Cybersecurity

AI startups Anthropic and OpenAI said that they evaluated each other’s public models, using their own safety and misalignment tests. Sharing this news and the results in separate blog posts, the companies said they looked for problems like sycophancy, whistleblowing, self-preservation, supporting human misuse and capabilities that could undermine AI safety evaluations and oversight. OpenAI wrote in its post that this collaboration was a “first-of-its-kind joint evaluation” and that it demonstrates how labs can work together on issues like these. Anthropic wrote in its post that the joint evaluation exercise was meant to help mature the field of alignment evaluations and “establish production-ready best practices.” Reporting the findings of its evaluations, Anthropic said OpenAI’s o3 and o4-mini reasoning models were aligned as well or better than its own models overall, the GPT-4o and GPT-4.1 general-purpose models showed some examples of “concerning behavior,” especially around misuse, and both companies’ models struggled to some degree with sycophancy. OpenAI wrote in its post that it found that Anthropic’s Claude 4 models generally performed well on evaluations stress-testing their ability to respect the instruction hierarchy, performed less well on jailbreaking evaluations that focused on trained-in safeguards, generally proved to be aware of their uncertainty and avoided making statements that were inaccurate, and performed especially well or especially poorly on scheming evaluation, depending on the subset of testing. Both companies said in their posts that for the purpose of testing, they relaxed some model-external safeguards that otherwise would be in operation but would interfere with the tests. They each said that their latest models, OpenAI’s GPT-5 and Anthropic’s Opus 4.1, which were released after the evaluations, have shown improvements over the earlier models.

Read Article

 

Tippu Gagguturu, CEO of SecurEnds, has launched APIDynamics, a next-generation API security company designed for machine-first, cloud-native ecosystems. The company addresses the gap between strict controls for user identities and minimal oversight for machine identities, the primary drivers of API traffic. APIDynamics offers real-time protection, adaptive authentication, and MFA for API-to-API communication, securing every API call, including machine-to-machine and non-human interactions. Gagguturu believes static tokens and blind trust are no longer viable with APIs driving AI agents and cloud workflows. The platform empowers security and engineering teams to: Discover and eliminate shadow and zombie APIs across environments; Secure machine-to-machine and non-human identity communications with Zero Trust; Enforce just-in-time, risk-based access policies using adaptive MFA; Integrate seamlessly into modern DevSecOps pipelines without slowing development.

Read Article

Salt Security has launched Salt Surface, a new capability in its API Protection Platform. The tool provides organizations with a comprehensive API attack surface assessment, allowing them to identify, validate, and understand the risks associated with their exposed API endpoints. Salt Surface uses active reconnaissance techniques to uncover hidden, unmonitored, and forgotten APIs, providing an attacker’s-eye view of their current external attack surface. The technology is powered by Salt Labs’ continuous expertise and cutting-edge research, ensuring its discovery techniques stay current with the latest attacker tactics. Salt Surface provides a multi-faceted approach to discovering risks and reducing an organization’s API attack surface. This includes: Comprehensive API Discovery: Salt Surface actively researches all of an organization’s internet-facing API assets, thoroughly examining domains and subdomains to pinpoint every potential API endpoint. This process enables teams to uncover shadow and zombie endpoints that might otherwise be overlooked by methods that only see existing traffic.

Vulnerability and Misconfiguration Detection: The scan is highly effective at identifying critical security risks associated with discovered APIs. It detects common and severe misconfigurations, highlights potential vulnerabilities, and finds instances of sensitive data exposure.

Read Article

New Zealand’s financial watchdog has issued warnings about sophisticated scammers using deepfake technology to impersonate well-known local finance experts and commentators on Facebook. The Financial Markets Authority (FMA) identified fake Facebook pages targeting investors by mimicking prominent figures from the local media. These fraudulent accounts use artificially generated videos of the personalities to promote what appear to be legitimate WhatsApp investment advisory groups. The scam begins when victims encounter Facebook or Instagram advertisements featuring deepfake videos of these respected financial voices. The AI-generated content shows the impersonated figures discussing their supposed investment successes and encouraging viewers to join exclusive WhatsApp groups for free trading advice. Once victims join these WhatsApp groups, they encounter what appears to be a thriving community of successful investors. However, most group members are fake accounts controlled by the scammers, all praising their supposed mentor’s investment guidance and sharing fabricated success stories.  The scammers frequently ask victims to install software on their devices, which turns out to be malware or remote access tools. This gives fraudsters access to sensitive personal and financial information stored on victims’ computers and phones. When investors attempt to withdraw their funds, they hit the final trap. Scammers claim victims must pay additional fees before accessing their money. Even after paying these bogus charges, victims never receive their investments back.

Read Article

Pangea it has been named a winner in SiliconANGLE’s 2025 TechForward Awards in the AI-Powered Threat Detection Category. Pangea recently released the industry’s most comprehensive AI Guardrail Platform to address critical security gaps as enterprises deploy hundreds of generative AI projects. From prompt injection prevention to compliance-driven data redaction, the platform prevents sensitive data leakage, blocks harmful content, and provides real-time protection powered by intelligence from partners like CrowdStrike, DomainTools, and ReversingLabs. With more than 99% efficacy against sophisticated prompt injection techniques, including token smuggling and multilingual attacks, Pangea’s AI Guardrail Platform gives enterprises runtime control without slowing development velocity. Customers like Grand Canyon Education are using Pangea to secure enterprise-wide AI deployments, accelerate time to market, and maintain strict compliance standards while safely scaling generative AI initiatives. The TechForward Awards recognize the technologies and solutions driving business forward. As the trusted voice of enterprise and emerging tech, SiliconANGLE applies a rigorous editorial lens to highlight innovations reshaping how businesses operate in our rapidly changing landscape. 

Read Article

Philipp Beer, Marco Squarcina and Martina Lindorfer, researchers from the Security and Privacy Group at TU Wien Informatics in Austria, and Sebastian Roth from the University of Bayreuth in Germany, have revealed with their research into Tapjacking and the TapTrap threat. In developing TapTrap, the researchers have demonstrated how an app without any permissions at all can abuse screen animations to open another screen without the user knowing, turn it invisible, and get them to unknowingly click on a permission prompt. This method of executing a transparent action with an invisible malicious one underneath is new and dangerous. Whereas, ordinarily, when the screen changes in Android, you would expect to see an animation, maybe a sliding or fading effect at one screen changes to another, a TapTrap attack can make the new screen “fully transparent, keeping it hidden from you,” the researcher said. “Any taps you make during this animation go to the hidden screen,” they continued, “not the visible app.”  The app could then get you to tap areas of the screen that “correspond to sensitive actions on the hidden screen,” the researchers explained, “allowing it to perform actions without your knowledge.” Actions like, for example, enabling the device administrator permission, which can let an app remotely wipe your phone.

Read Article

Virtru Inc., a startup that helps enterprises prevent unauthorized access to their data, commercializes an open-source file format known as TDF designed to let organizations to securely share sensitive data with one another. TDF works by connecting files to a server controlled by the company that created them. This server encrypts the files and only decrypts them for users who have permission to view them. Virtru sells a cloud platform that uses TDF to help companies encrypt files before they move outside the corporate network. Users can specify who may view the records and revoke access through a centralized interface. The platform also provides other cybersecurity controls. Workers may set an expiration date for shared files, watermark them and monitor how they’re accessed. The recipients of such files can only open them using a Virtru-operated cloud application that is activated with one-time codes. There’s a standalone file sharing service called Virtru Secure Share, as well as versions that integrate with Google Workspace and Microsoft 365. The latter tools can encrypt not only business files but also emails. Another Virtru product called Virtru Private Keystore helps enterprises manage the encryption keys and generates an audit trail that tracks how encryption keys are used. Another tool called Data Protection Gateway scans inbound emails, detects sensitive data such as credit card numbers and encrypts them.

Read Article

Trustwave has launched Managed Phishing for Microsoft, a service designed to improve phishing defenses for organizations using Microsoft Office 365 and Defender for Office. Phishing remains the most reported type of cybercrime globally, with attackers using advanced AI-powered tactics to bypass default email security measures. Trustwave has developed a managed cybersecurity solution to deliver continuous protection and user awareness for businesses. The service works alongside Microsoft’s built-in defenses, providing additional layers of risk reduction and email security management. Features include end-to-end technology management, multi-layered detection systems, regular simulated phishing exercises, and around-the-clock threat response. Trustwave’s technology management capabilities provide complete setup and administration of phishing-related policies and rules, minimizing the management burden for internal IT teams. The detection aspect uses AI-driven engines supported by Trustwave SpiderLabs threat research, reducing exposure to threats by over 99 per cent. The service also offers regular phishing simulations to strengthen employee vigilance, tailored to each organization’s unique environment. The Managed Phishing for Microsoft service aims to address gaps in native email security product deployments by offering a more comprehensive solution through a combination of technology, security expertise, and employee awareness. Regular phishing simulations are tailored to an organization’s specific business environment, creating ongoing awareness and a stronger culture of vigilance among employees.

Read Article

Nacha’s Payments Innovation Alliance, a membership program that brings together diverse global stakeholders seeking to transform the payments industry, has released a new educational video, Protecting Payments in the Quantum Era: Prepare for Impact. Developed by the Alliance’s Quantum Payments Project Team, the video provides a foundational understanding of quantum computing and its implications for the payments ecosystem. As quantum technology advances, it poses both transformative opportunities and significant risks, particularly to the cryptographic systems that underpin today’s secure transactions. The video introduces viewers to the fundamentals of quantum computing, highlighting how it differs from classical computing in its ability to process complex calculations at unprecedented speeds. It also delves into the potential impact of quantum advancements on encryption and data security, emphasizing the vulnerabilities of current cryptographic systems. The video also underscores the urgency for financial institutions to begin transitioning to quantum-resistant cryptographic methods and calls for industry-wide collaboration to ensure a secure and resilient payments infrastructure that is prepared for the quantum era.

Read Article

Fingerprint announced new Smart Signals and platform enhancements that detect malicious bots and AI agents, distinguishing them from legitimate automated traffic: Bot/AI Agent Detection: Bot Detection Smart Signal can detect dozens of bot detection and browser automation software tools. It performs intelligent classification on each API request to determine whether a bot or agent is legitimate or malicious, with only verified beneficial bots and agents classified as trustworthy. Virtual Machine Detection Smart Signal further enhances AI agent and bot detection by identifying virtual machines, which are commonly used in automated fraud schemes. This capability provides an additional layer of protection against sophisticated attack vectors. Residential Proxy Detection addresses one of the most challenging aspects of modern fraud detection. Residential proxies are increasingly accessible and affordable, making them attractive tools for fraudsters looking to mask their IP addresses. Because agentic traffic can be routed through ISPs to real residential IP addresses—giving malicious agents high authenticity—the ability to detect residential proxies with confidence levels is crucial for identifying all types of agentic-driven fraud. Request Filtering: Fingerprint has gathered a list of known user agents used by AI companies for web scraping and model training, as well as AI assistants that help with scheduling and other repetitive tasks. The Request Filtering functionality allows customers to filter out these legitimate AI agents and bots from fingerprinting, helping optimize billing costs without compromising detection capabilities for AI-driven fraud.

Read Article