Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The AI ecosystem is rapidly changing, and with this growth comes unique challenges in securing the infrastructure and services that support it. In Part 1 of this series, we explored how attackers target the underlying resources that host and run AI applications, such as cloud infrastructure and storage. In this post, we'll look at threats that affect AI-specific resources in supply chains, which are the software and data artifacts that determine how an AI service operates.

In Parts 1 and 2 of this series, we looked at how attackers get access to and take advantage of the infrastructure and supply chains that shape generative AI applications. In this post, we'll discuss AI interfaces, which we define as the entry points and logic that determine how a user interacts with an AI application. These elements can include chat interfaces, such as AI assistants, and API endpoints for supporting services.

The swift adoption of generative AI (GenAI) by the software industry has introduced a new area of focus for security engineers: threats targeting the various components of their AI applications. Understanding how these areas are vulnerable to attacks will become increasingly significant as the space evolves. In this series, we'll look at common threats that target the following components of AI applications.

On August 14, 2025, Cisco released fixes for a maximum-severity vulnerability affecting Cisco Secure Firewall Management Center (FMC) Software, tracked as CVE-2025-20265. FMC is the centralized platform used to manage security settings and network devices across Cisco Firepower and ASA deployments.

Nearly everyone has had “that cold,” the one where most symptoms have resolved except that lingering cough. The cough can continue for weeks or months, all while you feel mostly well across the board. In cybersecurity, an advanced persistent threat (APT) is your IT environment’s lingering cough, albeit a much more damaging one. An APT stealthily gains initial access to your company’s systems and networks, then hides within them to complete objectives.

Standard query patterns often miss specialized device data like QoS stats, feature-specific configurations, or vendor-specific health metrics. Custom commands allow you to fill those gaps—delivering targeted insights without sifting through raw CLI logs or spreadsheets.

Weak passwords cause the majority of data breaches, making password-only security a serious risk in 2025. Understand why Two-Factor Authentication (2FA) is now a must-have for Atlassian tools like Jira and Confluence, how it blocks phishing and credential-based attacks, and why it’s become a baseline security standard.

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models (LLMs) and Multi-Component Protocols (MCP) - bring immense potential, but also novel vulnerabilities that traditional tools weren’t designed to handle.

11 days. That’s the global median dwell time for attackers in 2024,down from 26 days when external entities notify, but still long enough to cause significant damage. Your firewalls? They’re stopping known signatures. Endpoint tools see individual machines. But the network layer, where attackers actually move around, escalate privileges, steal sensitive data, that’s often a blind spot.

In this article Emergencies don’t send invitations; they strike when least expected. Natural disasters, cyberattacks, supply chain failures, or even sudden regulatory pressures can all disrupt operations in a heartbeat. But organizations that treat emergency planning as a checkbox are exposed. A well-crafted emergency plan is more than a document; it’s your roadmap out of crisis, keeping people safe, operations steady, and reputation intact.