The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws.

The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation.

CTO Ollie Whitehouse says skilled attackers using AI can uncover hidden flaws faster than before, forcing organizations to respond with a wave of urgent security updates. Governments and companies will need to patch systems quickly as more vulnerabilities are exposed in a short time, creating pressure on global cybersecurity defenses.

“Artificial Intelligence, when used by sufficiently-skilled and knowledgeable individuals, is showing the ability to exploit this technical debt at scale and at pace across the technology ecosystem. As a result, the NCSC expect there will be a ‘forced correction’ to address this technical debt across all types of software, including open source, commercial, proprietary and software as a service.” states NCSC.

“This is why we are encouraging all organisations to prepare now for when a ‘patch wave’ arrives; a rush of software updates that will need to be applied across the technology stack to address the disclosure of new vulnerabilities.”

Organizations should reduce their internet-facing and externally exposed attack surfaces as quickly as possible. They should first secure perimeter technologies, then move inward to cloud and on-premise systems to limit exposure from newly discovered vulnerabilities.

If full patching isn’t possible, priority should go to external systems and critical security infrastructure. However, patching alone is not enough. Legacy or end-of-life systems that no longer receive updates create ongoing risk. In these cases, organizations must replace outdated technologies or restore vendor support, especially when they are exposed to the internet.

“It is also important for organisations to realise that patching alone will not always suffice; some technical debt may be present in ‘end of life’ or legacy technology that is out of support, and so can’t receive updates.” continues the blog post published by the UK agency. “In such instances, organisations will need to replace technologies, or bring them back within support, especially where it presents an external attack surface.”

Organizations are urged to apply security updates faster, more often, and across supply chains due to a rise in vulnerabilities, including critical ones. The NCSC advises enabling automatic “hot patching” and automatic updates where possible to reduce workload and speed response.

When automation isn’t available, organizations should use risk-based prioritization (e.g. Stakeholder Specific Vulnerability Categorisation (SSVC)) to manage updates safely. If a critical flaw is actively exploited, especially on internet-facing systems, patches must be applied immediately. The guidance promotes an “update by default” approach, with exceptions for safety-critical systems.

The UK agency pointed out that patching alone isn’t enough to solve deeper security issues. Vendors should reduce risk by adopting safer designs like memory safety and containment technologies such as CHERI.

Organizations must also strengthen basic cyber hygiene using frameworks like Cyber Essentials or the Cyber Assessment Framework for critical sectors.

For higher-risk environments, NCSC recommends privileged access workstations, stronger cross-domain architecture, and better threat detection through observability and threat hunting.

“In conclusion, the NCSC advise all organisations, irrespective of size, to plan and prepare for the vulnerability patch wave.” concludes the agency. “A good place to start is by reading the NCSC’s updated Vulnerability Management guidance.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NCSC)

Organisations worldwide are being urged to prepare for a vulnerability patch wave, as security experts warn that advances in artificial intelligence (AI) could rapidly expose long-standing weaknesses across software systems. The warning comes from National Cyber Security Centre (NCSC), which says businesses must act now to strengthen their environments before a surge of critical updates arrives. In a blog, Chief Technology Officer Ollie Whitehouse highlighted that years of accumulated technical debt are now becoming a major cybersecurity risk. Technical debt refers to unresolved flaws and compromises in software that arise when organisations prioritise speed or short-term delivery over long-term resilience. According to Whitehouse, artificial intelligence is accelerating the problem. Skilled attackers are increasingly able to use AI tools to identify and exploit vulnerabilities at scale, forcing what the NCSC describes as a “correction” across the technology ecosystem. This is expected to trigger a vulnerability patch wave, with a high volume of security updates affecting open source, commercial, proprietary, and software-as-a-service platforms.

Prioritising External Attack Surfaces

As part of preparing for the vulnerability patch wave, the NCSC advises organisations to first focus on their external attack surfaces. Internet-facing systems, cloud services, and exposed infrastructure present the highest risk when new vulnerabilities are disclosed. The guidance recommends a perimeter-first approach. Organisations should secure outward-facing technologies before moving deeper into internal systems. This reduces the likelihood that attackers can exploit newly discovered weaknesses during the vulnerability patch wave. Where resources are limited, priority should be given to patching systems that are directly exposed to the internet. Critical security infrastructure should follow next. However, the NCSC cautions that patching alone will not solve every issue. Legacy and end-of-life systems remain a major concern. Many of these technologies no longer receive security updates, leaving organisations vulnerable even during a vulnerability patch wave. In such cases, businesses may need to replace outdated systems or bring them back into supported environments, especially if they are externally accessible.

Preparing for Faster and Large-scale Patching

The expected vulnerability patch wave will require organisations to rethink how they manage updates. The NCSC is urging businesses to prepare for faster, more frequent, and large-scale deployment of security patches, including across supply chains. Several key measures have been recommended:

• Enable automatic updates wherever possible to reduce operational burden
• Adopt secure “hot patching” to apply fixes without service disruption
• Ensure internal processes support rapid and large-scale updates
• Use risk-based prioritisation models such as Stakeholder Specific Vulnerability Categorisation (SSVC)

Whitehouse noted that organisations must be ready to accelerate patching timelines when critical vulnerabilities are actively exploited, particularly those affecting internet-facing systems. At the core of this approach is an “update by default” policy. This means applying software updates as quickly as possible, ideally through automated processes. While this may not always be feasible for safety-critical or operational technology systems, the NCSC says it should form the foundation of modern vulnerability management strategies.

