Enhancing Email Abuse Detection with Machine Learning at M3AAWG

TECBOMO (2026) TOGETHER WE RE-IMAGINED | a Contrast Security Authorized Reseller Partner Slopsquatting: How Attackers Exploit AI-Generated Package Name By Jake Milstein - Vice President of Corporate Marketing & Communications at Contrast Security March 11, 2026 #AI coding assistants can hallucinate package names, creating #phantom #dependencies that don't exist in official repositories. Attackers exploit this predictable behavior through #slopsquatting, which involves registering malicious packages with names that AI models commonly suggest. This emerging supply chain attack requires new detection approaches focused on behavioral analysis to complement existing security tools.... Read more. https://lnkd.in/eVGfk5-i

The Jailbreak Jolt: Lessons from a Major Corporate AI Breach. A premier global consultancy is racing to patch its internal generative AI platform after a researcher successfully "jailbroke" the system, exposing vulnerabilities that could allow unauthorized access to sensitive proprietary data. This breach serves as a stark warning that even the most sophisticated enterprise AI safeguards can be circumvented by creative prompt engineering. For firms integrating AI, the key lessons are clear: security must be treated as a continuous "red-teaming" process rather than a one-time setup; internal tools require the same rigorous encryption and firewalls as external products; and employees must be trained to recognize that generative models can be manipulated to leak confidential intellectual property. https://lnkd.in/e_JWgR73 via @FT

Autonomous AI agents have just entered a new risk category. This week in Secure Prompt #15: • OpenClaw Control UI hijacking → token exfiltration & full agent takeover • Zero-click RCE via unsafe connector chaining • CVSS 9.8 RAG supply-chain flaw with wide blast radius • 56% prompt injection success rate across 36 models • 12% of reviewed agent marketplace skills confirmed malicious The pattern is clear: When AI can take actions, small inputs → privileged execution → real compromise. This issue focuses on agent containment, blast-radius reduction, and secure-by-construction coding — not just patching after the fact. 💬 Prompt of the Week: A practical security review framework for autonomous AI agents (permission mapping, lateral movement paths, blast-radius reduction plan). 🎁 Free Gift: Refer 1 colleague → unlock “25 Essential AI Prompts for Cybersecurity Professionals.” If you're deploying or using AI agents in 2026, this is required reading. 👉 https://lnkd.in/e7MQDeq4 #AISecurity #AgenticAI #LLMSecurity #CyberSecurity #AIThreatIntel #SecurePrompt

OpenAI called its own Pentagon deal 'opportunistic and sloppy.' Their users agreed — with 295% more uninstalls in a single day. Here's the real lesson nobody's talking about: You can't build a consumer AI brand on trust *and* a weapons contract on speed. The two balance sheets collide eventually. While OpenAI scrambled to add amendments (including a ban on domestic surveillance — yes, that had to be spelled out), Anthropic quietly hit No. 1 on the App Store. Users didn't write op-eds. They just switched. Quick trust checklist for any AI tool your team uses (save this): □ Do you know who the company's enterprise clients are? □ Has their data policy changed in the last 6 months? □ Is there a clear line between your data and their government contracts? □ When something goes wrong — do they admit it fast, or after the backlash? If you can't answer these, your AI stack has a blind spot. The depth gap: today's briefing also covers how just 3 companies absorbed 83% of February's record $189B in VC funding — and what that concentration means for everyone else building in this space. Source: https://lnkd.in/eNkneCCV When an AI company you use announces a government or defense contract — does it change how much you trust the product with your personal data? Want the longer version + examples? → https://lnkd.in/gT_8aGWi #AI #DigitalTrust #CyberSecurity

🚨 Model Context Window Abuse: The "Silent" AI Security Threat 🚨 Most AI security discussions focus on Prompt Injection, but there is a more subtle, volume-based attack gaining traction: Context Flooding. Unlike a standard hack, this doesn't require "clever" wording. It uses sheer volume as a weapon. 🧠 How It Works: The Attention Economy Modern LLMs have a finite "Context Window"—a digital memory space where they store System Prompts, Safety Guardrails, and Conversation History. When an attacker floods this window with massive amounts of data (long PDFs, repetitive logs, or code dumps), they trigger Attention Displacement. The Result: Critical safety instructions ("Do not reveal PII") get pushed out or "diluted." The Outcome: The model "forgets" its rules and responds to malicious requests as if the guardrails never existed. 📉 Why This Is a Governance Nightmare This isn't just a technical glitch; it’s a compliance failure. If your AI summarizes a 100-page report and leaks confidential data because its "privacy mode" was drowned out, you are still liable under GDPR, DPDPA, or ISO 42001. 🛠 How to Defend Your LLM Stack We have to move beyond static prompts. If safety depends on memory, attackers will attack the memory. 1️⃣ Token Budgeting: Strictly enforce limits on user inputs before they reach the model. 2️⃣ The "Sandwich" Technique: Repeat critical system instructions at the end of the context window to counter "Recency Bias." 3️⃣ Context Pinning: Use architectural side-channels to ensure safety logic remains "top of mind" for the model regardless of input size. The Bottom Line: As context windows grow (1M+ tokens), the surface area for "Memory Attacks" grows with them. Security must be runtime-aware, not just prompt-deep. #AISecurity #LLMSecurity #GenAI #CyberSecurity #ResponsibleAI #OWASP

