News from the AI & ML world

DeeperML - #security

Vasu Jakkal@Microsoft Security Blog //

Microsoft Expands Security Copilot, Faces Signing Abuse - Microsoft is expanding Security Copilot with AI agentic capabilities and new protections for AI, including the Security Copilot Phishing Triage Agent.
Microsoft has unveiled a significant expansion of its Security Copilot platform, integrating AI agents designed to automate security operations tasks and alleviate the workload on cybersecurity professionals. This move aims to address the increasing volume and complexity of cyberattacks, which are overwhelming security teams that rely on manual processes. The AI-powered agents will handle routine tasks, freeing up IT and security staff to tackle more complex issues and proactive security measures. Microsoft detected over 30 billion phishing emails targeting customers between January and December 2024 highlighting the urgent need for automated solutions.

The expansion includes eleven AI agents, six developed by Microsoft and five by security partners, set for preview in April 2025. Microsoft's agents include the Phishing Triage Agent in Microsoft Defender, Alert Triage Agents in Microsoft Purview, Conditional Access Optimization Agent in Microsoft Entra, Vulnerability Remediation Agent in Microsoft Intune, and Threat Intelligence Briefing Agent in Security Copilot. These agents are purpose-built for security, designed to learn from feedback, adapt to workflows, and operate securely within Microsoft’s Zero Trust framework, ensuring that security teams retain full control over their actions and responses.

Recommended read:
References :
  • The Register - Software: AI agents swarm Microsoft Security Copilot
  • Microsoft Security Blog: Microsoft unveils Microsoft Security Copilot agents and new protections for AI
  • .NET Blog: Learn how the Xbox services team leveraged .NET Aspire to boost their team's productivity.
  • Ken Yeung: Microsoft’s First CTO Says AI Is ‘Three to Five Miracles’ Away From Human-Level Intelligence
  • SecureWorld News: Microsoft Expands Security Copilot with AI Agents
  • www.zdnet.com: Microsoft's new AI agents aim to help security pros combat the latest threats
  • www.itpro.com: Microsoft launches new security AI agents to help overworked cyber professionals
  • www.techrepublic.com: After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot
  • eSecurity Planet: esecurityplanet.com covers Fortifying Cybersecurity: Agentic Solutions by Microsoft and Partners
  • Source: AI innovation requires AI security: Hear what’s new at Microsoft Secure
  • www.csoonline.com: Microsoft has introduced a new set of AI agents for its Security Copilot platform, designed to automate key cybersecurity functions as organizations face increasingly complex and fast-moving digital threats.
  • SiliconANGLE: Microsoft introduces AI agents for Security Copilot
  • SiliconANGLE: Microsoft Corp. is enhancing the capabilities of its popular artificial intelligence-powered Copilot tool with the launch late today of its first “deep reasoning” agents, which can solve complex problems in the way a highly skilled professional might do.
  • Ken Yeung: Microsoft is introducing a new way for developers to create smarter Copilots.
  • www.computerworld.com: Microsoft’s Newest AI Agents Can Detail How They Reason
Megan Crouse@eWEEK //

Cloudflare's AI Labyrinth Traps Web Scraping Bots - Cloudflare has introduced AI Labyrinth, a new tool to combat web scraping bots that steal website content for AI training by luring crawlers into a maze of irrelevant content.
References: The Register - Software , eWEEK , OODAloop ...
Cloudflare has launched AI Labyrinth, a new tool designed to combat web scraping bots that steal website content for AI training. Instead of simply blocking these crawlers, AI Labyrinth lures them into a maze of AI-generated content. This approach aims to waste the bots' time and resources, providing a more effective defense than traditional blocking methods which can trigger attackers to adapt their tactics. The AI Labyrinth is available as a free, opt-in tool for all Cloudflare customers, even those on the free tier.

The system works by embedding hidden links within a protected website. When suspicious bot behavior is detected, such as ignoring robots.txt rules, the crawler is redirected to a series of AI-generated pages. This content is "real looking" and based on scientific facts, diverting the bot from the original website's content. Because no human would deliberately explore deep into a maze of AI-generated nonsense, anyone who does can be identified as a bot with high confidence. Cloudflare emphasizes that AI Labyrinth also functions as a honeypot, allowing them to identify new bot patterns and improve their overall bot detection capabilities, all while increasing the cost for unauthorized web scraping.

Recommended read:
References :
  • The Register - Software: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content
  • eWEEK: Crowdflare’s Free AI Labyrinth Distracts Crawlers That Could Steal Website Content to Feed AI
  • The Verge: Cloudflare, one of the biggest network internet infrastructure companies in the world, has announced AI Labyrinth, a new tool to fight web-crawling bots that scrape sites for AI training data without permission. The company says in a blog post that when it detects “inappropriate bot behavior,â€� the free, opt-in tool lures crawlers down a path
  • OODAloop: Trapping misbehaving bots in an AI Labyrinth
  • THE DECODER: Instead of simply blocking unwanted AI crawlers, Cloudflare has introduced a new defense method that lures them into a maze of AI-generated content, designed to waste their time and resources.
  • Digital Information World: Cloudflare’s Latest AI Labyrinth Feature Combats Unauthorized AI Data Scraping By Giving Bots Fake AI Content
  • Ars OpenForum: Cloudflare turns AI against itself with endless maze of irrelevant facts
  • Cyber Security News: Cloudflare Introduces AI Labyrinth to Thwart AI Crawlers and Malicious Bots
  • poliverso.org: Cloudflare’s AI Labyrinth Wants Bad Bots To Get Endlessly Lost
  • aboutdfir.com: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content Cloudflare has created a bot-busting AI to make life hell for AI crawlers.
Help Net@Help Net Security //

Microsoft Enhances Windows 11 Roadmap Transparency with AI agents - Microsoft is launching a new Windows Roadmap website to improve transparency for IT professionals and users regarding new Windows 11 features.
Microsoft is enhancing Windows 11 roadmap transparency with new initiatives to better inform IT professionals and users about upcoming features. The company has launched a new Windows roadmap website designed to simplify the tracking of new Windows 11 features. This move addresses a key criticism regarding the lack of clarity around the testing and rollout phases of new functionalities. Microsoft aims to provide IT administrators with more insights, enabling them to effectively manage changes across their Windows estates.

