AI Agent | Breaking Cybersecurity News | The Hacker News

AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it's also creating a security gap most teams don't see until something breaks. Behind every agentic workflow sits a layer few organizations are actively securing: Machine Control Protocols (MCPs) . These systems quietly decide what an AI agent can run, which tools it can call, which APIs it can access, and what infrastructure it can touch. Once that control plane is compromised or misconfigured, the agent doesn't just make mistakes—it acts with authority. Ask the teams impacted by CVE-2025-6514 . One flaw turned a trusted OAuth proxy used by more than 500,000 developers into a remote code execution path. No exotic exploit chain. No noisy breach. Just automation doing exactly what it was allowed to do—at scale. That incident made one thing clear: if an AI agent can execute...

The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewed and interacted with the internet. That era is over. We are currently witnessing a shift that renders the old OS-centric browser debates irrelevant. The new battleground is agentic AI browsers, and for security professionals, it represents a terrifying inversion of the traditional threat landscape. A new webinar dives into the issue of AI browsers , their risks, and how security teams can deal with them. Even today, the browser is the main interface for AI consumption; it is where most users access AI assistants such as ChatGPT or Gemini, use AI-enabled SaaS applications, and engage AI agents. AI providers were the first to recognize this, which is why we've seen a spate of new 'agentic' AI browsers bein...

Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable responses. "We use Echo Chamber to seed and reinforce a subtly poisonous conversational context, then guide the model with low-salience storytelling that avoids explicit intent signaling," security researcher Martí Jordà said . "This combination nudges the model toward the objective while minimizing triggerable refusal cues." Echo Chamber is a jailbreak approach that was detailed by the company back in June 2025 as a way to deceive an LLM into generating responses to prohibited topics using indirect references, semantic steering, and multi-step inference. In recent weeks, the...

Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework identified a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep , an artificial intelligence (AI) agent that was launched by Google last year as part of a collaboration between DeepMind and Google Project Zero. "An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer overflow resulting in read off the end of an array," SQLite project maintainers said in an advisory. The tech giant described CVE-2025-6965 as a critical security issue that was "known only to threat actors and was at risk of being exploited." Google did not reveal who the threat actors were. "Through the combination of threa...