Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

CISA Orders Immediate Patch for Actively Exploited Cisco Unified CM SSRF Flaw

  CISA has moved quickly against a serious Cisco vulnerability because the issue is already being exploited and could expose government and ...

All the recent news you need to know
Technology
agentic AI AI governance Anthropic Claude Cowork Claude Desktop Cloud Security Enterprise AI Security Identity and Access Management Microsoft Entra Technology

Anthropic Tests Mobile Version of Desktop Like Claude Cowork

 


Claude Cowork, an auto-assisted desktop assistant designed to handle long-running knowledge work with minimal user intervention, has been tested on mobile devices by Anthropic, extending the reach of its agentic AI ecosystem. 

A mobile application is not reported to shift computational workloads to smartphones, but rather to function as a remote management interface, which allows users to initiate tasks, monitor their execution, and review progress as the actual computation takes place on a desktop computer. 

In the event that this capability is implemented, it will significantly expand Claude Cowork's accessibility by providing persistent oversight of background workflows such as document creation, spreadsheet generation, file analysis, and report preparation, advancing the integration of AI-driven productivity across devices. 

Claude Cowork will be enhanced with cross-platform capabilities, as well as redesigned into a centrally managed enterprise platform designed to accommodate a variety of organizational workflows through a unified deployment model. It was stated that the approach provides IT administrators with the ability to distribute a single desktop application throughout the organization and assign varying capabilities based on the role of users, enabling employees to access conversational AI, knowledge workers to utilize Claude Cowork when delegating long-term tasks, and software engineering teams to utilize Claude Code without having to deploy separate platforms. 

A long-standing enterprise concern related to AI adoption has been addressed by Anthropic, which emphasizes that the inference can remain within the customer's existing cloud environment, whereas the conversation history can be kept locally. This gives organizations greater control over the handling of data. A number of enterprise identity and device management features are also included in the platform, including single sign-on (SSO), mobile device management (MDM) policy templates, offline installation, and cloud deployment capabilities, allowing organizations to utilize artificial intelligence in an integrated manner rather than introducing an isolated infrastructure based on security, compliance, and governance concerns. 

As part of the update, Claude Chat, Claude Cowork, and Claude Code policy management is separated to provide organizations with granular administrative controls, allowing organizations to selectively enable features and phase their expansion. 

In large enterprises with multiple legal, finance, operations, and engineering teams that require different AI capabilities under distinct governance policies, role-based structures are particularly beneficial. A new feature of Anthropic's enterprise connectivity with Microsoft 365 is the ability for organizations to route data access through their own Microsoft Entra application rather than connecting directly with Anthropic. 

A tenant allowlisting feature, beta support for Microsoft 365 GCC High and DoD environments, as well as an optional local connector allowing Microsoft services to communicate with user devices, ensures that enterprises retain full control over authentication, permissions, audit logging and data access. The administrator will also have the option of exporting deployment policies, validating connectors, verifying Claude models from the cloud provider, and testing configurations before implementing large-scale deployments.

The Anthropic team intends to reduce procurement complexity and position Claude Desktop as enterprise software integrated with existing identity management, compliance, and infrastructure workflows by allowing customers already standardized on Amazon Web Services, Google Cloud, or Microsoft Foundry to deploy Claude within their existing cloud estates. 

In the current enterprise AI landscape, success depends on not only model capabilities, but also deployment flexibility, administrative control, governance, and seamless integration into existing enterprise ecosystems as organizations move from limited AI pilot programs to organization-wide deployments. 

The Claude Desktop application, which is available on macOS and Windows, has largely contained Claude Cowork, which executes autonomous tasks directly on the host machine using locally shared files and resources. It has been noted that Anthropic is actively developing a companion mobile application, as screenshots recently surfaced on X indicate. 

Users are expected to be able to start and steer tasks from their smartphones via the Claude mobile application, web interface, or desktop client, while checking execution status through the mobile app. Further, the interface indicates that assigned workloads continue running in the background even after the mobile application has been closed, which demonstrates the purpose of this feature is to oversee tasks persistently rather than executing them locally. 

By following this architecture, mobile devices function as remote management endpoints, while desktop environments remain responsible for computational tasks, file access, document generation, spreadsheet creation, and other resource-intensive operations. 

Anthropic has not yet formally announced full mobile support, but its Cowork documentation already mentions beta pairing support for phones, suggesting that a greater range of cross-device capabilities is being actively developed, with details and eligibility for account eligibility still unknown. 

