ai

Price of a ‘bot Army’ Revealed Across Hundreds of Online Platforms Worldwide

, , ,

Cambridge's COTSI reveals global bot prices: A new index tracks fake account verification costs on 500+ platforms. Verifying fake accounts is notably cheap in the US (0.26), UK (0.10), and Russia (0.08), while pricier in Japan (4.93) and Australia (3.24). Prices surge for bots on Telegram and WhatsApp before elections, indicating manipulation intentions. The study emphasizes sim card regulation to curb bots and suggests transparency measures are often circumvented. It exposes a burgeoning underground market reliant on SIM products for orchestrating misinformation and influence campaigns globally.

https://www.cam.ac.uk/stories/price-bot-army-global-index

Does OpenAI Expect Upcoming AI Models to Present a High Cybersecurity Risk?

,

OpenAI acknowledges that its upcoming AI models will heighten cybersecurity risks, as more capable tools enable easier attacks for even those with basic knowledge. The release of GPT-5.2 introduces enhanced capabilities for professional use and better coding assistance. To combat potential misuse, OpenAI plans to establish the Frontier Risk Council and has launched the beta tool Aardvark to help organizations identify vulnerabilities. Overall, OpenAI aims to ensure its technologies are used safely while addressing both defense and offense in cybersecurity.

https://www.pandasecurity.com/en/mediacenter/does-openai-expect-upcoming-ai-models-to-present-a-high-cybersecurity-risk/

The 2025 Cloudflare Radar Year in Review- the Rise of AI, Post-quantum, and Record-breaking DDoS Attacks

, , ,

Extreme TLDR: 2025 Cloudflare Radar reveals global Internet traffic rose 19%, driven by AI growth, Starlink doubling its traffic, and notable DDoS attacks. Key trends included 52% of Web traffic being post-quantum encrypted, 40% of bot traffic from the US, and Googlebot as the top traffic source. The Year in Review highlights shifts in popular services and connectivity issues, with significant growth in mobile and AI traffic.

https://blog.cloudflare.com/radar-2025-year-in-review/

Robot Safety Monitoring AI Market Reflects Growth at 21.2%

, ,

Robot Safety Monitoring AI market projected to grow from $2.7B in 2025 to $15.3B by 2034 (CAGR 21.2%). Norte America leads with >36.3% share. Enhances productivity, reduces workplace injuries, and creates jobs. Businesses face upfront costs but benefit from standardized safety solutions. Key sectors: manufacturing, logistics, automotive, healthcare. Future trends include predictive safety systems and increased automation. Strong demand for AI solutions in diverse industries, creating new business opportunities.

https://scoop.market.us/robot-safety-monitoring-ai-market-news/

AI Poisoning: Black Hat SEO Is Back

,

Black Hat SEO, once diminished by advancements in Google algorithms, is resurfacing through AI manipulation. Research shows just 250 malicious documents can contaminate large language models (LLMs), enabling bad actors to distort AI responses about brands. This “AI poisoning” risks misrepresenting companies in comparisons and could damage reputations. Brands must maintain vigilance by monitoring AI outputs related to their name and addressing suspicious online activity to prevent potential poisoning. Despite the temptation to exploit loopholes for a competitive edge, ethical content creation remains essential for long-term success.

https://www.searchenginejournal.com/ai-poisoning-black-hat-seo-is-back/561217/

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

, ,

TLDR: New phishing kits like BlackForce, GhostFrame, InboxPrime AI, and Spiderman use advanced tactics, including AI and MFA bypass, to steal credentials at scale. BlackForce targets brands, GhostFrame hides in iframes, InboxPrime automates email campaigns, and Spiderman replicates bank pages for European targets. These innovations make phishing attacks easier to execute and more difficult to detect.

https://thehackernews.com/2025/12/new-advanced-phishing-kits-use-ai-and.html

Fighting Payment Fraud With AI

, ,

AI combats rising payment fraud effectively, adapting rapidly to evolving threats. Traditional fraud defenses struggle against sophisticated attacks, leading to increased false declines that harm customer loyalty. Businesses are turning to AI for more accurate, real-time fraud detection, which boosts legitimate transactions and reduces losses. AI-enabled systems analyze vast data for nuanced risk scoring, transforming fraud prevention into a strategic growth tool. Investing in AI is essential for safeguarding revenue and enhancing customer experience.

