AI security

Security researchers have identified a novel cybersecurity threat called ‘prompt hijacking’ that exploits vulnerabilities in AI communication protocols like the Model Context Protocol (MCP). A flaw in the *oatpp-mcp* implementation allows attackers to inject malicious commands into user sessions, potentially leading to code injection, data exfiltration, or arbitrary command execution. Organizations should enforce secure session management with cryptographically secure session IDs, strengthen client-side defenses, and implement zero-trust principles for AI protocols to mitigate this and similar attacks. This highlights the need to adapt established security practices to protect the growing AI ecosystem.

The “Dialogue on AI & Cyber Governance” in London addressed the growing need for corporate AI security as AI integrates into physical infrastructure. Experts from academia and industry, including Tuya Smart, discussed building robust cyber governance frameworks and using AI to enhance cybersecurity. Key topics included addressing vulnerabilities from AI adoption, standardizing security frameworks, and the geopolitical aspects of supply chain security. Participants agreed on the need for global collaboration to develop effective AI security standards. Tuya Smart highlighted its security initiatives and collaborative approach to fostering secure AI development.

CrowdStrike (CRWD) shares jumped over 12% after an investor day presentation outlining strong long-term financial projections, including a 20% net new ARR growth rate by 2027 and a $10 billion ARR goal by 2031. The company’s acquisition of Pangea, an AI security platform, and a strategic partnership with Salesforce further boosted investor confidence. Analysts cite CrowdStrike’s advanced AI security capabilities and proactive market approach that led to revised upward price targets, highlighting the company’s leadership in the expanding cybersecurity landscape.

Palo Alto Networks (PANW) launched “Be A Genius. Deploy Bravely,” an AI-driven marketing campaign featuring historical innovators. Utilizing tools like Google Veo and Gemini, PANW significantly reduced ad production time from nine months to one week and costs from millions to under $1,000 per ad. AI was also used to predict ad effectiveness. The campaign, appearing on platforms like CNBC and LinkedIn, signals a move towards AI in marketing, mirroring a broader industry trend of AI adoption. PANW emphasizes the security of AI initiatives with its Prisma® AIRS™ platform.

At Security Summit 2025, Google Cloud outlined its AI-powered vision for proactive security. Key announcements include AI Protection enhancements within Security Command Center for AI agent discovery and threat protection (like prompt injection). The vision extends to an “agentic SOC” with AI agents assisting in threat management and alert investigation. Google Security Operations receives AI-driven capabilities (Gemini AI), unified dashboards, and upgrades to the Trusted Cloud, focusing on compliance, smarter access control, and expanded data/network security for AI. The goal: secure innovation through AI-embedded security.

The HarmonyOS Security and Privacy Evolution forum at HDC 2025 highlighted advancements in StarShield Security 2.0, focusing on API governance, AI security, passwordless authentication, financial security, and sensitive data protection. Discussions with partners showcased practical applications of these features, emphasizing HarmonyOS’s commitment to a secure and trustworthy ecosystem.

Global AI adoption accelerates amid critical security vulnerabilities, with 88% of components lacking protocols and $1B+ crypto-mining hijacking via exposed frameworks. While history shows emerging tech often emerges through ethical risks, Alibaba Cloud’s CloudShield for AI tackles flaws via infrastructure defense (real-time vulnerability detection), model safeguards (99% attack prevention), and application shielding. Integrated Tongyi LLM slashes response times to 8.2 minutes, exemplifying AI’s dual role as both threat and defense. The future hinges on embedding security into AI’s core, mirroring infrastructure evolution beyond traditional “wild west” phases to counter innovation’s inherent risks dynamically.