Claude Cowork's ability to operate continuously as an artificial intelligence work agent will be enhanced if this capability is released, allowing users to initiate, monitor, and manage extended workflows without having to remain physically connected to their desktop computers. Anthropic is further advancing its broader philosophy of agent-driven productivity rather than conventional chatbots. 

Based on Anthropological's latest developments, the next phase of enterprise AI will be characterized by both operational governance and model capability, as organizations increasingly rely on autonomous AI agents to execute business-critical workloads, securing deployment, identity-aware access controls, integration with the cloud, and centralized policy management will become essential features rather than optional ones. 

If enterprises evaluate agentic AI platforms, they should prioritize solutions that align with existing security architectures, compliance obligations, and administrative workflows to ensure productivity gains do not negatively impact visibility, governance, or data security.
Read more »
Infrastructure Security
AI Infrastructure Security AI Security Credential Cyber Security Enterprise AI Security Enterprise security Infrastructure Security

AI Credential Security Emerges as Critical Risk in Modern Enterprise Infrastructure

 

Surprisingly, artificial intelligence alters how companies build their internal systems. Yet warnings emerge - not about flawed code, but about access methods growing more dangerous by the day. Credentials like API keys, login tokens, or automated service IDs now attract attackers as firms adopt more AI tools. 

A new report highlights an odd trend: defenses focus on outer boundaries, though weak identity controls often cause breaches inside AI environments. Investment flows into firewalls, even when real threats hide within permission structures Security breaches lately show a shift: criminals now aim more at login details instead of bugs within AI tools. A known example occurred when hackers gained access to publishing rights for a software library, slipping in harmful updates that collected AI account passwords, cloud keys, and system tokens across infected setups. 

Elsewhere, hidden project files left public helped adversaries grab artificial intelligence API secrets - before any code ran. Attackers succeeded here by abusing leaked authentication data, not defects in the underlying AI frameworks One reason experts point to is deeper issues baked into how AI systems are built. Instead of isolated logins for narrow tools, today’s setups often let one key open doors across many models and platforms. Because of this shift, losing control of login details means much wider exposure. Stolen tokens now offer criminals far greater leverage than before Among recent findings, signs point to an expanding problem with stolen login details.

A study across sectors showed over 1.27 million credentials tied to artificial intelligence services spilled online in 2025 alone - an uptick compared to prior periods. Old access tokens, though outdated, often stayed valid well beyond issue dates; when such keys fell into the wrong hands earlier, risk lingered far longer than expected Still, old-style safeguards like changing passwords, locking secrets away, or running automatic checks hold value - even if they fall short in AI-driven settings. 

Credentials tied to artificial intelligence tend to appear inside container files, system blueprints, build processes, recorded outputs, along with various hosted platforms. Once leaked access keys get found or reset, harm might already be done - copies hidden elsewhere, misuse underway. What worked before now lags behind how fast these systems share and replicate trust tokens Most security experts suggest companies start viewing AI identifiers much like those assigned to people or devices - restricting access based on necessity. 

Instead of using one wide-reaching API key, authorization should match only the needed tools, functions, or tasks. Each environment - whether used for live operations, trials, data review, or public interaction - ought to have distinct login details. This separation helps contain damage if one set gets exposed Security grows sharper when teams watch systems without pause. 

Ownership of access keys must be obvious, someone always accountable. Seeing what runs at any moment helps spot odd behavior early. Frequent checks on user actions reveal risks before they spread. A login seen outside usual patterns? Treat it as breached, just in case. With AI spreading through daily workflows, tracking who can do what matters more each month. Identity rules once tucked behind firewalls now step forward. They anchor defenses instead of trailing behind. Trust shifts only when proof holds firm.
Read more »
Technology
AI Robots AI Training Humanoid Robots Indian Workers Job Automation Technology

Inside India’s AI Boom: Workers Training Robots to Replace Human Jobs

 

Indian workers are increasingly being paid to record themselves performing everyday tasks so AI systems can learn how to do those jobs — a trend that’s creating short-term income but raising serious long-term questions about automation and worker displacement. 

Employers and startups are using head-mounted cameras, smartphones and motion sensors to collect “egocentric” footage of activities such as chopping vegetables, folding clothes and assembling parts; that data trains models intended to teach humanoid robots how humans move and interact with objects in real environments. The work has opened a new gig economy niche: workers earn small payments per hour of footage, often in low-cost regions like India where labour is cheaper than in Western markets. 

For many workers the pay provides immediate relief — a few hundred rupees per hour can be meaningful — but the jobs themselves are repetitive and sometimes physically taxing, involving long shifts and continuous filming that can cause eye strain and fatigue. Companies argue this is legitimate work in a growing data economy: capturing real-world human movement is essential for training robots to operate safely and effectively outside labs. Tech firms say egocentric data accelerates progress toward practical household and industrial robots by exposing models to the messy realities of kitchens, factories and crowded workspaces that simulated data cannot reproduce. 