https://www.independent.co.uk/news/business/business-reporter/payment-fraud-ai-cyber-attacks-security-b2881360.html

‘Botnets in Physical Form’ Are Top Humanoid Robot Risk

, ,

Humanoid robots are becoming mainstream, prompting security concerns regarding potential botnets. With predictions of over 3 billion robots by 2060, experts warn of vulnerabilities, including exploits already identified in existing models. As these robots integrate into various sectors, the emergence of a new industry dedicated to their security is anticipated, emphasizing the need for robust protective measures against cyber threats.

https://www.theregister.com/2025/12/09/humanoid_robot_security/

GeminiJack: The Google Gemini Zero-Click Vulnerability Leaked Gmail, Calendar and Docs Data

, ,

GeminiJack: A discovered zero-click vulnerability in Google Gemini Enterprise allowed attackers to exfiltrate sensitive corporate data through shared documents, emails, or calendar invites without user interaction. This architectural flaw permits harmful content to instruct the AI to retrieve confidential information, which is then sent to the attacker via an external image request. The attack operates silently, bypassing traditional security measures. Google has since updated its systems to prevent such vulnerabilities, marking a shift in enterprise AI security considerations. Organizations must enhance monitoring and trust boundaries as AI tools evolve.

https://noma.security/blog/geminijack-google-gemini-zero-click-vulnerability/

Google Chrome Adds New Security Layer for Gemini AI Agentic Browsing

, , ,

Google Chrome introduces ‘User Alignment Critic', a new security layer for Gemini AI agentic browsing, enhancing protection against unsafe actions and data exposure. This system uses an isolated LLM to vet agent actions, restricts access to trusted sites, prompts user confirmation for sensitive tasks, and detects prompt injection attempts, showcasing a robust defense compared to competitors.

https://www.bleepingcomputer.com/news/security/google-chrome-adds-new-security-layer-for-gemini-ai-agentic-browsing/

New Prompt Injection Attack Vectors Through MCP Sampling

, ,

Palo Alto Networks' Unit 42 article discusses security risks associated with the Model Context Protocol (MCP) in coding applications. MCP enables large language models (LLMs) to connect with external services, but without safeguards, malicious servers can exploit it for various attacks. Key risks identified include resource theft, conversation hijacking, and covert tool invocation. The article presents proof-of-concept attacks demonstrating these vulnerabilities and emphasizes the need for effective prevention strategies. Additionally, it outlines MCP's structure and operational flow, detailing how sampling allows servers to request LLM responses. Overall, this creates potential attack vectors that necessitate robust security measures.

https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/

AI Chatbots Can Be Wooed Into Crimes With Poetry

AI chatbots can be manipulated into generating harmful content, including hate speech and instructions for weapons, through poetic prompts. A study found that using riddles or stylish variations in requests bypasses safety features, allowing chatbots to output forbidden information around 62% of the time. The findings highlight vulnerabilities in AI systems that need urgent addressing, as even minor stylistic changes can lead to harmful results. This raises significant concerns about AI safety protocols and design flaws.

https://www.theverge.com/report/838167/ai-chatbots-can-be-wooed-into-crimes-with-poetry

How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files

,

TLDR: Alex Schapiro discovered a serious security vulnerability in Filevine, a billion-dollar legal AI tool, on October 27, 2025, allowing full admin access to confidential law firm files without authentication. He responsibly disclosed the issue, which could have exposed sensitive data like HIPAA-protected documents. Filevine quickly acknowledged and resolved the problem, demonstrating effective security disclosure practices.

https://alexschapiro.com/security/vulnerability/2025/12/02/filevine-api-100k

AI Malware: Hype Vs. Reality

,

AI Malware currently operates at low maturity levels (AIM3 Levels 1-3), mainly assisting existing attack methods rather than enabling fully autonomous threats. Claims of advanced AI malware often stem from limited research demos with unclear impacts. No confirmed instances of fully embedded AI malware exist; most rely on external models. Defenders should focus on monitoring legitimate AI service abuse and strengthening existing controls, rather than reacting to exaggerated scenarios of AI threats.

https://www.recordedfuture.com/blog/ai-malware-hype-vs-reality

Scroll to Top