RedShield has introduced a new cybersecurity feature called ‘Third Horizon’ to provide additional protection against Distributed Denial-of-Service (DDoS) and automated bot attacks. The technology disrupts attack methods and forces attackers to adapt in ways that traditional automated or artificial intelligence-driven tools cannot manage effectively. The Third Horizon feature challenges suspicious users seeking access to an application by requiring them to supply a valid email address and verify their identity using a code sent to that email. This adds complexity for attackers using automated systems, as they typically struggle to answer such requests at scale. RedShield’s service operates using a three-tiered architecture for threat defence. The first layer, the First Horizon, uses traffic profiling to block high-volume attacks and malicious traffic. The second layer focuses on sophisticated bot detection, targeting malicious bots attempting to appear as legitimate users. The Third Horizon provides an identity and intent challenge, requiring suspicious users to confirm an email address before accessing a site or application. Recent findings highlight the scale of the challenge facing organizations, with automated bots accounting for nearly half of all internet traffic in 2024 and DDoS attacks increasing 1800% globally from the third to the fourth quarter of last year. RedShield is extending its layered approach by offering the Third Horizon as an optional add-on service for customers requiring heightened protection.
Proton’s AI assistant uses zero-access encryption and keeps no logs of conversations, has end-to-end encryption for storing chats, offers a ghost mode for conversations and doesn’t require the user to have an account to use the chatbot
Privacy-focused productivity tools maker Proton released its AI assistant, called Lumo, which keeps no logs of conversations, has end-to-end encryption for storing chats, and offers a ghost mode for conversations that disappear as soon as you close the window. Lumo doesn’t require you to have an account to use the chatbot and ask questions. You can upload files to have the chatbot answer questions about them, and if you have a Proton Drive account, you can connect it with Lumo to access files stored in the cloud. While the chatbot has access to the web, it might not find you the latest results if you use it to search. Lumo is based on open source models, and will only depend on them for research and development going forward without utilizing user data to train its models. Lumo relies on zero-access encryption, an encryption method that other Proton products also use, to let users store their conversation history, which can be decrypted on the device. “Lumo is based upon open-source language models and operates from Proton’s European datacenters. This gives you much greater transparency into the way Lumo works than any other major AI assistant. Unlike Apple Intelligence and others, Lumo is not a partnership with OpenAI or other American or Chinese AI companies, and your queries are never sent to any third parties,” Proton said.
New wave of injection attacks exploits input manipulation, bypassing traditional checks; as a result liveness detection is no longer a value-added feature — it is now an essential component of security
Jumio warns about the rise of injection attacks as one of the most sophisticated and difficult-to-detect threats in identity verification processes. Unlike conventional identity spoofing methods —injection attacks bypass traditional fraud detection methods by manipulating the input channel itself. Instead of presenting an image or video in front of the camera, attackers alter the system at its source, compromising the integrity of the digital process. Their effectiveness can result in financial fraud, creation of fake identities, evasion of regulatory controls, and loss of user trust and strategic partner confidence. Given this scenario, liveness detection is no longer a value-added feature — it is now an essential component of security. To combat injection attacks, systems must be able to distinguish between a real person in front of a camera and a manipulated video source. Effective identity verification technologies against injection attacks should: Differentiate between a legitimate source and an emulated one, identifying whether the video comes from a real camera or software emulator. Accurately match the presented face with the ID document, ensuring biometric consistency. Detect invisible clues such as synthetic artifacts, repetitions, or inconsistencies in lighting, textures, and depth. Recognize suspicious patterns, like reused backgrounds in multiple attempts or pre-recorded videos presented as live input.