Yet the ethical and economic implications are stark. Critics say the model resembles a paradox: workers are paid to teach machines how to replace them, creating what some call a “data-for-displacement” cycle. Labor advocates worry that once humanoid robots mature, tasks now filmed by humans — from domestic chores to basic factory assembly — could be automated, squeezing informal-sector incomes on which millions depend. Policy analysts note that much public debate on AI’s job impacts focuses on white-collar roles, while the millions in informal or low-wage physical jobs receive far less attention despite being directly targeted by physical AI development. 

Responses are emerging but remain fragmented. Some companies insist robots will complement rather than replace human workers, enabling safer or higher-skilled jobs; others have introduced retraining or higher-paying annotation roles as partial mitigation. Meanwhile civil-society groups and researchers call for stronger labor protections, transparency about how footage will be used, and social-safety nets to support workers displaced by automation, especially in countries with large informal workforces. 

The situation highlights a broader policy challenge: balancing technological progress with social safeguards so that the value created by AI doesn’t accrue only to firms and investors while leaving vulnerable workers behind. As physical AI moves from research labs into everyday life, regulators, companies and worker representatives will need to negotiate fair pay, consent, and transition measures—or risk repeating past technological revolutions that expanded productivity while widening inequality.
Read more »
sim swap
CBZC cryptocurrency Cyber Crime FBI Poland sim swap

Poland arrests four suspects in international SIM-swapping operation linked to multimillion-dollar cryptocurrency thefts

 



Polish law enforcement authorities have arrested four suspected members of an organized cybercrime group accused of orchestrating intricate SIM-swapping attacks that allegedly enabled the theft of millions of dollars in cryptocurrency from victims. The coordinated operation was led by Poland's Central Bureau for Combating Cybercrime (CBZC) with operational assistance from the U.S. Federal Bureau of Investigation (FBI) and Homeland Security Investigations (HSI), highlighting the cross-border nature of the investigation.

According to investigators, the group combined technical intrusions with social engineering techniques to compromise organizations working alongside telecommunications providers. By infiltrating partner infrastructure and gaining unauthorized access to employee email accounts, the suspects allegedly obtained sensitive information that enabled them to perform fraudulent SIM-swapping attacks.

A SIM-swap attack involves transferring a victim's mobile phone number to a SIM card controlled by an attacker. Once the transfer is completed, the attacker can intercept SMS messages, one-time verification codes, password reset requests, and other communications that rely on the victim's phone number for authentication.

Authorities allege that after taking control of victims' mobile numbers, the cybercriminals intercepted SMS-based authentication messages and email communications before using that access to seize control of cryptocurrency exchange accounts. The attackers then transferred digital assets from compromised accounts before attempting to conceal the proceeds through an extensive laundering operation.

Investigators estimate that the criminal scheme generated millions of U.S. dollars in stolen cryptocurrency. The illicit proceeds were allegedly moved through a distributed financial network consisting of multiple domestic and international bank accounts, international payment platforms, and multi-currency digital wallets in an effort to obscure the origin of the funds. Polish authorities estimate that the total amount laundered exceeded tens of millions of Polish złoty, equivalent to at least approximately US$5 million based on current exchange rates.

In a statement describing the operation, CBZC said the suspects relied on specialized software together with social engineering techniques to gain unauthorized access to infrastructure belonging to organizations cooperating with telecommunications operators, as well as employee email accounts. Investigators said the information obtained during those compromises enabled the illegal cloning and takeover of victims' phone numbers through SIM-swapping attacks.

Authorities further stated that the suspects allegedly treated the criminal enterprise as a continuous source of income, repeatedly moving stolen assets across numerous financial accounts and cryptocurrency wallets located in multiple jurisdictions to complicate financial tracing efforts.

All four suspects have been placed in pre-trial detention. They face allegations including participation in an organized criminal organization, unauthorized access to information systems to facilitate theft, and money laundering. If convicted, the offenses carry penalties of up to 25 years' imprisonment under Polish law.

While Polish authorities have not publicly identified the individuals arrested because of the ongoing international investigation, blockchain investigator ZachXBT claimed that one of the detainees is Wojtek Kulisz, also known online by the alias "Merry." The identification was reportedly based on items visible in official footage released during the police operation. Authorities have not independently confirmed that claim.

Investigators have also declined to disclose which cryptocurrency exchanges were affected or identify the victims, citing the continuing international investigation. Law enforcement agencies say efforts to identify additional victims, trace stolen assets, and pursue further investigative leads remain ongoing.

