AI = Attacker's Insider?
This week: The security disaster of Agentic Browsers, drone attacks on airports will continue, and the latest 'Profit vs Privacy' power struggle.
3 - AI Agentic Browsers are an attacker’s best insider
“Users should avoid using AI-powered browsers like Atlas or Comet for tasks involving sensitive data”
Source: Daily Security Review
What?
Agentic Browsers are a new type of internet browser that integrate with AI tools like Perplexity or ChatGPT and enable these tools to perform actions - e.g. Make purchases on your behalf.
Cyber attackers are already taking advantage of these browsers by fooling them into running AI prompts that could result in your sensitive data (e.g. login details; emails) being sent to the attackers.
So What?
There should always be an informed human between one of these AI Agents and the outside world.
You wouldn’t let your 3-year old speak to anyone online. You shouldn’t allow your AI Agents to do it either!
2 - Drone attacks on airports will continue
“The bad guys got smarter, the toys got cheaper, and the sky’s still open for business.”
Source: The Register
What?
The UK Civil Aviation Authority has warned that organised drone attacks will inevitably disrupt airports, as shown by recent closures in Belgium and Denmark.
It appears that existing defences may not stop low-cost, coordinated attacks, which always result in the airspace around an airport being shut down until the drones move on.
So what?
The most disruptive attacks are not always high-tech.
1 - Privacy vs Profit: Round 22
“The leaked text includes changes that gut core provisions of Europe’s tough General Data Protection Regulation (GDPR), as well as the ePrivacy directive, Data Act and the EU AI Act.”
Source: The Record
What?
According to recent reports, the European Commission is proposing a number of changes to many European regulations in order to free up poor technology firms from the burden of regulation.
The text of the proposal was recently leaked and over 120 civil society groups have worked together to publish an open letter criticising the changes.
According to the open letter, “What is being presented as a ‘technical streamlining’ of EU digital laws is, in reality, an attempt to covertly dismantle Europe’s strongest protections against digital threats”.
So what?
European regulations are a burden for business.
But they are also a protection for individuals.
It will be interesting to see how this latest round of the “Profit vs Privacy” power struggle develops.
Wow, the part about AI agentic browsers really stood out to me, such a sharp analiza! It's wild how quickly new attack vectors pop up.