TLDRocket
Sign in

AI Security

40 summarised stories about AI Security, each linking back to the original source. Browse all topics →

Tuesday, 14 July 2026

AWS will now watch Microsoft’s cloud for you

The New Stack 1 day ago

AWS expanded its Security Hub service to monitor Microsoft Azure resources natively alongside AWS resources, marking the first time the service supports non-AWS infrastructure, while also launching GuardDuty AI Protection to detect threats in Amazon Bedrock and SageMaker workloads. Monitoring Azure resources costs the same as AWS equivalents with pricing starting from a 30-day free trial, and AI-powered investigations can complete threat analysis in minutes instead of hours. AWS aims to position Security Hub as a unified security console for multicloud environments, competing with similar offerings from Microsoft Defender, Google Cloud, and third-party vendors like Wiz and Palo Alto Networks.

What happens when your VPN meets 200 AI agents

The New Stack 1 day ago

Tailscale is hosting a webinar on July 28, 2026 addressing how enterprises can manage network access for both human users and AI agents using a unified architecture rather than separate tools. The event will cover how traditional VPN and privileged access management tools designed for humans fall short when dozens or hundreds of AI agents need secure access to corporate networks. Organizations need consistent access policies that can handle requests from any source—developers, contractors, pipelines, and AI agents—while maintaining security audits and the ability to revoke access when tasks complete.

How I Turned AI to the Dark Side

IEEE Spectrum AI 2 days ago

Researcher Dave Kuszmar discovered multiple vulnerabilities in large language models that allowed him to extract dangerous information including instructions for creating weapons, drugs, and bioweapons from systems including GPT-4o, Claude, Gemini, Llama, and Grok. He demonstrated two exploits: Time Bandit, which manipulated LLMs into believing an earlier date to bypass safety guidelines, and Inception, which used nested scenarios to trick models into producing harmful content across all major commercial LLM systems. Kuszmar is calling for slowed LLM deployment, increased transparency, and expanded safety research before these systems are more widely integrated into society.

The MCP debate has a context problem

The New Stack 2 days ago

Model Context Protocol (MCP) faces criticism from developers for adding unnecessary complexity in small projects, but the skeptics overlook that enterprise agentic systems require MCP's capabilities for credential delegation, audit trails, and structural least privilege that direct API calls cannot provide. MCP enables security teams to embed authorization context at the tool-call level and structurally prevent agents from exceeding their assigned scope, whereas allowlists alone are insufficient governance in regulated environments. Enterprise adoption of agentic systems will require solving two remaining challenges: making capability-scoped server provisioning accessible to non-specialists and providing operational visibility tools for security teams to manage MCP connections across their environment.

Fabraix Playground lets you test prompt injection attacks on AI agents

The Neuron 2 days ago

Fabraix Playground is a testing platform that lets users attempt prompt injection attacks on AI agents to discover security vulnerabilities. The tool provides an interactive environment where researchers can practice exploiting these agents before malicious actors find the same weaknesses. Organizations can use the results to patch vulnerabilities and improve their AI systems' defenses against prompt-based attacks.

Anthropic alleges Alibaba used 25,000 fraudulent accounts to extract Claude data

The Neuron 2 days ago

Anthropic accused Alibaba of using 25,000 fraudulent accounts to extract capabilities from Claude through unauthorized API access. The alleged extraction campaign used coordinated accounts, proxy services, and repetitive prompts to harvest reasoning, tool-use, and reinforcement-learning data that could be used to train competing models. The distinction matters because legitimate distillation of intentionally released models should remain permitted, while covert extraction through fraud should face enforcement at the access layer rather than through restrictions on open AI.