The case stresses the urgency of the risks associated with SMS-based authentication. Security professionals have long advised cryptocurrency investors and organizations to replace SMS-based two-factor authentication with authenticator applications or hardware security keys whenever possible, as SIM-swapping attacks remain an effective method for bypassing text message verification when attackers successfully compromise telecommunications systems or manipulate carrier processes.

Read more »
Information Security Leadership
AI cybersecurity Chief Information Security Officer CISO Code Of Ethics Cyber Risk Management Cyber Security Information Security Leadership

The Growing Call for a CISO Code of Ethics


CISOs today are no longer measured solely by the effectiveness of an organization's cyber defenses. With the increase of cyber threats, the acceleration of offensive capabilities with artificial intelligence, and increasing regulatory scrutiny, the role of enterprise-wide risk management, strategic decision making, and executive accountability has increased. 

The rapid evolution of the security industry, however, exposes a critical imbalance. Although companies increasingly rely on Chief Information Security Officers to safeguard their business operations, sensitive data, and corporate resilience, many security leaders are still lacking board-level support, clearly defined governance frameworks, or an universally accepted ethical framework. 

With the rise of data breaches and the growing concern about AI-enabled cyber threats, the question is not whether CISOs are equipped to deal with technical security challenges, but whether the profession itself requires a code of ethics that guides high-impact decisions that extend beyond cybersecurity in order to guide high-impact decisions. 

In addition to managing firewalls, security tools, and incident response operations, the CISO position has evolved far beyond managing firewalls and security tools to encompass a strategic role that encompasses more than ethical accountability. It is the chief information security officer's responsibility to design, implement, and enforce enterprise-wide security policies as well as ensuring the organization's long-term business strategy remains infused with cybersecurity. 

A CISO is responsible for overseeing the implementation of security technologies and workforce awareness programs to reduce the risk of data breaches and system compromise, in addition to fostering a security-first culture that strengthens organizational resilience and facilitates compliance with a growing range of regulatory and industry guidelines.

An organization's security posture must first be evaluated, existing controls evaluated, capability gaps identified, and risks prioritized to develop a security roadmap aligned with business objectives. These responsibilities require a combination of cybersecurity expertise, executive leadership, and strategic decision-making to accomplish. 

The modern CISO must have extensive knowledge of risks, threat detection, and response, as well as compliance standards such as GDPR, NIST, and SOC 2. They must also be equipped to manage security teams, budgets, and enterprise resources simultaneously. Board members and executive leadership must also be able to translate complex cyber risks into business-focused insights in order to facilitate informed decision-making and facilitate cross-functional collaboration capable of adapting to an increasingly sophisticated threat landscape, which is equally critical. 

According to recent findings, these challenges in governance translate into measurable risks in the operating environment. In the Voice of the CISO survey, conducted during the first quarter of 2025, 1,600 chief information security officers were surveyed across 16 countries by organizations with over 1,000 employees. 

According to nearly two-thirds of respondents, their organizations have suffered a material loss of sensitive information within the past year—a sharp increase over 46% reported in the previous survey. As a consequence, three quarters of CISOs are concerned that their organizations will be susceptible to material cyberattacks in the next 12 months. As a result of increased regulatory oversight and the demand for greater transparency, security leaders are increasingly willing to disclose security incidents as a result of these rising figures, indicating more than an increase in threat activity. 

Patrick Joyce, Global Resident CISO at Proofpoint, observed that CISOs are increasingly open about cyber risk exposure as a result of evolving governance expectations. The majority of respondents stated that they were confident in their organizations' cybersecurity culture, however six out of ten stated that they were not adequately prepared to handle a major cyber-attack. 

A significant proportion of CISOs indicated that they would consider paying a ransomware demand in order to recover critical data or restore business operations, highlighting the difficulty of making ethical decisions during crisis response. The findings also emphasize the complex balance between business continuity, risk management, and ethical decisions. 

A formal code of ethics for CISOs is gaining renewed relevance in light of this background. It is argued that technical expertise alone is no longer sufficient to fulfill the role of Chief Information Security Officer, which involves high-impact decisions affecting national infrastructure, business continuity, compliance with regulatory requirements, and public trust frequently. This framework is deliberately concise, incorporating four mandatory canons that describe the profession's fundamental ethical obligations rather than replacing individual professional judgment. 

By providing advisory guidance, the framework aims to assist security leaders in navigating complex situations in which competing responsibilities are often not clear on a technical or legal level. The code's preamble emphasizes that the CISO's primary responsibility is to protect society, organizational stakeholders, and critical infrastructure, making compliance with the code a mandatory assignment. 

