Yazılar

Open-source AI models exposed to criminal misuse, researchers warn

/in /tarafından

Open-source artificial intelligence models are increasingly vulnerable to criminal misuse, as hackers can take control of computers running large language models outside the safeguards used by major AI platforms, according to new research released on Thursday. Researchers warned that compromised systems could be used for spam campaigns, phishing, disinformation, fraud, and other illicit activities while evading standard security controls.

The study was conducted over 293 days by cybersecurity firms SentinelOne and Censys, and examined thousands of internet-accessible deployments of open-source large language models. The researchers identified a wide range of potentially harmful use cases, including hacking, harassment, hate speech, theft of personal data, scams, and in some instances severe illegal content. They said hundreds of models appeared to have safety guardrails deliberately removed.

While thousands of open-source AI variants exist, a significant share of publicly accessible systems were based on models such as Meta’s Llama and Google DeepMind’s Gemma. The analysis focused on models deployed using Ollama, a tool that allows organizations to run their own AI systems. System prompts were visible in about a quarter of observed deployments, and 7.5% of those prompts could potentially enable harmful activity.

Researchers said roughly 30% of the identified systems were hosted in China and about 20% in the United States. Industry experts stressed that responsibility for mitigating risks must be shared across developers, deployers, and security teams, warning that unchecked open-source capacity poses growing global security concerns.

Nike says it is investigating possible data breach

/in /tarafından

Nike said it is investigating a potential data breach after a cybercrime group claimed to have leaked a large volume of data linked to the company’s business operations. The sportswear giant said consumer privacy and data security remain a priority as it assesses the situation and works to understand the scope of the incident.

The ransomware group World Leaks alleged it had published around 1.4 terabytes of Nike-related data. The claim could not be independently verified, and the company declined to comment on whether any ransom demand had been made or paid. It was also unclear whether the incident affected data connected to Nike’s wholesale partners.

The investigation comes at a sensitive time for Nike, which has been working to regain market share lost to smaller rivals. Data breaches have increasingly disrupted major corporations in recent years, often leading to heavy financial losses and operational damage.

EU Plan to Phase Out High-Risk Tech Draws Fire From China’s Huawei

/in /tarafından

The European Union plans to phase out components and equipment from so-called high-risk technology suppliers in critical sectors, under proposed revisions to the EU Cybersecurity Act that have drawn sharp criticism from Huawei.

The draft proposal, released by the European Commission, aims to strengthen protections against rising cyber and ransomware attacks, foreign interference and espionage risks, while reducing Europe’s dependence on non-EU technology providers. Although the Commission did not name specific companies or countries, Huawei is widely expected to be among those affected.

EU technology chief Henna Virkkunen said the measures would improve security of critical ICT supply chains and bolster Europe’s technological sovereignty. The new rules would apply to 18 key sectors, including telecom networks, cloud services, semiconductors, energy systems, medical devices, drones and connected vehicles.

Under the proposal, mobile operators would have 36 months after publication of a high-risk supplier list to phase out key components. Additional timelines for fixed and satellite networks will be set later. Any restrictions would follow formal risk assessments and market impact studies.

Huawei said excluding suppliers based on country of origin rather than technical evidence violates EU legal principles and World Trade Organization obligations, echoing criticism from China’s foreign ministry. Industry group Connect Europe warned the measures could impose billions of euros in extra costs. The proposal must still be negotiated with EU governments and the European Parliament before becoming law.