Artificial Intelligence | Breaking Cybersecurity News | The Hacker News

The employee who doesn't exist Not long ago, the idea of a fake employee sounded far-fetched. Resume fraud? Sure. Outsourced interviews? Occasionally. But a completely synthetic person (face, voice, work history, and identity) getting hired, onboarded, and trusted inside a company used to feel like science fiction. That era is over. Gartner predicts that by 2028, one in four candidate profiles worldwide could be fake . The firm also reports that 6% of job candidates admit to interview fraud, including impersonation or having someone else interview for them. Hiring teams are already seeing face-swapping and synthetic identities appear in real interview workflows. Taken together, the pattern is clear: companies are increasingly interviewing, and in some cases hiring, people who don't exist. These "employees" can pass screening, ace remote interviews, and start work with legitimate credentials. Then, once inside, they steal data, map internal systems, divert funds, or quietly set the...

Deepfakes aren't just viral clips or political media anymore — they're appearing in enterprise workflows where a camera feed is treated as proof: onboarding, account recovery, remote hiring, privileged access, and partner verification. That shift forces security teams to ask not just, "Does this look fake?" but, "Can we verify in real time that the capture is authentic and the channel isn't compromised — without disrupting the workflow?" A new benchmark from Purdue University addresses that question. Instead of testing detectors on clean, lab-style samples, Purdue evaluated tools on real incident content pulled from social platforms — the kind of compressed, low-resolution, post-processed material that tends to break models tuned to ideal conditions. What Purdue tested — and why it matters Purdue built its benchmark around the Political Deepfakes Incident Database (PDID), which focuses on deepfake incidents circulating on X/Twitter, YouTube, TikTok, and Instagram. Real-world distri...

AI is everywhere. What began as machine learning and evolved into novelty technology applications has rapidly progressed into a significant component of daily life and enterprise strategy. It influences how our businesses plan, code, implement, and protect our most sensitive assets. Among its most transformative applications is its growing role in identity and access management (IAM) . The Expanding Influence of AI in Identity Security Within identity security, AI is reshaping how we define a mature IAM program. What once required manual reviews, repetitive decision-making, and active triage is now increasingly supported by intelligent automation. AI streamlines operations, reduces human bottlenecks and errors, and strengthens security postures through robust, context-driven assistance and automation. The Strength of Predictive AI Modern identity programs lean heavily on predictive analytics—AI capabilities that run continuously in the background to analyze behaviors, support auto...

Identity platforms are an organization's backbone of secure access. But what happens when you need to migrate from one identity provider to another? The stakes are high: downtime, broken integrations, compliance gaps, and user frustration. Yet, with the right strategy and preparation, these fears can be addressed head-on. Identity migration is intimidating If a migration is poorly planned and executed, it can mean lost productivity, frustrated customers, and a hit to your business' bottom line. Identity touches every corner of an organization, from HR systems to customer portals. Beyond downtime, migrations often expose brittle integrations, undocumented dependencies, and legacy technologies that no one wants to touch. Add compliance requirements (SOC2, HIPAA, DORA) and the pressure mounts. Even well-planned transitions can surface unexpected issues, edge cases, and broken processes. Why consider identity migration at all? Why migrate at all? Often, it's about cost savings, strea...

You invested in a new AI-SOC because you want your organization to be safe. You also don't want your SOC team to burn out from the flood of alerts they're receiving.  It's good at first. At deployment, the detections are lined up with your environment. Your SOC team reports it's going to be a learning curve, but it seems to be working. It's going well until a few months later, when it's not, at least not as well.  The problem is that the agent isn't processing alerts the way your team needs it to. It keeps flagging the CEO's logins as threats because it doesn't understand that he's traveling. It's also let a few real threats slip through the cracks. Threats that should have been easily caught. What's happening?  Pre-trained AI was built to recognize the familiar, and it does. It's trained on old data, old attack paths, and assumptions that made sense in the lab based on what's been observed before. What it can't do is understand the small, real-world details that an...

The proliferation of AI agents in the enterprise has moved from theoretical to practical at a remarkable pace. These agents, whether developed internally or licensed, are increasingly integrated into core business workflows. While they promise substantial gains in automation and productivity, they also introduce a new and complex class of security risks that demand immediate attention.  The core challenge is not whether to adopt AI agents, but how to govern them effectively. A disciplined approach to balancing innovation with security is essential for any organization looking to leverage AI without exposing itself to unacceptable risk.  Recent research highlights the urgency of this issue. A comprehensive study found that 82% of companies are already using AI agents, with 53% acknowledging they access sensitive information daily . This rapid adoption, often occurring without adequate oversight, creates significant vulnerabilities. The imperative is clear: organizations must...

AI SOC Agents are going through a hype cycle. If we're going by Gartner's Hype Cycle for Security Operations, 2025 , this technology is still an "Innovation Trigger", but it's at the cusp of "Peak of Inflated Expectations". Every vendor claims their solution will revolutionize security operations. Every conference features another keynote promising autonomous defense. And every CISO is being asked whether AI will replace their security team. At Redis, implementing AI in the SOC has been more of a measured journey. The model is more of a hybrid SOC, so there's a combination of external service providers as well as internal resources. In this case, Prophet Security is currently proving themselves alongside a more traditional MDR provider.  But let's take a step back.  The Tipping Point for AI Adoption within the SOC Considering an AI solution for Redis' SOC came down to the confluence of three drivers.  On an individual level, there was more value from AI tools an...

The browser has quietly become the most critical application in the enterprise — and the most targeted. With SaaS, cloud, and hybrid work redefining IT boundaries, browsers now handle proprietary data, credentials, and business workflows. Yet legacy security tools like firewalls, antivirus, and EDR were never designed to defend this new digital front line. The shift from being an ancillary tool to becoming the main location of work means legacy security solutions, such as firewalls, antivirus, VDI, etc., are not equipped to provide the necessary level of protection needed to secure today's organizations. The browser, once an afterthought, is now the weak link that legacy defenses simply can't secure.  This article examines the modern browser exploitation playbook and details why legacy tools alone are no match for today's cybercriminals. By adopting a Secure Enterprise Browser (SEB), enterprises can complement their existing security tools, shore up their weak link, and future-p...