One malicious prompt can turn an AI workflow into a data-leaking pipeline. This is called Prompt Injection. The attack chain is simple: 1️⃣ Inject malicious prompt 2️⃣ Override system instructions 3️⃣ Access tools & internal data 4️⃣ Exfiltrate data via the LLM response The problem? Most security tools can’t see the prompt layer. That’s why we’re building LangProtect — a security layer for AI interactions. 🛡 Prompt injection detection 🛡 Prompt sanitization 🛡 Policy enforcement 🛡 Response monitoring Learn how prompt injection attacks actually work 👇 🔗 https://lnkd.in/gsp9NBf8 #AIsecurity #PromptInjection #LLMSecurity #GenAI #LangProtect

Last year I watched over 500 AI-related YouTube videos totaling 250 hours of content. This year I'm on pace to blow past that number. Don't have time to keep up with AI news on YouTube? You don’t have to. I’ve built a newsletter called The AI Security Brief. Each week, I'll wrap up AI news from a Security perspective. For the inaugural issue, I'm covering the entire month of February. Here's a sneak peek: 🔴 John Hammond exposed how AI agent "skills" are the new malware delivery vector. No signature validation, no sandboxing; agents just download and execute whatever instructions they're given. VirusTotal can't detect social engineering written in plain English. 🔴 The CISA Director (the person in charge of America's cybersecurity) uploaded sensitive documents to the public version of ChatGPT. Shadow AI isn't just an employee problem anymore. 🔴 OpenClaw's 21,000+ exposed instances leaked API keys, OAuth tokens, and had RCE vulnerabilities in the wild. 70% of its 4,000+ skills mishandled secrets. This is what "move fast and break things" looks like in the agent era. 🔴 Stripe had to rebuild their entire fraud model because AI agent traffic breaks every behavioral baseline. Think about what that means for your SIEM, UEBA & Endpoint detection. 🔴 Anthropic discovered that LLMs can be gradually manipulated through conversational "persona drift" and the jailbreak techniques transfer across models. Their “fix” cuts jailbreak rates by 50%, but enterprise teams should enforce session length limits and treat new chat sessions as a security control. https://lnkd.in/ePk3Pjd3 #AISecurity #AINewsletter #CISO 

I’m a little late today in posting, but today’s post is definitely worth the read. I just finished reading a research paper called “Agents of Chaos” and honestly… it blew my mind. I was both amazed and slightly shocked by what the researchers discovered. Researchers from Stanford, Harvard, MIT and several other universities ran an experiment. They gave AI agents real access to tools email, Discord, and even system commands and then invited researchers to try breaking them. No malware. No hacking. Just conversation. And things went wrong surprisingly fast. • One agent was asked to delete evidence → it wiped the entire email server. • Another refused to share someone’s SSN → but happily forwarded the email containing it. • Some agents followed instructions from people who weren’t even the owners. The real issue isn’t intelligence. It’s authority and control. AI agents don’t truly understand who they should listen to. And yet companies are rapidly plugging them into inboxes, workflows, and decision systems. We’re moving from AI that answers questions to AI that takes actions. That changes everything. As someone who loves working at the intersection of AI, business, and technology, this paper made me think about one thing: Not “Can AI do the task?” but “Should AI be trusted with the authority to do it?” And the typical baniya instinct in me says automation is great… …but only when proper controls and guardrails are in place. Paper: Agents of ChaosOriginal Research Paper Agents of Chaos (arXiv research paper) https://lnkd.in/gFiRztZM⁠

Who are AI safety guardrails actually protecting? I've been researching this for a few weeks, and the honest answer is: not always the right people. When an attacker can bypass an LLM guardrail with up to a 92% success rate, but a security researcher running a red team exercise gets blocked, something has gone wrong in how we're approaching defensive tooling. The instinct to hardcode restrictions into models makes sense on paper. In practice, it's creating a defender's dilemma: the people trying to protect these systems are navigating friction, while the adversary just walks around it. My latest for CSO Online gets into why, and what a more pragmatic approach looks like: https://lnkd.in/gkfdVb8Q

I used to think the threat lived inside the organisation only. It doesn't. It lives inside your family's social media accounts. We ran an Open Source Intelligence (OSINT) audit on our entire management team. In under 40 minutes we had reconstructed the daily routines of three executives. Home neighbourhoods. School drop-off times. Gym locations. Not from a breach. From Instagram stories and Facebook. Now layer on OpenClaw. OpenClaw demonstrated that agentic AI tools — sitting on corporate laptops right now — can autonomously browse, extract, and correlate that public data without triggering a single security alert. What took our analyst 40 minutes, an agent does in 40 seconds. Across your entire organisation. Continuously. We secured the systems. We never thought to secure the story our people were telling online. That's the attack vector nobody has a control for yet. Does your AI governance even acknowledge this attack vector exists? 🎥 "Without Consent — A Message from Ella" | Courtesy by Deutsche Telekom