Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip
The no-code power of Microsoft Copilot Studio introduces a new attack surface. Tenable AI Research demonstrates how a simple prompt injection attack of an AI agent bypasses security controls, leading to data leakage and financial fraud. We provide five best practices to secure your AI agents.
Agentic AI Security: Keep Your Cyber Hygiene Failures from Becoming a Global Breach
The Claude Code weaponization reveals the true threat: The democratization and orchestration of existing attack capabilities. It proves that neglecting fundamental cyber hygiene allows malicious AI to execute massive-scale attacks with unprecedented speed and low skill.
A Practical Defense Against AI-led Attacks
The era of AI-driven cyberattacks is here, demonstrated by the recent abuse of an agentic AI tool in a broad espionage campaign. Defense requires a new approach centered on preemptive exposure management, combining reinforced security fundamentals with defining the new AI attack surface and…
Active Directory Trust Misclassification: Why Old Trusts Look Like Insecure External Trusts
Tenable Research reveals an Active Directory anomaly: intra-forest trusts created under Windows 2000 lack a key identifying flag, even after domain and forest upgrades. Learn how to find this legacy behavior persisting to this day, and use crossRef objects to correctly distinguish these trust types.
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms.
Why Early Visibility Matters: Risk Lurks in the Vulnerability Disclosure Gaps
It seems pretty obvious: If an attacker can exploit a vulnerability before you can patch it, your organization is at risk. Yet the gaps between different phases of the vulnerability disclosure process continue to leave security teams in the dark.
Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728
Tenable Research found two flaws in SimpleHelp’s remote-support tool that can be chained together to gain remote code execution on clients' devices. SimpleHelp has patched them: CVE-2025-36728 in version 5.5.11 and CVE-2025-36727 in version 5.5.12.
The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration
Tenable Research discovered three vulnerabilities (now remediated) within Google’s Gemini AI assistant suite, which we dubbed the Gemini Trifecta. These vulnerabilities exposed users to severe privacy risks. They made Gemini vulnerable to: search-injection attacks on its Search Personalization…
How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381
Tenable Research recently discovered that the original patch for a critical vulnerability affecting BentoML could be bypassed. In this blog, we explain in detail how we discovered this patch bypass in this widely used open source tool. The vulnerability is now fully patched.
Security Leaders are Rethinking Their Cyber Risk Strategies, New Research from Tenable and Enterprise Strategy Group Shows
Get a firsthand look at how 400 security and IT leaders are tackling today’s cyber risk challenges in this latest study from Tenable and Enterprise Strategy Group.
The AI Security Dilemma: Navigating the High-Stakes World of Cloud AI
AI presents an incredible opportunity for organizations even as it expands the attack surface in new and complex ways. For security leaders, the goal isn't to stop AI adoption but to enable it securely.Artificial Intelligence is no longer on the horizon; it's here, and it's being built and deployed…
OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services
Tenable Research discovered a Remote Code Execution (RCE) vulnerability (now remediated) in Oracle Cloud Infrastructure (OCI) Code Editor. We demonstrated how an attacker could silently 1-click hijack a victim’s Cloud Shell environment and potentially pivot across OCI services. The vulnerability…
영업 팀에게 문의