Premium expertise for AI tech
If you saw then “ISO 27001 Certified” badge on your vendor’s website you may have thought: Great, they will protect my assets with rock-solid on security. And to be fair, getting that certificate is no small feat. It means the company has set up a structured way of managing information security. But here’s the twist: …
Continue reading "ISO 27001: Worth the badge or just theater?"
On August 16, 2025, Google issued a rare security advisory. The alert? Indirect prompt injections. A blog post cited on Yahoo News highlighted this alert, noting that some 1.8 billion Gmail users could be affected by the emerging threat. This is not a traditional phishing attack. There are no suspicious links, no “click here.” Instead, …
Continue reading "Google’s Warning: AI has become an Attack Surface"
DARPA’s AI Cyber Challenge At DEF CON 2025, the DARPA AI Cyber Challenge put autonomous AI-driven systems head-to-head in a capture-the-flag–style contest. Contenders had to find and patch vulnerabilities faster than human experts ever could. The results were striking: AI-based security tools demonstrated an ability to uncover and remediate software flaws at unprecedented speed. The …
What happened A critical zero-day exploit (CVE‑2025‑53770, dubbed “ToolShell,” along with related CVEs) was actively leveraged against on‑premises SharePoint Server (2016, 2019, Subscription Edition), leading to remote code execution and unauthorized access to system content and cryptographic keys. Attackers, primarily Chinese state-affiliated groups (Linen Typhoon, Violet Typhoon, Storm‑2603), have been exploiting these vulnerabilities in widespread …
Controlled AI services 