prevail over modern adversaries Introducing flexible token-based licensing to scale protection efficiently and align pricing with evolving security needs Strengthening leadership in Protective DNS and enabling alignment with forthcoming NIST guidelines to help organizations outpace evolving cyberattacks Powering Google Cloud's DNS Armor, providing native security for cloud workloads, with public preview starting later this year SANTA CLARA, Calif., Aug. 04, 2025 (GLOBE NEWSWIRE) -- Infoblox, a leader in cloud networking and security services, today announced major enhancements to its Protective DNS solution, Infoblox Threat Defense™, empowering organizations to stay ahead of sophisticated, AI-driven cyberthreats with preemptive security. As global cybercrime costs surge toward $23 trillion by 2027,1 traditional 'detect and respond' security tools are struggling to keep up. Modern attackers increasingly deploy AI to create unique, single-use malware and stealthy phishing campaigns that evade traditional defenses—making it more likely than ever that any organization can become 'patient zero.' Infoblox's Protective DNS solution, Infoblox Threat Defense, stops threats before they impact infrastructure by combining predictive threat intelligence with algorithmic and machine learning-based detections—blocking high-risk and malicious domains an average of 68 days earlier than traditional tools, with an industry-leading 0.0002% false positive rate. 'The difference between most DNS security tools and our approach is like the difference between law enforcement chasing street-level drug dealers versus taking down the cartel,' said Mukesh Gupta, chief product officer, Infoblox. 'We target the suppliers behind the cyberattackers—the cartel—so threats can be blocked before they ever reach the network. This preemptive strategy helps security teams reduce risk, eliminate noise and stop threats at the DNS layer before they ever reach the network.' To help customers get ahead of the new wave of AI-driven threats, Infoblox is continually delivering groundbreaking threat intelligence—solidifying the role of Threat Defense as a proactive, high-speed threat blocker. From better visibility and actionable insights to flexible licensing and clear metrics on preemptive protection, these new innovations are designed to help security teams close gaps before attackers can exploit them: Protection Before Impact: Provides security leaders with clear, quantifiable metrics on threats neutralized before they can cause damage, streamlining reporting and demonstrating security ROI. Security Workspace: An intuitive, centralized interface that gives security teams deep visibility into their environment with actionable insights to reduce risk and ultimately speed their mean time to respond (MTTR). Detection Mode: Provides organizations visibility into threats they're missing today—without changing existing DNS configuration, minimizing operational risk. Asset Data Integration: Delivers deep context into what was protected as part of the preemptive strategy, enabling security teams to do further investigation and analysis. Token-Based Licensing: Flexible, token-based pricing aligned to protected assets simplifies procurement and drives clearer ROI. Powering Google Cloud's DNS Armor: Infoblox's Protective DNS capabilities also power Google Cloud's DNS Armor, providing native security for cloud workloads, with public preview later this year. Infoblox Threat Defense gives security teams predictive insights to block attacks as threat actor infrastructure is being created—before malware is even deployed and long before a patient zero is hit. Unlike traditional security tools that must wait for the first victim to detect and respond, Infoblox's approach can preempt the attack entirely. By stopping attacks earlier, Infoblox reduces the load on detect-and-respond tools, such as XDR and SIEM—aligning with Gartner's view that preemptive cybersecurity will replace 40 percent of traditional solutions by 2028. The latest NIST SP 800-81 guidelines reinforce this shift, noting that DNS can often prevent security incidents earlier than other systems. 'Traditional 'detect and respond' security simply can't keep pace with today's AI-driven attackers and malware. Cybercrime is evolving faster than ever, costing the world trillions and exploiting gaps in legacy defenses,' said Scott Harrell, president and CEO, Infoblox. 'The legacy kill chain approach depends on someone else being 'patient zero' so those legacy systems can learn and react—but attackers today customize malware to target individual businesses or industries, rendering legacy, reactive approaches ineffective against modern AI-enabled attackers. When you're patient zero, the only thing being 'killed' is your business. The future of cybersecurity must be preemptive: stop threats before they ever reach your organization.' 