DeviceSecurity.io RSS Syndication

Mastra AI Framework Poisoned in npm Supply-Chain Attack

Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security Fixes
The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated.

SpaceX Bets Big on AI Coding With $60B Cursor Deal

Cursor Engineers Gain Access to Colossus for Large-Scale Model Training
SpaceX has agreed to acquire Cursor parent Anysphere for $60 billion in an all-stock transaction, combining one of the fastest-growing AI coding platforms with massive computing infrastructure to accelerate development of frontier AI models and autonomous software engineering agents.

Quantum-Safe Cryptography Isn't Just a CISO Headache

Bank of Ireland's Francis Gorman Shares Strategies for Successful Quantum Migration
Most organizations give the migration to quantum-safe cryptography to the CISO. But that puts a cross-business change in the wrong hands. Accountability belongs with senior leaders who can influence the whole enterprise, says Francis Gorman, head of Bank of Ireland's security center of excellence.

AWS Unveils Continuum to Fight Vulnerability Backlog

Autonomous Remediation Tools Advance
Cloud computing mainstay Amazon Web Services has taken a look at the vulnerability apocalypse and pronounced it fit for a business opportunity. Today the Seattle company entered a new battleground of platforms with the launch of its new family of security agents that it calls Continuum.

Securing AI in Financial Services with Zero Trust

Beyond the Inbox: Defending Against AI-Enabled Social Engineering

When Agentic AI Exposes Hidden Enterprise APIs

OnDemand | When AI Agents and SecOps Teams Unite: What Actually Changes

How FDA's Draft Guidance Shapes AI Medical Device Safety

FDA's draft guidance for AI-enabled medical devices reflects a major change in how regulators address software that changes over time, recognizing AI's ability to evolve while emphasizing patient safety, transparency and accountability, said Phil Englert of the Health-ISAC.

How AI Governance Protects Patient Care and Sensitive Data

Healthcare organizations face mounting pressure to govern AI without slowing innovation. Krista Arndt of St. Luke's University Health Network explains how agile governance, technical controls and collaboration can reduce data loss risks, protect patient care and strengthen AI security programs.

Why Hospitals Must Rethink Cyber Resilience

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

The Privacy Risks of Embedded, Shadow AI in Healthcare

Artificial intelligence that is embedded in newer editions of software and other technology tools but is not explicitly revealed by vendors is a substantial risk on par with shadow AI, said regulatory attorney Elizabeth Hodge with the law firm Akerman LLP.

Policy as Code: From Documents to Machine Intelligence

Policy as Code Turns Static Compliance Documents Into Enforceable, Auditable Policy
For decades, policies, standards and procedures have anchored security and compliance governance. But static documents can no longer keep pace with dynamic regulations and frontier technology. Policy as Code transforms them into machine-readable, enforceable, continuously verifiable rules that drive real business decisions.

Election Systems Are Now a Persistent Cyber Target

Long Dwell Times and Persistent Footholds Are Redefining the Election Threat Model
Election security has long been treated as a seasonal effort - defenses up before a vote, then scaled back after. But analysis of the 2024 global election cycle shows adversaries maintaining persistent access across jurisdictions, mapping ecosystems and positioning for future cycles.

Anthropic Submits Pre-IPO SEC Filing, Leads Market Cap Fight

Frontier AI Market Gains Helped Anthropic Move From Challenger to Category Leader
Anthropic's new $965 billion Series H valuation, growing use of Claude for AI coding and an increasing share of the enterprise AI market indicate OpenAI's early lead in frontier models has disappeared as customers have shifted their spending, workloads and token usage to Anthropic.

AI Agents Are the New Insiders

Rethinking Insider Threats in the Age of Autonomous Systems
AI systems are no longer passive tools. They make decisions, execute multi-step workflows and access sensitive data repositories with minimal human intervention. They begin to resemble something security leaders understand very well yet are ill-equipped to manage in a digital form: insider risk.