https://aithreatbrief.com AI-assisted security briefings on AI-powered threats, privacy defence strategies, and security tooling for technology professionals. en-au https://aithreatbrief.com/blog/best-llm-firewall-2026 https://aithreatbrief.com/blog/best-llm-firewall-2026 A technical evaluation of the top MLSecOps firewalls for filtering prompts, preventing injection attacks, and securing large language model deployments in production. Fri, 03 Apr 2026 00:00:00 GMT Tools https://aithreatbrief.com/blog/preventing-prompt-injection-attacks https://aithreatbrief.com/blog/preventing-prompt-injection-attacks A tactical guide to mitigating prompt injection attacks in production. Moving beyond fragile regex filters to semantic validation and dual-LLM architectural defenses. Fri, 03 Apr 2026 00:00:00 GMT Security Engineering https://aithreatbrief.com/blog/claude-extension-flaw-enabled-zero-click-xss-prompt-injection-via-any-website https://aithreatbrief.com/blog/claude-extension-flaw-enabled-zero-click-xss-prompt-injection-via-any-website A critical vulnerability in Anthropic's Claude Chrome Extension exposes users to zero-click XSS prompt injection attacks, allowing malicious actors to execute commands without user interaction. This article examines the technical details, risks, and defensive strategies for organizations and individuals. Mon, 30 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/security-researchers-sound-the-alarm-on-vulnerabilities-in-ai-generated-code https://aithreatbrief.com/blog/security-researchers-sound-the-alarm-on-vulnerabilities-in-ai-generated-code A surge in vulnerabilities linked to AI-generated code has prompted security researchers to call for urgent improvements in code review and development practices. This article explores the risks, trends, and defensive strategies for organizations leveraging AI in software development. Mon, 30 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/best-password-managers-for-security-teams-2026 https://aithreatbrief.com/blog/best-password-managers-for-security-teams-2026 A security-focused comparison of enterprise password managers — evaluating zero-knowledge architecture, audit history, SSO integration, and secrets management for IT teams. Thu, 26 Mar 2026 00:00:00 GMT Privacy https://aithreatbrief.com/blog/best-vpns-for-cybersecurity-professionals-2026 https://aithreatbrief.com/blog/best-vpns-for-cybersecurity-professionals-2026 A data-driven comparison of the best VPNs for security analysts, threat researchers, and IT teams — evaluated on encryption, jurisdiction, audit history, and operational security. Tue, 24 Mar 2026 00:00:00 GMT Privacy https://aithreatbrief.com/blog/nordvpn-vs-protonvpn-security-comparison https://aithreatbrief.com/blog/nordvpn-vs-protonvpn-security-comparison A head-to-head comparison of NordVPN and ProtonVPN for cybersecurity work — covering encryption, jurisdiction, open-source status, audit history, and pricing. Tue, 24 Mar 2026 00:00:00 GMT Privacy https://aithreatbrief.com/blog/ai-flaws-in-amazon-bedrock-langsmith-and-sglang-enable-data-exfiltration-and-rce https://aithreatbrief.com/blog/ai-flaws-in-amazon-bedrock-langsmith-and-sglang-enable-data-exfiltration-and-rce Three independent research teams disclosed critical vulnerabilities across Amazon Bedrock AgentCore, LangSmith, and SGLang in March 2026 — collectively enabling DNS-based data exfiltration, account takeover, and unauthenticated remote code execution against AI infrastructure. One of these flaws remains unpatched, and CERT/CC has issued a public advisory. Thu, 19 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/cursorjack-attack-path-exposes-code-execution-risk-in-ai-development-environment https://aithreatbrief.com/blog/cursorjack-attack-path-exposes-code-execution-risk-in-ai-development-environment Proofpoint Threat Research has demonstrated that a single crafted deeplink can weaponise Cursor IDE's MCP installation flow to execute arbitrary commands under a developer's full privileges — exposing the structural security gap at the heart of the Model Context Protocol ecosystem. Thu, 19 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/researchers-discover-major-security-gaps-in-llm-guardrails https://aithreatbrief.com/blog/researchers-discover-major-security-gaps-in-llm-guardrails Palo Alto Networks' Unit 42, Oxford researchers, and a Nature Communications study converge on the same finding: the safety layers enterprises rely on to govern generative AI can be bypassed at scale, by automated tools, in under 60 seconds. The attack success rates are not marginal — they are, in several documented cases, approaching 100%. Tue, 17 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/hive0163-uses-ai-assisted-slopoly-malware-for-persistent-access-in-ransomware-attacks https://aithreatbrief.com/blog/hive0163-uses-ai-assisted-slopoly-malware-for-persistent-access-in-ransomware-attacks IBM X-Force discovered Slopoly, an LLM-generated PowerShell backdoor deployed by Hive0163 that maintained persistent access for 7+ days during a live ransomware engagement. The code self-describes as a "Polymorphic C2 Persistence Client" — but isn't actually polymorphic. That gap between what AI claims to build and what it actually builds is the story. Mon, 16 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/openclaw-ai-agent-flaws-could-enable-prompt-injection-and-data-exfiltration https://aithreatbrief.com/blog/openclaw-ai-agent-flaws-could-enable-prompt-injection-and-data-exfiltration China's CNCERT issued a formal warning on March 14 about OpenClaw's inherently weak default configurations. With 97+ CVEs tracked, 135,000+ exposed instances, and zero-click data exfiltration demonstrated in the wild, the open-source AI agent has become a case study in what happens when autonomous systems ship without a security baseline. Mon, 16 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/australias-privacy-act-reforms-2026 https://aithreatbrief.com/blog/australias-privacy-act-reforms-2026 Australia's Privacy Act has undergone its most significant overhaul since 1988 — with new penalties reaching $50 million, mandatory disclosure of AI decision-making systems, and a new statutory tort for serious privacy invasions. Here's what changed and what it means for your organisation. Sat, 14 Mar 2026 00:00:00 GMT Privacy https://aithreatbrief.com/blog/agentic-ai-security-risks https://aithreatbrief.com/blog/agentic-ai-security-risks Autonomous AI agents are now embedded in enterprise workflows with privileged access to databases, APIs, and critical systems — but the security infrastructure governing them hasn't kept pace. Here's what developers and security teams need to understand right now. Thu, 12 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/how-ai-is-being-used-to-launch-cyberattacks-in-2026 https://aithreatbrief.com/blog/how-ai-is-being-used-to-launch-cyberattacks-in-2026 AI has crossed a threshold in 2026 — adversaries are no longer just using it to write phishing emails. Autonomous attack agents, AI-generated malware, and deepfake social engineering are redefining the threat landscape at machine speed. Tue, 10 Mar 2026 00:00:00 GMT AI Threats https://aithreatbrief.com/blog/ai-model-prompt-injection-attacks-explained https://aithreatbrief.com/blog/ai-model-prompt-injection-attacks-explained Prompt injection is the #1 vulnerability in deployed AI systems — and unlike traditional software flaws, it cannot be patched. Here's how direct and indirect attacks work, real-world exploits from 2024–2026, and the defence strategies that actually reduce risk. Sun, 08 Mar 2026 00:00:00 GMT AI Threats