'Before Infoblox, DNS was a blind spot in our security posture,' said Nathan Sinclair, chief information security officer for the City and County of San Francisco. 'We immediately saw value in gaining full visibility into DNS requests and the hidden threats they can carry. Infoblox Threat Defense has proven to be a powerful solution for blocking exploits and preventing incursions. It has significantly strengthened our defenses and given us greater confidence in protecting the critical services we provide.' For deeper insights into our latest innovations and why preemptive DNS security matters more than ever, visit our Security Momentum launch blog. To see the latest research on evolving threats—including how DNS security blocks 82 percent of attacks before impact—read our 2025 DNS Threat Landscape Report. 1. 'Key Cyber Security Statistics for 2025,' SentinelOne, May 15, 2025. About InfobloxInfoblox unites networking, security and cloud to form a platform for operations that's as resilient as it is agile. Trusted by 13,000+ customers, including 92 of the Fortune 100, we seamlessly integrate, secure and automate critical network services so businesses can move fast without compromise. Visit or follow us on LinkedIn. Media Contact: Ariel Roop Head of Global Communications pr@
Zawya
2 days ago
- Business
- Zawya
SentinelOne to acquire Prompt Security to advance GenAI Security and Agent Security Strategy
Industry-first AI runtime security gives IT and security teams visibility, confidence and control over AI use without slowing innovation and productivity gains. Dubai, United Arab Emirates - SentinelOne, a global leader in AI-powered security, today announced it has signed a definitive agreement to acquire Prompt Security, a pioneer in securing AI in runtime, preventing AI-related data leakage and protecting intelligent agents. The deal is part of SentinelOne's strategy to extend its AI-native Singularity Platform to secure the rapidly growing use of generative (GenAI) and agentic AI in the workplace. This includes real-time visibility into how AI tools are accessed, what data is being shared, and automated enforcement to prevent prompt injection, sensitive data leakage, and misuse without slowing innovation. By adding Prompt Security's capabilities, SentinelOne can give CISOs and IT leaders the control they need to enable safe adoption at scale, while unlocking a new frontier of growth and platform expansion for SentinelOne and its partners. Prompt Security enables organizations to gain immediate visibility to all GenAI usage in the enterprise, and to secure and control employee usage of AI, eliminate shadow AI risks and confidently embrace tools like ChatGPT, Gemini, Claude, Cursor, and other custom LLMs, without compromising visibility, security, or control. By combining SentinelOne's industry-leading AI-powered endpoint, cloud, data and SecOps capabilities with Prompt Security's groundbreaking AI defense platform, the company will be positioned to deliver the most comprehensive approach to securing AI in the modern enterprise, from infrastructure to usage. 'AI is the most transformative force in the world today, but without security, it becomes a liability,' said Tomer Weingarten, CEO of SentinelOne. 'With Prompt Security, we're making it possible for every company to fully embrace GenAI and agentic AI without compromising safety and security. This is the foundation for secure AI adoption at scale.' Prompt Security's technology is purpose-built to solve one of the most urgent and underserved challenges in enterprise security today: protecting against the inherent risks in AI adoption. Its technology helps organizations embrace GenAI usage by integrating across browsers, desktop applications, and APIs to give organizations observability, enforcement, and automated protection. Unlike traditional security solutions, this approach provides real-time protection at the point of interaction, helping organizations stop prompt injections, data leakage and misuse before they escalate. This seamless design is highly complementary to SentinelOne's endpoint platform and creates a unique, integrated layer for GenAI, delivering combined value in a way no other solution on the market can match. With Prompt Security's capabilities, SentinelOne will give customers: Real-time AI visibility into how AI is being used across the enterprise, including who is using which tools, what data they are sharing, and how AI agents are responding, complementing SentinelOne's existing endpoint capabilities and accelerating its GenAI DLP. Policy-based controls to enforce safe use, block high-risk prompts, and prevent data leakage in real time. AI Attack prevention against threats like prompt injection, malicious