your123 - stock.adobe.com
News brief: AI cybersecurity worries mount
Check out the latest security news from the Informa TechTarget team.
As we enter the final quarter of 2025, two letters of the alphabet continue to dominate enterprise tech conversations and news: AI. Companies are matching all that talk with action, with 78% of organizations now using AI in at least one business function, according to a global survey by McKinsey & Company.
In cybersecurity, some experts hope defensive AI will ultimately give enterprises the edge over attackers. Others, however, are losing sleep over ways AI could expose their organizations to new threats -- from both inside and out.
This week's featured articles explore AI cybersecurity anxiety, a troubling ChatGPT vulnerability and the downside of AI-powered vulnerability detection. Plus, learn why experts say zero trust must evolve if it is to successfully meet the AI moment.
AI cyber threats worry IT defenders
A September 2025 Lenovo report revealed widespread concern among IT defenders regarding AI-powered cyberattacks. Only 31% of IT leaders said they feel somewhat confident in their defensive capabilities, with a mere 10% expressing strong confidence.
The report highlights how AI enables attacks to evolve against defense mechanisms, potentially bypassing security platforms. Beyond offensive AI, which 61% cited as an increasing risk, IT leaders worry about employees using public AI tools and their organizations' rapid adoption of AI agents -- described as "a new kind of insider threat."
ChatGPT vulnerability enables invisible email theft
Researchers at Radware discovered a vulnerability called "ShadowLeak" that enables hackers to steal emails from users who integrate ChatGPT with their email accounts. The attack works by sending victims emails containing hidden HTML code -- using tiny or white-on-white text -- that instructs the AI to exfiltrate data when asked to summarize emails.
Since the processing happens on OpenAI's infrastructure, the attack leaves no trace on the victim's network, making it undetectable. OpenAI addressed the vulnerability in August after Radware reported it in June, though details of the fix remain unclear. Experts suggested that effective protection requires layered defenses, including AI tools to detect malicious intent.
AI vulnerability detection could hurt enterprise cybersecurity
Former U.S. cyber official Rob Joyce warned that AI-powered vulnerability detection could worsen cybersecurity rather than improve it. While AI systems such as XBOW can find software flaws faster than humans, Joyce said that patching capabilities cannot keep pace, especially for unsupported or legacy systems.
The gap between vulnerability discovery and remediation creates significant risk, potentially leading to catastrophic security failures. Additionally, Joyce cautioned about new threats involving the exploitation of AI agents integrated into corporate systems to identify valuable data for ransomware or extortion attacks.
To keep pace with AI-powered attacks, zero trust must evolve
Zero-trust architecture, with its "never trust, always verify" approach, is crucial as attackers increasingly adopt AI. While zero-trust principles such as network segmentation help limit access and verify identities, they must evolve to counter AI-enhanced threats.
Attackers now use AI to increase attack speed and create convincing deepfakes, particularly targeting identity-based vulnerabilities through stolen credentials and tokens. The recent Salesloft Drift breach demonstrates these evolving threats. Security experts have suggested that zero trust must adapt by implementing stronger identity verification and maintaining proper segmentation, especially as organizations integrate AI agents with access to sensitive data.
Read the full story by Arielle Waldman on Dark Reading.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Alissa Irei is senior site editor of Informa TechTarget Security.
