The European AI Office has issued its first formal enforcement notices under the EU AI Act, targeting prohibited AI practices and high-risk system deployments without conformity assessments. What security and compliance teams need to know.
Practical design patterns for building a prompt injection and jailbreak detection layer in front of production LLM deployments — covering rule-based filters, semantic classifiers, canary tokens, and output validation.
A systematic study of membership inference attacks against foundation models finds that training data can be reconstructed from model weights with significantly higher accuracy than previously reported, with implications for GDPR compliance and PII handling in AI development.
PhantomSynth is a financially motivated threat actor that has industrialised the use of LLMs to generate hyper-personalised spear phishing lures at scale, dramatically lowering the cost of targeted social engineering campaigns.
Analysis of a novel attack class targeting agentic AI systems: how injected instructions in tool outputs can escalate an agent's effective permissions, exfiltrate data, and pivot to internal services — and how to defend against it.