CISA has released sector-specific AI security guidelines for critical infrastructure operators, covering threat modelling for AI systems, incident response procedures, and minimum security baseline requirements aligned with the NIST AI RMF.
Threat actors are embedding prompt injection payloads in third-party LLM plugins and data sources to hijack AI agent actions, exfiltrate data, and pivot within enterprise environments.
A newly attributed state-sponsored threat actor is systematically targeting AI development infrastructure to poison training datasets and embed persistent backdoors in commercially deployed models.
How to implement an AI Software Bill of Materials (AI-SBOM) that captures the full component graph of a deployed AI system — base models, adapters, training datasets, and dependencies — and how to use it to manage supply chain risk and regulatory compliance.
Research demonstrates that LLMs with large context windows can be reliably jailbroken by embedding hundreds of fictitious dialogues before the target request — a technique that scales with context length and bypasses standard safety training.