In this episode of IBM’s Security Intelligence podcast, the panel discusses the recent Gartner advisory recommending organizations to ban AI browsers like Comet by Perplexity and ChatGPT’s Atlas due to significant security risks. The concern centers on sensitive personal and corporate data potentially being exposed to AI services and the risk of AI agents autonomously accessing and manipulating corporate systems. A recent exploit demonstrated how a simple email command could wipe a user’s Google Drive without phishing or social engineering, highlighting the dangers of AI browsers acting without explicit human approval. The panelists largely agree with Gartner’s cautious stance, emphasizing the need for stricter security measures and governance before widespread adoption in regulated environments.
The conversation then shifts to potential security improvements for AI browsers. Suggestions include requiring human review of any AI-generated instructions not directly initiated by users and implementing models like Google’s “user alignment critic” to evaluate AI plans before execution. However, the experts caution that the technology is still in its infancy, likening it to early software releases that often contain bugs and vulnerabilities. They stress the importance of collaboration between AI vendors, cybersecurity firms, and regulatory bodies to develop effective security frameworks and governance structures that can mitigate risks while allowing innovation to progress safely.
Next, the panel examines the role of AI companies in the threat intelligence landscape, especially following incidents like Anthropic’s discovery of an AI-powered espionage ring. There is a consensus that AI providers now occupy a central position in the attack surface and have new responsibilities to detect abuse, share threat intelligence, and notify victims. However, there is currently no standardized framework for how AI vendors should handle these duties. The experts advocate for greater transparency and collaboration, drawing parallels to the evolution of cloud security, where providers became critical partners in threat detection and mitigation.
The discussion then turns to Mitre’s 2025 CWE Top 25 Most Dangerous Software Weaknesses list, which remains dominated by long-standing vulnerabilities such as cross-site scripting, SQL injection, and cross-site request forgery. The panel expresses frustration that these fundamental flaws persist despite decades of awareness, attributing the issue largely to cultural challenges like insufficient secure coding practices and pressure on developers to prioritize feature delivery over security. They urge organizations to treat this list as a strategic tool for risk management, emphasizing secure-by-design principles, automation, and developer education to reduce breach risks effectively.
Finally, the episode covers a novel “bring your own virtual machine” attack uncovered by Red Canary researchers. In this attack, adversaries flooded a victim’s inbox with spam emails to create distraction, then gained remote access and deployed a malicious virtual machine on the victim’s system. This VM provided strong persistence, evaded detection, and operated independently of the host OS, challenging traditional endpoint security models. The panel highlights the need for enhanced monitoring of virtualization layers and hypervisor activity to detect such sophisticated threats. They conclude by stressing the importance of adapting security strategies to address emerging attack techniques that leverage infrastructure within infrastructure, underscoring the evolving complexity of the cybersecurity landscape.