The new roadmap consolidates information from various sources, including the Windows Insider Program and Microsoft's support site, offering a unified view of in-development features. Users can filter features based on platform, Windows versions, and rollout status, gaining insights into descriptions, release dates, and compatibility details. While the roadmap currently focuses on the client version of Windows 11, Microsoft plans to expand it to include other Windows versions in the future and is accepting feedback to further improve the tool's utility.

Recommended read:
References :
  • Help Net Security: Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot
  • TechSpot: Microsoft finally offers a unified roadmap for tracking upcoming Windows features
  • Techzine Global: Microsoft gives IT administrators more insights in Windows 11 roadmap
  • www.windowscentral.com: Microsoft publishes Windows roadmap as it promises transparency around feature availability
Michael Nuñez@AI News | VentureBeat //

Hakimo Secures Funding for Autonomous AI Security Agent - AI security startup Hakimo secured $10.5M in Series A funding to expand its autonomous security monitoring platform.
AI security startup Hakimo has secured $10.5 million in Series A funding to expand its autonomous security monitoring platform. The funding round was led by Vertex Ventures and Zigg Capital, with participation from RXR Arden Digital Ventures, Defy.vc, and Gokul Rajaram. This brings the company’s total funding to $20.5 million. Hakimo's platform addresses the challenges of rising crime rates, understaffed security teams, and overwhelming false alarms in traditional security systems.

The company’s flagship product, AI Operator, monitors existing security systems, detects threats in real-time, and executes response protocols with minimal human intervention. Hakimo's AI Operator utilizes computer vision and generative AI to detect any anomaly or threat that can be described in words. Companies using Hakimo can save approximately $125,000 per year compared to using traditional security guards.

Recommended read:
References :
  • AiThority: Hakimo Secures $10.5Million to Transform Physical Security With Human-Like Autonomous Security Agent
  • AI News | VentureBeat: The watchful AI that never sleeps: Hakimo’s $10.5M bet on autonomous security
  • Unite.AI: Hakimo Raises $10.5M to Revolutionize Physical Security with Autonomous AI Agent
@PCWorld //

Google Chrome Adds Real-Time AI Protection Against Dangerous Content - Google Chrome updates its Enhanced Protection feature with AI for real-time defense against malicious websites, downloads, and extensions through pattern analysis and deep scanning.
Google Chrome has introduced a new layer of security, integrating AI into its existing "Enhanced protection" feature. This update provides real-time defense against dangerous websites, downloads, and browser extensions, marking a significant upgrade to Chrome's security capabilities. The AI integration allows for immediate analysis of patterns, enabling the identification of suspicious webpages that may not yet be classified as malicious.

This AI-powered security feature is an enhancement of Chrome's Safe Browsing. The technology apparently enables real-time analysis of patterns to identify suspicious or dangerous webpages. The improved protection also extends to deep scanning of downloads to detect suspicious files.

Recommended read:
References :
  • BleepingComputer: Google Chrome has updated the existing "Enhanced protection" feature with AI to offer "real-time" protection against dangerous websites, downloads and extensions.
  • Anonymous ???????? :af:: Google Chrome has updated the existing "Enhanced protection" feature with AI to offer "real-time" protection against dangerous websites, downloads and extensions.
  • PCWorld: Google Chrome adds real-time AI protection against dangerous content
@bhaveshshrivastav.medium.com //

Quantum Computing and Cryptography Advances - This cluster covers research in quantum computing, cryptography and development of quantum-resistant cryptography as well as the integration of quantum computing systems in global markets.
References: medium.com , medium.com ,
Quantum computing and cryptography are rapidly advancing fields, prompting both exciting new possibilities and serious security concerns. Research is focused on developing quantum-resistant cryptography, new algorithms designed to withstand attacks from both classical and quantum computers. This is because current encryption methods rely on mathematical problems that quantum computers could potentially solve exponentially faster, making sensitive data vulnerable. Quantum-resistant algorithms like CRYSTALS-Kyber and CRYSTALS-Dilithium are being actively tested in various scenarios, such as secure government communications and data centers. The race is on to secure digital information before quantum computers become powerful enough to break existing encryption.

Developments in quantum computing are also driving progress in quantum cryptography, which uses the principles of quantum mechanics to secure communication. This offers a level of security that is theoretically impossible to breach using classical methods. Simultaneously, traditional cryptographic techniques such as Elliptic Curve Cryptography (ECC) and Advanced Encryption Standard (AES) are being combined to build secure data encryption tools, ensuring files remain protected in the digital world. Companies like Pasqal and Riverlane have partnered to accelerate the development of fault-tolerant quantum systems, which aim to overcome the reliability issues in current quantum systems and enable more reliable quantum computations.

Recommended read:
References :

Benchmarks

Blogs

Research Tools