Expert Analysis – Help Net Security

One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks for a summary. Just like that, confidential information is ingested into a third-party model beyond your control. Even with data loss prevention (DLP) policies, AI data leaks are challenging to prevent. If the AI system is cloud-based and employees can access it externally, companies may never know … More → The post How to find out if your AI vendor is a security risk appeared first on Help Net Security.

For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these systems gain deep access to information systems, a growing concern is mounting about their excessive agency – the security risk of entrusting these tools with so much power, access, and information. Say that an LLM is granted … More → The post Excessive agency in LLMs: The growing risk of unchecked autonomy appeared first on Help Net Security.

Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and insider risk management, conditional access optimization, vulnerability remediation, and threat intelligence briefing. The goal of these agents is to continuously pull in information from these different disciplines and provide both manual and automated recommendations for action in Microsoft … More → The post April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft appeared first on Help Net Security.

You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save countless hours chasing security anomalies. But there’s one final boss to clear: the C-suite. Convincing leadership, especially those more attuned to balance sheets than breach reports, can feel like selling a Wi-Fi router to someone without any internet … More → The post 7 ways to get C-suite buy-in on that new cybersecurity tool appeared first on Help Net Security.

In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important to adopt an attacker-centric approach. In this article, we will be diving deeper into a company’s attack surface, what might have been forgotten and overlooked during the day-to-day rush and how cybersecurity professionals can regain the momentum and overview with the help of external attack surface … More → The post How to map and manage your cyber attack surface with EASM appeared first on Help Net Security.

Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test their mettle in a crisis, to build the muscle memory and decision-making skills that will make a difference when a real attack occurs. This is where cyber simulations come in, by providing the opportunity to … More → The post How to build an effective cybersecurity simulation appeared first on Help Net Security.

Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk. They need to put in place: 1. A seamless AI security policy AI may have previously been a technology that only developers or specialists interacted with, but today, at all levels within companies, employees use AI to assist them in various tasks. Organizations must therefore educate all employees on … More → The post Two things you need in place to successfully adopt AI appeared first on Help Net Security.

The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates the global smartphone market. According to ESET research, Android financial threats, targeting banking apps and cryptocurrency wallets, grew by 20% in H2 of 2024 compared to the first half of the year. Fortunately, large financial institutions like banks have significant resources, … More → The post Android financial threats: What businesses need to know to protect themselves and their customers appeared first on Help Net Security.

In AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT applications, which rely on predefined rules and static algorithms, ML models are dynamic—they develop their own internal patterns and decision-making processes by analyzing training data. Their behavior can change as they learn from new data. This adaptive nature introduces unique security challenges. Securing these models requires a new approach that not only addresses … More → The post A CISO’s guide to securing AI models appeared first on Help Net Security.

Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess. The modern Security Operations Center (SOC) is drowning in security telemetry from endpoints, cloud, SaaS applications, identity platforms and a growing list of other sources. In practice, most of these are redundant, irrelevant, or just outright noise, and are affecting detection effectiveness, … More → The post Spring clean your security data: The case for cybersecurity data hygiene appeared first on Help Net Security.