AI开发驱动集成开发环境IDE，如 Cursor、Windsurf 和 Google Antigravity 等因继承 VSCode 的配置文件缺陷，面临供应链攻击风险。这三个平台共拥有超过 百万级用户，其对扩展的自动化推荐机制可被攻击者利用，通过污染 OpenVSX 扩展市场来向开发者推送恶意代码。该漏洞允许攻击者注册未声明的扩展命名空间并上传恶意扩展，在无需传统社会工程学的情况下获得 SSH 密钥、AWS 凭证和源代码访问权限。该风险影响面凸显了开发者工具链中的新兴攻击向量，也标志着 IDE 扩展正式列入 MITRE ATT&CK 框架。

人工智能正在改变安全领域的防御和进攻范式。攻击者利用人工智能大规模生成逼真的网络钓鱼信息、克隆高管语音、探测暴露的人工智能基础设施并自动化入侵渗透。防御者则利用人工智能更快地检测异常、对风险告警进行分类并控制事件。然而，技能差距和配置错误的人工智能架构却为新的攻击打开了方便之门。本指南汇总了最新的2025年人工智能网络攻击统计数据，将数据转化为业务影响，并提供了一份您可以在本年度执行的优先行动方案。

Chief Security Officers (CSOs) are facing an unprecedented challenge: AI systems are both amplifying existing data risks and introducing entirely new threats such as data poisoning, model reverse engineering, and supply chain contamination. This guide builds on the NIST AI Risk Management Framework (AI RMF), the Google Secure AI Framework (SAIF), and industry practices to provide CSOs with an actionable data security governance system.

Focus on how MCP directly impacts the existing security system while empowering AI to actually "execute". On the one hand, MCP allows LLMs to access tools, databases, and business systems through a unified protocol, truly turning them into multi-agents that can cross systems rather than passive question-and-answer bots. On the other hand, this ability relies on "hybrid identity" and long-link authorization and authentication, so that the clear identity, minimal privileges and continuous verification required by zero trust are systematically weakened, and the context of poisoning, tool poisoning, supply chain attacks and other invisible threats are dramatically enlarged.
Right now, governance must be rebuilt around MCP - with the gateway as the hub, unified identity, fine-grained authorization, and full-link auditing - in order to unlock the true value of agentic AI without sacrificing security.

Future-oriented AI security architecture is not only a technical issue, but also a strategic shift. From "tool-driven" to "intelligence-driven", from "after-the-fact response" to "before-the-fact governance", from "artificial dependence" to "human-machine collaboration" - these shifts will profoundly change the face of the security industry. From "artificial dependence" to "human-machine collaboration" - these changes will profoundly change the appearance of the security industry.

Those enterprises that take the lead in building AI-native security systems will gain a competitive advantage in multiple dimensions such as threat detection, operational efficiency, cost control, and talent retention. And those enterprises that are stuck in traditional tool stacking and rule writing will eventually be eliminated by the times.

The development of AI is irreversible. Security decision makers should take immediate action to seize this historic opportunity by launching the construction of AI security platforms in four dimensions: strategy, organization, technology and investment.

PromptPwnd is a new type of vulnerability discovered by the Aikido Security research team that poses a serious threat to GitHub Actions and GitLab CI/CD pipelines that integrate AI agents. The vulnerability utilizes Prompt Injection to cause key compromise, workflow manipulation, and supply chain compromise by injecting malicious commands into an AI model, causing it to perform high-privilege operations. At least five Fortune 500 companies have been affected, and several high-profile projects such as the Google Gemini CLI have been verified to have the vulnerability.

Many people think that AI's impact on cybersecurity is mainly in the form of "one more smarter tool". But after reading this compendium on AI cybersecurity in Asia-Pacific (AP), a more solid conclusion is that AI is making attacks faster, cheaper, and more realistic, while...

As AI evolves from mere "Chatbots" to "Agentic AI" with autonomous planning, decision-making and execution capabilities, the attack surface of applications has fundamentally changed. In contrast to traditional LLM ...

CVE-2025-34291 is a critical vulnerability chain found in the Langflow AI Agent and Workflow Platform with a security score of CVSS v4.0: 9.4. The vulnerability allows an attacker to achieve full account takeover and remote code execution (RCE) of Langflow instances by inducing users to visit a malicious web page.

CVE-2025-55182 Vulnerability Introduced by React 19 in the affected version, Next.js App Router takes RSC serialized data from the client and passes it directly to ReactFlightReplyServer to deserialize it, without sufficiently checking the model structure, reference paths and Server Reference metadata. An attacker can construct a malicious RSC. An attacker can construct a malicious RSC request, guide parseModelString, getOutlinedModel, loadServerReference, initializeModelChunk, and other parsing links into an exception state, and control the target of the call during the module loading and reference binding phases, and ultimately trigger an arbitrary server-side trigger in Next. js. js can trigger any server-side code execution.