Data Poisoning | Breaking Cybersecurity News | The Hacker News

Google's  Gemini  large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well as companies using the LLM API. The first vulnerability involves getting around security guardrails to leak the system prompts (or a system message), which are designed to set conversation-wide instructions to the LLM to help it generate more useful responses, by asking the model to output its "foundational instructions" in a markdown block. "A system message can be used to inform the LLM about the context," Microsoft  notes  in its documentation about LLM prompt engineering. "The context may be the type of conversation it is engaging in, or the function it is supposed to perform. It helps the LLM generate more appropriate responses....

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said . The goal is to  increase cyber security levels of AI  and help ensure that the technology is designed, developed, and deployed in a secure manner, the National Cyber Security Centre (NCSC)  added . The guidelines also build upon the U.S. government's  ongoing   efforts  to manage the risks posed by AI by ensuring that new tools are tested adequately before public release, there are guardrails in place to address societal harms, such as bias and discrimination, and privacy concerns, and setting up robust ...

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also makes it a prime target. Microsoft reports over 600 million attacks on Entra ID every day. These aren't just random attempts, but include coordinated, persistent, and increasingly automated campaigns designed to exploit even small vulnerabilities. Which brings us to the core question: Are Entra ID's native protections enough? Where do they fall short — and what steps should you take to close the gaps and ensure you're covered? Understanding Entra ID At its core, Microsoft Entra ID is your enterprise identity and access management system. It defines how users prove who they are, what resources...