Security Boulevard

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Mantle Model” appeared first on Security Boulevard.

Microsoft this week began previewing an instance of a graph that is specifically designed to facilitate integration of disparate cybersecurity tools and platforms. Based on a data lake that is now generally available and an instance of a Model Context Protocol (MCP) server, the Microsoft Sentinel graph promises to make it simpler for cybersecurity teams..

The post Microsoft Previews Graph Framework to Better Integrate Cybersecurity Tools appeared first on Security Boulevard.

Creators, Authors and Presenters: Saikrishna Badrinarayanan and Chris Harris, LinkedIn

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: Building An End-to-End De-Identification Pipeline For Advertising Activity Data At LinkedIn appeared first on Security Boulevard.

Proofpoint is launching AI agents and a Secure Agent Gateway to automate security tasks, govern data use, and defend against AI-driven cyberattacks.

The post Proofpoint Previews Strategy for Applying AI Agents to Better Secure Data appeared first on Security Boulevard.

8 min readAgentic AI is emerging, shifting from passive chatbots to systems that reason, adapt, and autonomously execute multi-step tasks. Unlike "read-only" AI, agentic AI is "read-write," able to modify data and trigger actions. This active AI offers automation opportunities but necessitates new security for non-human identities.

The post From Chatbots to Agents: The Evolution Toward Agentic AI appeared first on Aembit.

The post From Chatbots to Agents: The Evolution Toward Agentic AI appeared first on Security Boulevard.

Federal investigators have found 200,000 more SIM cards at a site in New Jersey that were part of a sprawling hidden telecommunications network that initially included 100,000 other SIM cards and 300 servers scattered across at least five locations that could have taken down communications throughout New York City.

The post 200,000 More SIM Cards Found Linked to Secret Telecom Network in NYC appeared first on Security Boulevard.

Tonic.ai is thrilled to join the Microsoft for Startups Pegasus Program. We're bringing our privacy-compliant synthetic data solutions to Microsoft Azure customers.

The post Tonic.ai + Microsoft: Accelerating AI adoption with privacy-compliant synthetic data appeared first on Security Boulevard.

The call comes in at 4:55 PM on a Friday. It’s the CFO, and she’s frantic. She’s locked out of her account, needs to approve payroll, and her flight is boarding in ten minutes. She can’t remember the name of her first pet, and the code sent to her phone isn’t working. The pressure is immense. What does your help desk agent do? Do they bypass security to help the executive, or do they hold the line, potentially disrupting a critical business function?

This isn’t a hypothetical scenario; it's a daily, high-stakes gamble for support teams everywhere. And it’s a gamble that attackers are counting on. They know your help desk is staffed by humans who are measured on their ability to resolve problems quickly. They exploit this pressure, turning your most helpful employees into unwitting accomplices in major security breaches. It's time to stop gambling.

The post Announcing the HYPR Help Desk Application: Turn Your Biggest Risk into Your Strongest Defense appeared first on Security Boulevard.

Today's Unmanned Aircraft Systems (UAS) and defense mission platforms are software-intensive systems operating across highly complex ecosystems. As these systems grow more sophisticated, so do the threats they face.

The post Securing the Skies: Software Supply Chain Readiness for Unmanned Aircraft Systems appeared first on Security Boulevard.

How has AI changed your workflow? Share your story in Sonar's State of Code developer survey

The post Developer survey request appeared first on Security Boulevard.

CVEs & Vulnerabilities of September 2025 reveal a wave of high-impact flaws that security teams cannot afford to ignore. From unauthenticated exploits in FreePBX to privilege escalation in Android and root-level risks in Cisco firewalls, attackers are moving fast to weaponize these weaknesses. This blog explains the top CVEs, how they work, and why rapid patching is critical for enterprise protection.

The post Top CVEs & Vulnerabilities of September 2025 appeared first on Strobes Security.

The post Top CVEs & Vulnerabilities of September 2025 appeared first on Security Boulevard.

Explore the depths of retina scan authentication, from its technology and security to ethical considerations and implementation. A guide for developers and security pros.

The post An Inclusive Guide to Retina Scan Authentication appeared first on Security Boulevard.

The post 10 File Threats That Slip Past Traditional Security—and How to Stop Them appeared first on Votiro.

The post 10 File Threats That Slip Past Traditional Security—and How to Stop Them appeared first on Security Boulevard.

The CISA law, which for 10 years has facilitated the wide sharing of threat information among private entities and the federal government that is a cornerstone of cybersecurity and national security, is likely to expire tonight if it's not reauthorized, which security pros say would hand adversaries a significant advantage.

