News Brief: Protective measures emerge to address AI security

AI News


Enterprise adoption of AI and machine learning tools is the second-largest. CISOs, security teams and federal agencies around the world need to work quickly to optimize the security of their AI tools and determine the best way to keep AI models and business data safe.

Agent AI can hand out keys to the kingdom too often, as proven by the zero-click exploits demonstrated in Black Hat USA 2025, where only the user's email address is needed to overtake AI agents.

Meanwhile, application developers use AI tools to help with code generation and employ vibe coding to speed up development, but they don't always fully understand the security implications. According to Veracode's 2025 Genai Code Security Report, AI-generated code introduced security vulnerabilities in 45% of tested tasks.

This week's feature article focuses on identifying methodologies that improve the security of AI tools and better protect data through responsible AI at the federal and corporate level.

NIST is seeking public disclosure on how to protect AI systems

NIST outlined a plan to develop a security control overlay for AI systems based on special publication 800-53: Information Systems and Organizational Security and Privacy Management. The federal agency has created a slack channel for community feedback on the development process.

The initiative aims to help organizations implement AI while maintaining data integrity and confidentiality across five use cases.

  1. Adapt and Use of Generated AI – Assistant/Large Language Models (LLM).
  2. Usage and fine-tuning prediction AI.
  3. Using AI Agent Systems – Single Agent.
  4. Using AI Agent Systems – Multi-agent.
  5. Security management for AI developers.

This guidance addresses growing concerns about AI security vulnerabilities. For example, researchers at Black Hat USA 2025 this month showed how malicious hackers weaponize AI agents for attacks and use LLMS to autonomously launch CyberTacks.

Read David Jones' complete story about cybersecurity diving.

Business Executive Responsibility AI takes responsibility for reducing risk and driving growth

A report from IT consulting firm Infosys found that businesses are turning to responsible AI use to mitigate risk and drive business growth.

In a survey of 1,500 senior executives, 95% experienced at least one “problem incident” related to the use of enterprise AI, with an average reported loss of $800,000 from these incidents over two years.

Still, over three-quarters of respondents said that AI will produce positive business outcomes, while 30% admitted that they are about 30% not investing in responsible AI use.

Organizations' definitions of responsible AI practices differ, but include incorporating fairness, transparency, accountability, privacy and security into their AI governance efforts.

Read the full story of Lindsay Wilkinson on Cybersecurity Diving.

AI-assisted coding: Balance between innovation and security

Vibe coding is currently popular because of both good and malicious development. Industry experts such as Danny Allan, CTO at application security vendor Snyk, have confirmed the widespread adoption of AI coding tools across the development team. “I'm not talking to customers who don't use AI coding tools,” he said.

Organizations that allow AI assist code generation should consider how to do so safely. Experts shared the following important steps to mitigate vibe coding security risks:

  • Keep human to ensure that the generated code is safe. AI is not ready to take over coding independently.
  • Use special tools to implement security from inception. If the generated code is vulnerable, being able to code faster is useless.
  • We explain the unpredictability of AI by training models on safe code generation and using guardrails to prevent AI assist code from creating weaknesses.

Read the complete story by Alexander Claffy about Dark Reading.

Editor's Note: The editors used AI tools to help generate this news brief. Our expert editors should always review and edit content before publishing.

Kyle Johnson is the technology editor for Informa TechTarget's SearchSecurity site.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *