{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/security/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["ai","security","agentic-soc"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe increasing adoption of AI agents in mainstream business tools presents new security challenges. A compromised agent can lead to data exposure, unauthorized transactions, and compliance violations. To address these risks, CrowdStrike Falcon AIDR now supports NVIDIA NeMo Guardrails. This integration provides enterprise-grade protection by defining guardrails and applying constraints on LLMs. NVIDIA NeMo Guardrails, an open-source library, offers features like content safety, PII detection, jailbreak detection, and topic control. Falcon AIDR and NeMo Guardrails enable developers to manage data access, control agent responses, and ensure policy compliance, facilitating the secure transition of AI agents from development to production. This solution helps organizations maintain visibility and control over their AI agents.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e An attacker crafts a malicious prompt to interact with an AI agent.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrompt Injection:\u003c/strong\u003e The malicious prompt injects unintended commands or instructions into the agent\u0026rsquo;s processing flow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBypass Guardrails (Attempt):\u003c/strong\u003e The attacker attempts to bypass existing guardrails using sophisticated injection techniques.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration:\u003c/strong\u003e If successful, the attacker exploits the agent to access and exfiltrate sensitive data (e.g., customer PII, internal documents).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnauthorized Actions:\u003c/strong\u003e The attacker manipulates the agent to perform unauthorized actions, such as initiating fraudulent transactions or modifying configurations.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement (Potential):\u003c/strong\u003e In some scenarios, a compromised agent could be leveraged to access other systems or data sources within the organization\u0026rsquo;s environment.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCompliance Violation:\u003c/strong\u003e The agent\u0026rsquo;s actions result in violations of regulatory compliance requirements (e.g., HIPAA, GDPR).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e Data breach, financial loss, reputational damage, and legal penalties.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful attack against an AI agent can have significant consequences. Data breaches exposing customer PII, unauthorized transactions leading to financial losses, and compliance violations resulting in legal penalties are all potential outcomes. The impact spans across various sectors, including financial services, healthcare, and customer service, where AI agents handle sensitive data and critical business processes. The extent of the damage depends on the agent\u0026rsquo;s access privileges and the sensitivity of the data it handles. Even a single compromised agent can expose thousands of interactions, amplifying the blast radius of an attack.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy Falcon AIDR with NVIDIA NeMo Guardrails to enforce content safety, PII protection, and jailbreak detection (see Overview).\u003c/li\u003e\n\u003cli\u003eImplement custom data classification rules in Falcon AIDR to align with your organization\u0026rsquo;s specific data protection requirements (see Overview).\u003c/li\u003e\n\u003cli\u003eEnable monitoring mode in Falcon AIDR to understand the threat landscape and progressively enforce blocks and redactions as agents move from development to production (see Use Cases).\u003c/li\u003e\n\u003cli\u003eCreate named detection policies in Falcon AIDR tailored to specific security requirements at critical points in AI agent workflows (see Configuring Falcon AIDR Policies).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unexpected HTTP requests that might indicate prompt injection attempts targeting AI agents (see rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-28T21:37:25Z","date_published":"2026-03-28T21:37:25Z","id":"/briefs/2026-03-ai-agent-security/","summary":"CrowdStrike Falcon AIDR integrates with NVIDIA NeMo Guardrails to provide comprehensive protection for AI agents against prompt injection, data leaks, and malicious content.","title":"Securing AI Agents with CrowdStrike Falcon AIDR and NVIDIA NeMo Guardrails","url":"https://feed.craftedsignal.io/briefs/2026-03-ai-agent-security/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["ai","security","falcon","agentic-soc","prompt-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCrowdStrike is addressing the emerging threats associated with the rapid adoption of AI tools and AI-powered software by enhancing its Falcon platform. These enhancements focus on providing AI Detection and Response (AIDR) capabilities across endpoints, SaaS environments, and cloud environments. The core issue being addressed is the increasing attack surface created by novel threats, such as indirect prompt injection and agentic tool chain attacks, alongside the widespread adoption of shadow AI. This adoption leads to visibility and governance gaps, creating opportunities for adversaries to exploit the \u0026ldquo;living off the AI land\u0026rdquo; (LOTAIL) technique, particularly on developer machines where AI agents with high system permissions are deployed with minimal governance. The new Falcon capabilities aim to provide security teams with the visibility and threat detection necessary to secure AI workforce adoption and development.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e An attacker gains initial access to a system, potentially through compromised credentials or a vulnerability in a third-party application or service.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAgent Deployment:\u003c/strong\u003e The attacker deploys a malicious AI agent, such as a compromised Model Context Protocol (MCP) server or a malicious IDE extension, onto a developer\u0026rsquo;s machine.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e The malicious AI agent leverages its high system permissions to escalate privileges.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrompt Injection:\u003c/strong\u003e The attacker uses prompt injection techniques to manipulate the behavior of legitimate AI agents like ChatGPT, Gemini, or Microsoft Copilot.