Artificial Intelligence | Breaking Cybersecurity News | The Hacker News

The market is flooded with chatbots that summarize requirements, GenAI that drafts policies, and AI assistants that extract provisions from contracts. And these tools undoubtedly make existing workflows better. But when it comes to transformational technology, different is better than better.  These AI for GRC capabilities are the direct result of practitioners and vendors alike asking, "How can AI make our current workflows better?" What they should be asking is "Does AI make a completely new way of operating possible?" Agentic GRC doesn't improve GRC workflows; it replaces them with agents. For something to earn the title agentic, it needs to take an entire workflow, including the decision-making between each step, and execute it from start to finish. Whether teams are ready for the future or not (and they should be), they need to start thinking about their workflows in an entirely new way. Here's a framework for them to do so. Why the Distinction Between AI f...

The world of identity security is in constant motion. What was once a straightforward matter of usernames and passwords has evolved into a complex ecosystem of biometrics, hardware tokens, and zero-trust architectures. As we look toward 2026, the pace of change is only accelerating. The lines between our digital and physical identities are blurring, and the threat landscape is becoming more sophisticated. Chief Information Security Officers spend their days on the front lines of this evolution. Staying ahead isn't just about reacting to threats; it's about anticipating them to reduce risk. Based on the trends I'm seeing today, here are 9 identity security predictions for where we'll be in 2026. 1. AI will become the primary identity governance tool. Manual access reviews and role-based access control (RBAC) models are already showing their age. By 2026, AI-driven identity governance and administration (IGA) will be standard. These systems will continuously analyze u...

AI-powered browsers are changing how we use the web, but they're also creating some serious new security risks. Tools like Perplexity's Comet and Opera's Neon can summarize pages and automate tasks for you. The problem is that researchers have found these agentic copilots can be hijacked by malicious prompts hidden in ordinary webpages, essentially turning your browser against you. In August 2025, Brave's security team disclosed an indirect prompt injection against Perplexity's Comet using hidden instructions in a Reddit spoiler tag, leading Comet to extract an email address and a one-time passcode. No memory corruption, no code execution exploit. The browser simply followed instructions it couldn't distinguish from legitimate user intent. In this post, we'll look at how these attacks work, why they slip past traditional defenses, and what security teams can do to keep data safe from compromised AI agents. AI Browsers: Powerful, But a New Target AI-ena...

Enterprise adoption of AI is no longer a future trend; it's a present-day reality. As organizations race to leverage AI for innovations, security teams are grappling with a new, complex, and dynamic attack surface. AI is breaking the operational silos that currently segregate Cloud, SaaS and Endpoint Security; AI is everywhere and it is consuming enterprise data and assets across these channels. Traditional security tools, designed for cloud infrastructure and SaaS applications, are fundamentally ill-equipped to handle the unique risks posed by AI.  AI security posture management (AI-SPM) solutions can provide relief by protecting critical AI assets, but it's important to note that not all AI-SPM solutions are created equal. Many solutions offer only basic posture checks and are focused predominantly on infrastructure and vulnerability management. In addition, most focus solely on Cloud or SaaS, leaving many blind spots when trying to get the full picture of your AI landscape. ...

The employee who doesn't exist Not long ago, the idea of a fake employee sounded far-fetched. Resume fraud? Sure. Outsourced interviews? Occasionally. But a completely synthetic person (face, voice, work history, and identity) getting hired, onboarded, and trusted inside a company used to feel like science fiction. That era is over. Gartner predicts that by 2028, one in four candidate profiles worldwide could be fake . The firm also reports that 6% of job candidates admit to interview fraud, including impersonation or having someone else interview for them. Hiring teams are already seeing face-swapping and synthetic identities appear in real interview workflows. Taken together, the pattern is clear: companies are increasingly interviewing, and in some cases hiring, people who don't exist. These "employees" can pass screening, ace remote interviews, and start work with legitimate credentials. Then, once inside, they steal data, map internal systems, divert funds, or quietly set the...

Deepfakes aren't just viral clips or political media anymore — they're appearing in enterprise workflows where a camera feed is treated as proof: onboarding, account recovery, remote hiring, privileged access, and partner verification. That shift forces security teams to ask not just, "Does this look fake?" but, "Can we verify in real time that the capture is authentic and the channel isn't compromised — without disrupting the workflow?" A new benchmark from Purdue University addresses that question. Instead of testing detectors on clean, lab-style samples, Purdue evaluated tools on real incident content pulled from social platforms — the kind of compressed, low-resolution, post-processed material that tends to break models tuned to ideal conditions. What Purdue tested — and why it matters Purdue built its benchmark around the Political Deepfakes Incident Database (PDID), which focuses on deepfake incidents circulating on X/Twitter, YouTube, TikTok, and Instagram. Real-world distri...

AI is everywhere. What began as machine learning and evolved into novelty technology applications has rapidly progressed into a significant component of daily life and enterprise strategy. It influences how our businesses plan, code, implement, and protect our most sensitive assets. Among its most transformative applications is its growing role in identity and access management (IAM) . The Expanding Influence of AI in Identity Security Within identity security, AI is reshaping how we define a mature IAM program. What once required manual reviews, repetitive decision-making, and active triage is now increasingly supported by intelligent automation. AI streamlines operations, reduces human bottlenecks and errors, and strengthens security postures through robust, context-driven assistance and automation. The Strength of Predictive AI Modern identity programs lean heavily on predictive analytics—AI capabilities that run continuously in the background to analyze behaviors, support auto...

Identity platforms are an organization's backbone of secure access. But what happens when you need to migrate from one identity provider to another? The stakes are high: downtime, broken integrations, compliance gaps, and user frustration. Yet, with the right strategy and preparation, these fears can be addressed head-on. Identity migration is intimidating If a migration is poorly planned and executed, it can mean lost productivity, frustrated customers, and a hit to your business' bottom line. Identity touches every corner of an organization, from HR systems to customer portals. Beyond downtime, migrations often expose brittle integrations, undocumented dependencies, and legacy technologies that no one wants to touch. Add compliance requirements (SOC2, HIPAA, DORA) and the pressure mounts. Even well-planned transitions can surface unexpected issues, edge cases, and broken processes. Why consider identity migration at all? Why migrate at all? Often, it's about cost savings, strea...

You invested in a new AI-SOC because you want your organization to be safe. You also don't want your SOC team to burn out from the flood of alerts they're receiving.  It's good at first. At deployment, the detections are lined up with your environment. Your SOC team reports it's going to be a learning curve, but it seems to be working. It's going well until a few months later, when it's not, at least not as well.  The problem is that the agent isn't processing alerts the way your team needs it to. It keeps flagging the CEO's logins as threats because it doesn't understand that he's traveling. It's also let a few real threats slip through the cracks. Threats that should have been easily caught. What's happening?  Pre-trained AI was built to recognize the familiar, and it does. It's trained on old data, old attack paths, and assumptions that made sense in the lab based on what's been observed before. What it can't do is understand the small, real-world details that an...