output manipulation, and model abuse. Model-agnostic coverage across all major LLM providers, including OpenAI, Anthropic, and Google, as well as self-hosted or on-prem models. MCP gateway security between AI applications and more than 13,000 known MCP servers, intercepting every call, prompt template, and response. Redefining Cybersecurity for the Age of AI This acquisition cements SentinelOne's leadership in securing the modern enterprise from endpoint to cloud to identity, and now to GenAI and agentic AI. Since its founding, SentinelOne has pioneered the use of AI to help security teams redefine how they do their jobs by detecting and responding to novel and sophisticated threats at machine speed. The company was also the first pure cybersecurity player to introduce agentic and GenAI into its platform, dramatically simplifying and speeding the triage, investigation and remediation of threats across all attack surfaces, moves that upleveled all security analysts in the SOC. Now, with the acquisition of Prompt Security, SentinelOne is looking to help those same security teams empower the very employees they protect by giving them a secure way to embrace AI tool usage and AI agents in the workplace. 'As enterprise adoption of GenAI and agentic AI accelerates, the security and privacy risks are rapidly shifting from theoretical to operational,' said Itamar Golan, CEO and co-founder of Prompt Security. 'SentinelOne shares our passion for empowering teams and organizations to embrace AI as a distinct advantage, while delivering real-time, automated protection built for the AI-native world. By bringing together our pioneering technology with SentinelOne's incredible platform, team, channel and customer base, we can make AI security a reality for virtually every organization in the world.' Transaction Details SentinelOne will acquire Prompt for a combination of cash and stock. The transaction is expected to close in SentinelOne's third quarter of fiscal year 2026, subject to any applicable regulatory approvals and customary closing conditions. Forward-Looking Statements This release relates to a pending acquisition of Prompt Security ('Prompt') by SentinelOne, Inc. ('SentinelOne,' 'our,' 'we,' or 'us'). This release contains forward-looking statements that involve risks and uncertainties, including statements regarding the anticipated benefits of the acquisition and the timing and closing of the acquisition. The forward-looking statements contained in this release are subject to known and unknown risks, uncertainties, assumptions, and other factors that may cause actual results or outcomes to be materially different from any future results or outcomes expressed or implied by the forward-looking statements. These risks, uncertainties, assumptions, and other factors include, but are not limited to: the effect of the announcement of the acquisition on the ability of Prompt to retain key personnel or maintain relationships with customers, vendors and other business partners; risks that the acquisition disrupts current plans and operations; the ability of the parties to consummate the acquisition on a timely basis or at all; the satisfaction of the conditions precedent to consummation of the acquisition; our ability to successfully integrate Prompt's operations; our and Prompt's ability to execute on our business strategies relating to the acquisition and realize expected benefits and synergies; our ability to compete effectively, including in response to actions our competitors may take following announcement of the acquisition; and the effects of broader macro conditions. Forward-looking statements reflect management's current expectations and information available as of the date hereof and are inherently uncertain. Actual results could differ materially for a variety of reasons. Please refer to the documents we file from time to time with the SEC, in particular, our Annual Report on Form 10-K and our Quarterly Reports on Form 10-Q, as these documents contain and identify important risk factors and other information that may cause our actual results to differ materially from those contained in our forward-looking statements. Except to the extent required by law, SentinelOne and Prompt undertake no obligation to update the forward-looking statements to reflect new information or future events. About SentinelOne SentinelOne is a leading AI-powered cybersecurity platform. Built on the first unified Data Lake, SentinelOne empowers the world to run securely by creating intelligent, data-driven systems that think for themselves, stay ahead of complexity and risk, and evolve on their own. Leading organizations—including Fortune 10, Fortune 500, and Global 2000 companies, as well as prominent governments - trust SentinelOne to Secure Tomorrow™. Learn more at