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration:\u003c/strong\u003e The compromised or manipulated AI agents are used to exfiltrate sensitive data from the organization.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement:\u003c/strong\u003e The attacker uses the compromised endpoint as a launchpad to move laterally within the network, targeting other critical systems and data stores.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePolicy Violation:\u003c/strong\u003e The attacker manipulates AI agents to violate security policies.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e The attacker achieves their objective, such as stealing sensitive data, disrupting business operations, or causing reputational damage.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe exploitation of AI environments can lead to significant data breaches, intellectual property theft, and disruption of critical business operations. The lack of visibility and governance over AI tools and agents allows attackers to operate undetected, increasing the potential for widespread damage. Organizations across all sectors are vulnerable, especially those heavily reliant on AI for development and operations. Successful attacks can result in financial losses, reputational damage, and regulatory penalties.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the provided Sigma rules to your SIEM to detect suspicious AI-related activity on endpoints.\u003c/li\u003e\n\u003cli\u003eUtilize CrowdStrike Falcon Exposure Management to discover and classify AI-related components running across endpoints in real-time.\u003c/li\u003e\n\u003cli\u003eImplement Falcon AIDR policies to monitor and protect agents built in Microsoft Copilot Studio against prompt injection attacks and data leaks.\u003c/li\u003e\n\u003cli\u003eLeverage Falcon AIDR\u0026rsquo;s runtime threat detection capabilities to secure workforce AI adoption across both browser-based and desktop AI applications (ChatGPT, Gemini, Claude, etc.).\u003c/li\u003e\n\u003cli\u003eReview and update existing security policies to address the specific risks associated with AI agents and shadow AI, focusing on access control, data protection, and prompt injection prevention.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-28T09:35:50Z","date_published":"2026-03-28T09:35:50Z","id":"/briefs/2026-03-crowdstrike-ai-security/","summary":"CrowdStrike is enhancing its Falcon platform with new features focusing on AI Detection and Response (AIDR) capabilities across endpoints, SaaS, and cloud environments to mitigate risks such as prompt injection attacks, data leaks, and policy violations related to AI agents and shadow AI.","title":"CrowdStrike Falcon Enhancements for Securing AI Environments","url":"https://feed.craftedsignal.io/briefs/2026-03-crowdstrike-ai-security/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["aws","cloudfront","injection","security"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in the CloudFront signing utilities within the AWS SDK for PHP, specifically impacting versions 3.11.7 through 3.371.3. These utilities are responsible for generating Amazon CloudFront signed URLs and signed cookies, which control access to content. The vulnerability arises from the improper handling of special characters, such as double quotes and backslashes, within input values used to construct policy documents. If an application passes unsanitized input containing these characters to the signing utilities, the resulting policy document may deviate from the application\u0026rsquo;s intended access restrictions. An enhancement was made to the AWS SDK for PHP version 3.371.4 to address this issue. This vulnerability impacts applications that do not properly sanitize inputs passed to the CloudFront signing utilities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application using a vulnerable version of the AWS SDK for PHP (3.11.7 - 3.371.3) that utilizes CloudFront signed URLs or cookies.\u003c/li\u003e\n\u003cli\u003eThe attacker locates an input field within the application that is used to generate CloudFront policy documents.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input string containing special characters (e.g., double quotes, backslashes) designed to manipulate the resulting policy document.\u003c/li\u003e\n\u003cli\u003eThe application passes the attacker-controlled input to the CloudFront signing utilities without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe CloudFront signing utilities generate a signed URL or cookie with a flawed policy document due to the injected special characters.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the crafted signed URL or cookie to bypass intended access restrictions and potentially gain unauthorized access to protected content.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses restricted resources on CloudFront that should have been protected by the intended policy.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to unauthorized access to content protected by Amazon CloudFront. If an attacker can manipulate the policy document, they might bypass intended access restrictions, potentially exposing sensitive data or allowing unauthorized actions. The number of affected applications is unknown, but any application using the vulnerable versions of the AWS SDK for PHP and failing to sanitize input is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to AWS SDK for PHP version 3.371.4 or later to incorporate the fix that addresses special character handling (reference: Patches section).\u003c/li\u003e\n\u003cli\u003eImplement robust input validation in application code to sanitize or escape special characters before passing values to CloudFront signing utilities (reference: Workarounds section).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual patterns of URL requests containing special characters that might indicate exploitation attempts (reference: webserver log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T19:54:58Z","date_published":"2026-03-27T19:54:58Z","id":"/briefs/2024-01-aws-sdk-cloudfront-injection/","summary":"A vulnerability exists in the AWS SDK for PHP CloudFront signing utilities where special characters in input values are not properly handled when creating policy documents, potentially leading to unintended access restrictions, affecting versions 3.11.7 through 3.371.3.","title":"AWS SDK for PHP CloudFront Policy Document Injection via Special Characters","url":"https://feed.craftedsignal.io/briefs/2024-01-aws-sdk-cloudfront-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Security","version":"https://jsonfeed.org/version/1.1"}