Cloudflare launches AI‑SPM to centrally visualize Shadow AI alongside new posture management, prompt‑level guardrails, and gateway policies to help teams block risky apps, limit uploads, and monitor usage
Cloudflare is introducing AI Security Posture Management (AI-SPM) into Cloudflare One, its Zero Trust platform to allow organizations to safeguard against a range of potential threats posed by the wide adoption of AI tools, enabling businesses to move faster with the confidence that AI is being used safely by all teams. Now, with the availability of all features, security teams will be able to: Discover how employees are using AI: With Cloudflare’s new Shadow AI Report, security teams can get instant insights from their traffic to gain a clear, data-driven picture of their organization’s AI usage. This granular view allows them to see not just that an employee is using an AI app, but which AI app, and what users are accessing it. Protect against Shadow AI: Cloudflare Gateway makes it easy to automatically enforce AI policies at the edge of Cloudflare’s network, ensuring consistent security for every employee, no matter where they work. Security teams can choose to fully block unapproved AI applications, limit the types of data uploaded into AI applications, and complete reviews of AI tools, to ensure they continue to meet security and privacy standards. Safeguard sensitive data without fully restricting AI usage: AI Prompt Protection allows security teams to identify potentially dangerous or risky employee interactions with AI models, and flag those prompts and responses. Policies can now be enforced inline at the prompt level to mitigate risk early on, and warn the employee about, or block them from, submitting sensitive data—like source code—being entered into an untrusted AI provider. This will give security teams the control they need to monitor company data that may be sent outside the organization, without fully restricting employees’ usage of AI tools. Gain visibility of AI model interactions with tools outside the business: Zero Trust MCP Server Control consolidates all MCP tool calls—a request from an AI model or application to a server to execute a specific task—into a single dashboard. This visibility ultimately allows all MCP traffic, regardless of origin, to be routed through Cloudflare for increased control and access management. Now, with centralized insights, security teams can set user-level policies at both the gateway and individual MCP server levels.
Google’s AI agent discovers a critical SQLite vulnerability using threat intelligence and was able to actually predict that it was imminently going to be exploited for carrying out a cyberattack
Google is introducing a new approach to cybersecurity, focusing on artificial intelligence as the first line of digital defence. The company has introduced Big Sleep, an AI agent developed by Google DeepMind in collaboration with Project Zero, which has successfully stopped a security threat before it was launched. The tool is also being used to strengthen the security of open-source software, increasing defensive coverage. Google’s secure-by-design approach emphasizes human oversight, transparency, and privacy. In addition to Big Sleep, Google is infusing AI into its security infrastructure: Timesketch, the company’s open-source forensics platform, now integrates Sec-Gemini-powered agents to automate incident response. FACADE, an insider threat detection tool, processes billions of security events each day using contrastive learning, without relying on historical attack data. A new AI-assisted Capture the Flag challenge at DEF CON 33 will give participants hands-on experience working alongside AI agents in real-time cyber defence scenarios.
Blink Operations no-code platform lets users create unlimited, tailored micro‑agents focused on specific security tasks by leveraging visual editors or natural‑language prompts to orchestrate actions from a library of 30,000+ integrations and pre-built workflows
Enterprise cybersecurity automation platform Blink Operations has raised $50 million in new funding to accelerate its go-to-market efforts and scale updeployment of its no-code cybersecurity micro-agents platform. BlinkOps offers cybersecurity automation that gives organizations the ability to build, collaborate on and scale up security workflows via artificial intelligence-driven, no-code and low-code interfaces. The company’s platform serves as an automation hub where security teams leverage visual editors or natural‑language prompts to orchestrate actions from a library of more than 30,000 integrations and pre-built workflows. BlinkOps’ Security Micro‑Agent Builder, which launched in April, provides a drag‑and‑drop, no-code interface that allows users to create unlimited, tailored micro‑agents focused on specific security tasks, such as identity and access management, patching, alert triage, device control or vulnerability response. Agents can be assigned defined roles, domain‑specific knowledge and secure operational abilities, offering deterministic and auditable automation. The company’s micro-agents can work collaboratively as agent “teams,” communicating with each other to manage complex multistep workflows. The idea is that by distributing work across role‑specialized agents, the platform avoids reliance on a single overload‑prone agent, enabling scalable, reliable automation while keeping human-in-the-loop flexibility where needed.
