AI without built-in cybersecurity remains a liability. The AI Action Plan presents a pivotal opportunity to get this right by emphasizing a secure-by-design approach.
The White House’s newly released AI Action Plan and series of executive orders advances a comprehensive national AI strategy, which includes secure and reliable use of AI. As AI is increasingly integrated into critical infrastructure and decision-making systems, one thing must remain clear: cybersecurity can't be an afterthought.
At Tenable, we welcome the Administration’s commitment to advancing AI innovation, and we agree that AI without built-in cybersecurity remains a liability. Just like traditional software, AI systems and models are vulnerable to exposure, manipulation and attack, and threat actors have already taken great interest in this rapidly emerging segment of the attack surface. Therefore, we must ensure that all AI technology — whether used by federal, state, local or industry — is secure. The AI Action Plan includes several recommendations to advance security principles within AI.
The Action Plan calls for the promotion of secure-by-design AI technologies and applications. Secure by Design should be embedded into every layer of the AI lifecycle, from model development to deployment. This includes rigorous vulnerability assessments, third-party risk management and real-time monitoring of AI behavior. These safeguards must evolve alongside the technology itself.
The Action plan also recommends the establishment of an AI Information Sharing and Analysis Center (AI-ISAC). Sharing cyber threat information is an important aspect of securing AI systems and protecting against AI threats. This will enable government, industry and academic stakeholders to collaborate on threat intelligence, best practices and rapid response strategies tailored to AI-specific risks. However, any establishment of a new ISAC should ensure coordination and alignment with other industry-based ISACs.
Lastly, the Action Plan suggests the Department of Homeland Security issue guidance to the private sector on remediating and responding to AI-specific vulnerabilities and threats. It also recommends the modification of the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Incident and Vulnerability Response Playbooks to incorporate considerations of AI systems. Organizations need visibility into what AI systems are deployed across their environments and how those systems are being used. Therefore, they must apply the same exposure management practices to AI that they’re using to reduce cyber risk today. This means discovering AI tools and components, assessing them for exposures and prioritizing response based on business impact and exploitability. AI cannot become a blind spot in enterprise risk management.
We strongly urge policymakers to treat cybersecurity in AI systems as a shared responsibility. Tenable supports initiatives to ensure private and public entities at all levels, and in particular state and local governments, have access to the tools and resources required to prevent and mitigate AI threats. Our adversaries are both attacking and weaponizing AI, and we must be prepared to counter with proactive, exposure management approaches.
The AI Action Plan presents a pivotal opportunity to drive innovation in AI while also taking the necessary steps to secure these systems. Focusing efforts on enabling AI-related cyber threat information sharing, building in security from the start and managing exposures across the AI attack surface will serve to dramatically improve AI cybersecurity. By investing in cyber preparedness now, we can ensure AI innovation advances not only with speed, but with resilience and trust.
A sophisticated North Korean cryptocurrency theft campaign has resurfaced with renewed vigor, weaponizing twelve malicious NPM packages to target developers and steal digital assets. The campaign, which represents a significant escalation in supply chain attacks, exploits the trust developers place in open-source package repositories to distribute advanced malware capable of cross-platform data exfiltration. The attack […]
The post North Korean Hackers Weaponizing NPM Packages to Steal Cryptocurrency and Sensitive Data appeared first on Cyber Security News.
By: Andrey Charikov, Roman Zaikin & Oded Vanunu Background Cursor is a developer-focused AI IDE that combines local code editing with large language model (LLM) integrations. Due to its flexibility and deep LLM integration, Cursor is increasingly adopted by startups, research teams, and individual developers looking to integrate AI tooling directly into their development workflow. […]
The post CVE-2025-54136 – MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass appeared first on Check Point Research.
Cisco has confirmed it was the target of a cyberattack where a malicious actor successfully stole the basic profile information of an undisclosed number of users registered on Cisco.com. The technology giant revealed that the breach occurred after an employee was deceived by a sophisticated voice phishing, or “vishing,” attack. The incident, which Cisco became […]
The post Cisco Hacked – Attackers Stole Profile Details of Users Registered on Cisco.com appeared first on Cyber Security News.
A sophisticated phishing campaign attributed with medium confidence to the Pakistan-linked APT36 group, also known as Transparent Tribe or Mythic Leopard, has been uncovered targeting Indian defense organizations and government entities. This operation employs typo-squatted domains that mimic official Indian government platforms, such as mail.mgovcloud.in and virtualeoffice.cloud, to deceive users into surrendering credentials. The campaign […]
The post APT36 Targets Indian Government: Credential Theft Campaign Uncovered appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
North Korean state-sponsored cyber-espionage group Kimsuky has unveiled a sophisticated new campaign targeting South Korean entities through malicious Windows shortcut (LNK) files, demonstrating the group’s continued evolution in stealth and precision. The campaign combines tailored social engineering with advanced malware frameworks designed to systematically infiltrate government agencies, defense contractors, and research organizations while evading traditional […]
The post Kimsuky APT Hackers Weaponizing LNK Files to Deploy Reflective Malware Bypassing Windows Defender appeared first on Cyber Security News.
SonicWall has issued an urgent security advisory following a significant increase in cyber incidents targeting its Gen 7 SonicWall firewalls over the past 72 hours. The company is actively investigating a wave of attacks that appear to be focused on devices where the Secure Sockets Layer Virtual Private Network (SSLVPN) feature is enabled. In a […]
The post SonicWall Warns of Escalating Cyberattacks Targeting Gen 7 Firewalls in Last 72 Hours appeared first on Cyber Security News.
Every CISO must assess their organization's AI readiness from technology and talent to governance and compliance.
The post Four Areas CISOs Must Assess Before Being AI Ready appeared first on Security Boulevard.