The post Critical CISA Cybersecurity Law is Hours Away from Expiring appeared first on Security Boulevard.

What is a Firewall Migration (and Why It Happens) A firewall migration is the process of moving rules, policies, and configurations from one firewall to another, whether that’s switching vendors,...

The post Firewall Migration Checklist: Complete 10-Step Guide for IT Teams appeared first on Security Boulevard.

Are Your Machine Identities As Secure as They Should Be? Machine identities—or Non-Human Identities (NHIs)—are akin to digital citizens journeying across the interconnected landscape of an organization’s network. But how secure are these travelers on their digital voyages? The answer hinges on how effectively their identities and secrets are managed, a concern that’s integral for […]

The post Enhance Your Cyber Resilience with Capable NHIs appeared first on Entro.

The post Enhance Your Cyber Resilience with Capable NHIs appeared first on Security Boulevard.

When the latest PCI DSS 4.0 requirements came into full effect in March 2025, organizations processing cardholder data faced new obligations to protect payment pages from client-side risks. Requirements such as 6.4.3 (script inventory, authorization, and integrity monitoring) and 11.6.1 (detection of unauthorized changes) demanded stronger visibility and control than many teams had in place. […]

The post Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance appeared first on Blog.

The post Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance appeared first on Security Boulevard.

Creator, Author and Presenter: Daniele Romanini, Resolve

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: PEPR ’25 – Unlocking Cross-Organizational Insights: Practical MPC for Cloud-Based Data Analytics appeared first on Security Boulevard.

Learn how to transform sensitive data into a safe AI asset for fine-tuning LLMs. This guide walks through a notebook-based workflow in Amazon SageMaker.

The post Turn sensitive data into safe AI assets with Tonic Textual in Amazon SageMaker Unified Studio appeared first on Security Boulevard.

Sep 30, 2025 - Lina Romero - In 2025, AI is everywhere, and so are AI vulnerabilities. OWASP’s Top Ten Risks for LLMs provides developers and security researchers with a comprehensive resource for breaking down the most common risks to AI models. In previous blogs, we’ve covered the first 6 items on the list, and today, we’ll be going over number 7: System Prompt Leakage. System Prompts are used to instruct AI model behaviour, and System Prompt Leakage occurs when sensitive information contained within the prompt is exposed. Once attackers access these secrets, they can use what they’ve learned to facilitate further attacks. The system prompt itself should never be a secret, however, underlying secrets contained within the system prompt, such as guardrails, etc., are what attackers are looking for. The best way to prevent System Prompt Leakage is to avoid hiding sensitive data such as credentials, permissions, data strings or passwords, etc., within the system prompt language. That way even if attackers get a hold of the system prompt, they have not gained any critical insider knowledge. Some common examples of System Prompt Leakage are: Exposure of Sensitive Functionality- Attackers could learn critical confidential information about functionality through a system prompt. For instance, it could reveal the database information is stored in, resulting in a targeted attack.
Exposure of Internal Rules- The system prompt could reveal information on the internal decision-making process which would allow hackers to gain insight into how it works, thus making it easier to hack.
Revealing of Filtering Criteria- Attackers could figure out the limitations of requests and use this to their advantage.
Disclosure of Permissions and User Roles- The system prompt could reveal information about permissions and user roles that could lead to further exploitation. Prevention Strategies: Separate sensitive data from system prompts: As stated above, the best way to avoid system prompt leakage vulnerabilities is to keep secrets and sensitive information outside the system prompt altogether.
Avoid reliance on system prompts for behavior control: Ensure that you are using a variety of security and other controls for each LLM, instead of putting all your eggs in the system prompt basket.
Implement Guardrails: Guardrails that limit the functionality of certain parts of the LLM can also restrict the information attackers are able to access via the system prompt.
Ensure Security Controls are implemented separately from the LLM: When in doubt, outsource- make sure that you are not solely relying on the LLM to keep itself secure. Use security software to place checks on each LLM to prevent system prompt leakage. With AI vulnerabilities on the rise, now more than ever is the time for security researchers to educate themselves on the risks to LLMs and the OWASP Top 10 is a great place to start. System Prompt Leakage occurs when attackers access sensitive information contained within the system prompt of an LLM. They can then use this information to launch further attacks. There are several ways to mitigate the risk of system prompt leakage, but the best way is to ensure that you store sensitive information such as credentials and passwords outside of the system prompt. To learn more about AI security and see how FireTail can help you with your AI security today, schedule a demo or set up a free trial, here.

The post LLM07: System Prompt Leakage – FireTail Blog appeared first on Security Boulevard.