New Federal Reserve toolkits provide foundational knowledge and practical resources on scam and check fraud tactics, empowering payments professionals to recognize, prevent, and collaborate on defense
Federal Reserve has released two new toolkits: the Scams Mitigation Toolkit (Off-site) and Check Fraud Mitigation Toolkit (Off-site). The toolkits are intended to support education and increase awareness about scams and check fraud, enable the payments industry to better identify and fight them, and foster industry collaboration on fraud and scams mitigation. The initial releases of the Scams Mitigation Toolkit and Check Fraud Mitigation Toolkit focus on building foundational knowledge about different types of scams and check fraud; the tactics and human vulnerabilities that often enable these to succeed; and common scenarios that financial institutions, service providers, other businesses and individuals may encounter. In the fourth quarter of 2025, second releases of these two toolkits will offer additional insights and resources. These toolkits were developed by the Federal Reserve to help educate the industry about scams and check fraud. Insights for these toolkits were provided through interviews with industry experts, publicly available research and tea m member expertise. The toolkits are not intended to result in any regulatory or reporting requirements, imply any liabilities for fraud loss, or confer any legal status, legal definitions, or legal rights or responsibilities. While use of these toolkits throughout the industry is encouraged, their utilization is voluntary at the discretion of each individual entity. Absent written consent, the toolkits may not be used in a manner that suggests the Federal Reserve endorses a third-party product or service.
Experian’s document verification suite integrates Incode’s AI ID verification, liveness, facial match, and real‑time metadata analysis to speed decisions and block synthetic fraud
Experian announced the integration of Incode Technologies, Inc. (“Incode”) into the Experian Ascend Platform™. This collaboration will enable seamless, secure and efficient identity validation for over 1,800 global clients across industries including financial services, automotive, healthcare and digital marketing. Through this partnership, Incode’s advanced identity validation and real-time metadata analysis will be offered as an optional component within Experian’s CrossCore Document Verification suite in North America, with global expansion planned. Incode’s AI-driven technology strengthens Experian’s identity and fraud solutions by verifying and connecting identity elements such as government-issued IDs, facial recognition, liveness checks, and real time metadata. Identity verification is central to Experian’s identity and fraud portfolio, helping organizations combat cybercrime while maintaining a seamless customer experience. This integration provides stronger protection against synthetic identity and application fraud, as well as higher accuracy in detection and workforce identity.
Yubico’s Enhanced PIN feature to offer comprehensive PIN management for users with enforcement policies and PIN complexity applied by default, always-on user verification and minimum PIN length of six characters
Yubico has introduced the YubiKey 5 – Enhanced PIN, offering additional PIN capabilities for enterprises in 175 countries and 24 territories. The product is pre-configured with features to improve PIN management and user enforcement, including a mandatory minimum PIN length and requirements for increased complexity. This helps organizations meet evolving policy, compliance, and audit requirements for user authentication. The Enhanced PIN features are available on the YubiKey 5 NFC and YubiKey 5C NFC models, specifically through the YubiKey as a Service platform. The company has expanded its YubiKey as a Service to include all European Union countries and expanded its YubiEnterprise Delivery to 117 locations globally. The expanded service and new key features reflect Yubico’s effort to address the challenges posed by a changing cybersecurity landscape and varying global regulatory requirements, supporting enterprise customers in their transition to more robust authentication systems.
Legion Security’s lightweight browser extension learns directly from SOC analysts by observing their day-to-day investigation, records how they handle alerts and make decisions and translates them into scalable, automated workflows cutting investigation and response times by up to 90%
Browser-native AI security operations center startup Legion Security differs from existing solutions on the market through the use of a lightweight browser extension that learns directly from analysts by observing their day-to-day investigations. The idea is to allow the platform to capture the nuances of human expertise and translate them into scalable, automated workflows tailored to each organization’s unique tools and processes. Legion uses a three-phase operational model that moves from passive observation to full automation. In the initial “Learning Mode,” the platform shadows senior analysts and records how they handle alerts and make decisions. The next step, the “Guided Mode,” offers suggestions and performs tasks under human supervision. Finally, when teams are ready, an “Autonomous Mode” allows Legion to act independently or with selective approvals, drastically accelerating response times and reducing manual workload without sacrificing oversight. Analysts can configure exactly when and where Legion operates, restrict its access to certain tools and mask sensitive data during sessions. Every action taken by the AI is fully auditable and security teams retain final say over what is learned, applied or deployed. The offering from Legion is positioned to solve a longstanding pain point in cybersecurity: the overwhelming volume of alerts and the shortage of qualified personnel to investigate them. By converting institutional knowledge into actionable automation, the platform helps reduce triage time, cut down on false positives and eliminate repetitive documentation work. “What sets Legion apart is its browser-native AI platform,” said Sri Viswanath, managing director at Coatue. “It studies how security analysts work and instantly scales those workflows, cutting investigation and response times by up to 90%.”