#065 - Cyber AI Chronicle - Cybersecurity Isn’t Political—Until It Is

PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 4^th May 2025

Welcome back!

Back after a two-weeks break! Very refreshing and it was good to disconnect and focus on the holidays and the family for a couple of weeks. Obviously, the threat landscape and the AI news did not stop so below is a summary of what I have read to catch up.

Let's dive straight into the main point: the disruption caused by the US Cyber Command and CISA in the United States is significant. The current administration has taken direct actions against prominent cybersecurity figures, such as Chris Krebs. It's crucial to emphasize that politicizing cybersecurity is a grave mistake, as these professionals were simply fulfilling their duties. Thinking the consequences of this will be limited to the US is an obvious mistake - they will be global and we had a near miss with the funding for the CVE databases which would have been catastrophic for the whole industry.

As Jen Easterly, former CISA Director, wisely stated, “our greatest vulnerability isn't a software flaw; it's a breach in our civic integrity.”

Stay cyber safe out there! and May the 4th be with you 😆

Aravind Srinivas, the CEO of Perplexity, is reportedly aiming to develop a web browser that utilizes AI to deliver "hyper personalized" ads to users. The co-founder of Instagram is saying that “AI chatbots are ‘juicing engagement’ instead of being useful”. This raises concerns about the potential misuse of AI for short-term monetization rather than addressing more significant challenges. I've penned an editorial on this topic and would be interested in hearing your perspective as well » READ MORE

Researchers at HiddenLayer have developed a universal prompt injection technique that bypasses instruction hierarchy and safety guardrails across major AI models. A single prompt template can bypass model alignment and generate harmful content against all major AI models, posing significant implications for AI safety and risk management » READ MORE

A critical vulnerability in the Model Context Protocol (MCP) allows for “Tool Poisoning Attacks,” enabling malicious instructions to be embedded in tool descriptions, leading to sensitive data exfiltration and unauthorized actions by AI models » READ MORE
Nothing really surprising here, I talked about MCP and its security previously and it’s not a surprise to start seeing attacks path in this domain.

ANSI terminal escape codes can be used to obfuscate malicious payloads in MCP server tool descriptions, making them invisible to users. This vulnerability allows attackers to hide instructions, potentially leading to supply chain attacks and system compromise. Users and developers should implement sanitization for potentially dangerous output and review tool descriptions and code when evaluating MCP tools. » READ MORE | Check out their other blog posts here and here

The AI Hallucinations topic is not going away and the recent release of Open AI GPT-4.5 which seems to be hallucinating 37% of the time(!) is not helping. This article is a good opinion piece that makes some great parallel with the past as well » READ MORE

The report presents a series of case studies detailing the malicious exploitation of Claude, encompassing activities such as influence-as-a-service operations, credential stuffing, recruitment fraud, and malware generation. It underscores the evolving threat landscape and the role of generative AI in automating and amplifying malicious activities. The company's intelligence program and research methodologies, including Clio and hierarchical summarization, play a crucial role in identifying and mitigating these abuses » READ MORE

The disruption of the US cyber capabilities continues and we had a near miss with the CVE funding. This would have been catastrophic for the industry and at a time where vulnerabilities are a key initial attack vector (see below). For sure something to keep an eye on in the future » READ MORE

M&S, Harrods, Co-Op have been hacked over the last couple of weeks. This is a significant attack against the entire retail industry in the UK for which the UK NCSC published a “wake up call”. Some of the information seems to indicate links between those attacks. The M&S hack has been linked to Scattered Spider / Octo Temptest and ransomware group named as DragonForce. Not the first time that Scattered Spider is in the news (Caesars, MGM, Snowflake, etc), some more information can be found here and here about this threat actor.

Patrick Opet, CISO of JPMorgan, wrote an open letter to third-party suppliers. This is big them across industries (as highlighted from the above reports) so an important topic. Patrick highlights the fact that SaaS delivery model have changed the game and a single attack against a major SaaS or PaaS provider can ripple through an entier industry » READ MORE

Verizon is back with this year edition of the 2025 Data Breach Investigation Report. As usual a great report and some really interesting statics:

Similar type of report but from Mandiant (Google) this time. Similar findings even though some numbers obviously differ, that being said some of the key trends like vulnerability exploitation, ransomware, stolen credentials are the same » READ MORE

Another killer post from Phil Venables. This team explaining why there is a pattern of failure in projects, programs, issue mitigation or anything that require a trivial amount of cross organization coordination. Must read article! » READ MORE

U.S. trade policy has shifted decisively towards economic nationalism, impacting cybersecurity through increased tariffs, scrutiny of foreign investment, and a focus on national security. This shift, coupled with inflationary pressures and geopolitical tensions, poses risks to cyber budgets, vendor selection, and talent acquisition. Cybersecurity leaders must adapt their strategies to navigate a fragmented, inflationary, and politically charged global environment » READ MORE

Impossible to summarize everything that happens at the RSA conference but SecurityWeek has done a great job with pre-event announcements and a summary day by day:

Not cyber security related but I found this super interesting. The United Arab Emirates' plan to use AI for drafting and reviewing federal and local laws. The initiative aims to expedite law creation and make laws more accessible to diverse populations » READ MORE

Netflix is shifting from multiple specialized recommendation models to a single foundation model, inspired by large language models (LLMs), to better scale, simplify maintenance, and improve personalization across the platform » READ MORE

The article describes an experiment where researchers staffed a fake software company with AI agents. The results were disappointing, with the best-performing model only managing to complete 24% of the tasks assigned to it. The researchers concluded that AI agents are not yet ready to replace human workers in complex jobs. » READ MORE

On the back of their launch of MCP back in November, Anthropic has now related severing integration with various online services, we talking things like: Atlassian, Zapier, Cloudflare, Intercom, Asana, Square, Sentry, PayPal, Linear and Plaid. You can check various demo on their website. 100% the future of AI interactions, providing more and more context » READ MORE

Multiple announcement at OpenAI wit the introduction of OpenAI o3 and o4-mini and the release of GPT-4.1, 4.1-mini, 4.1-nano in the API. Still API related the latest image generation model have been added as well.
Now not everything is also working as expected and Open AI had to roll-back a release of GPT-4o as it was sycophantic (overly flattering or agreeable).

If you are looking for training videos and other events to learn how to use OpenAI product this is the place » READ MORE

The paper investigates the potential of Large Language Models (LLMs) in automating the generation of Common Vulnerability Scoring System (CVSS) vectors from Common Vulnerabilities and Exposures (CVE) descriptions. It evaluates various prompt engineering strategies and compares LLM-generated scores with those from embedding-based models. The study finds that while LLMs show promise in automating CVSS evaluation, embedding-based methods outperform them in scoring subjective components like confidentiality, integrity, and availability impacts. A hybrid approach combining LLMs and embedding-based methods yields more reliable results across all scoring components. The research highlights the complexity of CVSS scoring and suggests refining hybrid models with domain tuning and analyst feedback to improve real-world reliability.

Published: 2025-04-14T21:10:57Z

Authors: Francesco Marchiori, Denis Donadel, Mauro Conti

Organizations: University of Padova, University of Verona

Findings:

Final Score: Grade: A, Explanation: Strong empirical study with novel insights and transparent methodology.

Download Report

Till next time!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.