According to the four core principles, cybersecurity professionals are expected to protect society and essential infrastructure, act with honesty, integrity, and stewardship, serve their organizations competently and diligently, and actively strengthen and safeguard the cybersecurity profession as a whole. 

A practical objective complements these mandatory canons, which encourage cybersecurity research, education, mentoring of future practitioners, and the preservation of professional certification values, while discouraging conduct that could adversely affect public confidence or security. There are many ways a professional can undermine ethical credibility, such as creating unnecessary fear or uncertainty, providing false reassurance, promoting poor security practices, exposing inadequately secured systems to a public network, or participating in professional associations that compromise ethical standards. 

A further requirement of the framework is that compliance with the preamble and four canons be enforced, and any conflicts between ethical obligations are resolved in accordance with the order in which the canons are defined. This ensures that security professionals have a structured hierarchy for resolving complex ethical dilemmas without creating conflicting obligations. 

CISOs continue to assume increasingly extensive legal, operational, and ethical responsibilities, and industry experts emphasize that personal crisis management strategies should also be developed to protect security executives along with the organizations they serve. 

A comprehensive incident response plan should not only prepare for technical incident response, but also consider professional, legal, financial, and reputational risks that may arise following an investigation by the government or a major cyber incident. It is important to maintain comprehensive documentation of security decisions, risk assessments, mitigation strategies, and executive communications, including instances where recommendations for security measures are declined by senior management or the board. 

By maintaining an auditable record of both approved and rejected security recommendations, companies can demonstrate due diligence, compliance with regulations, and informed decision making when faced with legal scrutiny. 

A CISO's security strategies must align with changing compliance obligations as they evolve in cybersecurity legislation, disclosure requirements, and regulatory frameworks by engaging in continuous professional development and consulting with legal counsel regularly. 

In addition, experts recommend that executives take out professional liability insurance specifically designed for executive cybersecurity roles, as standard corporate policies may not cover CISOs who have not been appointed as officers or directors by the organization, potentially leaving them personally liable for the consequences. As an added safeguard, a documented ethical decision-making framework will be developed that will serve as a consistent reference when dealing with incidents involving conflicting legal obligations, executive pressures, or sensitive disclosure decisions. 

The establishment of strong working relationships with legal, finance, public relations, and corporate communications teams is essential to the coordination of incident response, which ensures that regulatory notifications, public disclosures, and stakeholder communication remains both legally compliant and ethically sound during times of crisis. 

In the age of cybersecurity, enterprise resilience and national digital security continue to be shaped by it, which means that CISOs are increasingly responsible for more than just technical oversight. Effective cyber leadership requires strong governance, ethical accountability, transparent risk communication, and executive support.

The organizations that empower security leaders with clear ethical frameworks, documented decision-making processes, and cross-functional collaboration will have better chances of navigating an increasingly complex threat landscape while maintaining trust, regulatory compliance, and long-term operational efficiency.

Read more »
Self-Driving
ADAS Cyber Security India Auto Tech Radar Sensors Road Safety Self-Driving

India Removes Spectrum Barriers to Fast‑Track ADAS and Self‑Driving Tech

 

India has taken a significant step toward modernizing road safety by removing licensing requirements for radar sensors used in crash-avoidance and self-driving technologies. Reuters reports that the move is meant to reduce barriers for automakers and encourage the adoption of systems that can help lower the country’s high road fatality rate.

The issue is important because India’s roads remain among the most dangerous in the world, and vehicle safety technology is still unevenly deployed. By clearing spectrum access for key systems, the government is signaling that it wants advanced driver-assistance features such as emergency braking, blind-spot detection, and adaptive cruise control to become easier and cheaper to install. 

Under the new policy, manufacturers no longer need separate licensing to use radar sensors in the 77 GHz to 81 GHz range, which are central to many safety functions. Reuters also says similar relief was granted for systems operating in the 59 GHz band, which support communication between vehicles and roadside infrastructure. 

The policy shift also brings India closer to the regulatory approach used in the United States and the European Union, where standardized hardware can be deployed more freely. That matters for automakers because it reduces the need to build expensive India-specific alternatives, potentially speeding up launch timelines and lowering costs for consumers. 

At the same time, the report highlights that this is not a full autonomous-driving policy and does not solve India’s broader road safety problems on its own. The real test will be whether these regulatory changes translate into safer vehicles on the road, broader adoption by automakers, and measurable reductions in crashes over time.
Read more »
Subscribe to: Posts (Atom)

Featured