Beyond Vulnerability Patch Wave: Addressing Systemic Risks

The NCSC emphasises that the vulnerability patch wave is only part of a broader cybersecurity challenge. Patching addresses immediate risks, but it does not eliminate the underlying causes of technical debt. Technology vendors are being encouraged to build more secure systems from the outset. This includes adopting memory safety and containment technologies such as CHERI, which can reduce the likelihood of exploitable vulnerabilities. For organisations operating critical services, strengthening cybersecurity fundamentals is equally important. Frameworks such as Cyber Essentials and sector-specific resilience models can help reduce the impact of breaches and improve overall security posture. Additional guidance has also been issued for high-risk environments, covering areas such as privileged access workstations, cross-domain security architecture, and threat detection through observability and proactive hunting.

Organisations Urged to Act Now

The NCSC has made it clear that preparation cannot be delayed. The anticipated vulnerability patch wave is expected to impact organisations of all sizes and sectors. Businesses are advised to review their vulnerability management processes, assess their exposure, and ensure their supply chains are also ready to respond. Larger organisations, in particular, are encouraged to seek assurance from both commercial and open-source partners. As Whitehouse concluded, readiness for the vulnerability patch wave will depend on proactive planning, strong fundamentals, and the ability to respond quickly at scale.

NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use.

The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device designed to monitor and block suspicious activity on HDMI and DisplayPort connections.

Developed through research led by the NCSC and now licensed for production to Goldilock Labs in partnership with Sony UK Technology Centre, SilentGlass represents a shift in how hardware interfaces are treated in cybersecurity. Instead of focusing only on software threats, it addresses risks that arise when physical connections themselves are exploited.

“First commercially available product licensed to use NCSC branding granted to Goldilock Labs in manufacturing partnership with Sony UK Technology Centre.” reads the announcement. “UK government and businesses to be protected at scale by the affordable plug-in cyber security device”

The device works in a simple but powerful way. It sits between a computer and a display and inspects everything passing through the connection. If anything unexpected, unauthorized, or potentially malicious is detected, it immediately blocks the transmission. This prevents attackers from using display channels as an entry point or surveillance path.

According to the NCSC, monitors and screens are increasingly attractive targets for attackers because they often display sensitive information and are widely deployed across organizations. In some cases, they can even be used as an indirect pathway into larger systems, especially in environments where physical access or supply chain exposure is possible. As more advanced adapters and intermediary devices have been introduced over time, the attack surface has grown without many organizations realizing it.

SilentGlass was created to close this gap. It is designed as a plug-and-play solution that does not require complex configuration, making it suitable for large-scale deployment in both government and private-sector environments. It is also intended to be affordable, allowing wider adoption beyond highly specialized security operations.

“Display screens and monitors are everywhere in modern business environments, and the SilentGlass device will help protect previously vulnerable IT infrastructure with unprecedented ease.

Its development and commercialisation shows the impact that the NCSC can have, alongside industry partners, with an affordable and effective product now globally available.” said Ollie Whitehouse, NCSC Chief Technology Officer.

“By helping to launch a UK company onto the global market with this world-class innovation, we are breaking new ground and helping to strengthen national prosperity.

The technology has already been tested in high-security government settings and is now being introduced to the broader market at CYBERUK, the UK government’s main cybersecurity conference. Its commercial release marks a significant step in bringing national-security-grade innovation into everyday business environments.

From the industry side, Goldilock Labs highlights that hardware interfaces have historically been treated as trusted components rather than security boundaries. However, these interfaces can be exposed to risks from supply chains, third-party maintenance, or direct physical manipulation. SilentGlass reframes this assumption by enforcing security checks directly at the point of connection.

The device is also part of a broader shift in cybersecurity thinking: instead of reacting to software vulnerabilities alone, it introduces control mechanisms at the hardware level before data even enters a system. This proactive approach aims to reduce entire categories of attacks that have traditionally been difficult to detect or mitigate.

By combining government-led research with commercial manufacturing and global distribution, SilentGlass is positioned as a practical example of how public-sector innovation can be transformed into widely deployable security solutions. It reflects a growing recognition that cybersecurity must extend beyond networks and applications to include the physical pathways that connect them.

With its global release, SilentGlass is expected to be adopted by governments, critical infrastructure operators, and security-conscious organizations seeking stronger protection against increasingly sophisticated physical and hardware-based threats.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NCSC)

UK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection.

UK National Cyber Security Centre (NCSC) and global partners warn that China-linked threat actors now rely on large proxy networks built of hacked consumer devices. Groups control routers, cameras, video recorders, and NAS systems to route attacks and mask their identity. This shift replaces smaller, dedicated infrastructure with vast botnets that help them blend into normal traffic and avoid detection.

China-nexus cyber actors use these botnets across the full Cyber Kill Chain, from reconnaissance to data theft. This model gives them a low-cost, flexible, and deniable setup that they can quickly reshape, making static IP blocklists far less effective.

“Covert networks enable China-nexus actors to launch cyber attacks against UK organisations, stealing sensitive data and potentially disrupting critical services.

Because the covert networks are constantly refreshed and share nodes across multiple threat groups, defenders face “IOC extinction” – indicators of compromise disappear as quickly as they are discovered.” reads the advisory. “Consequently, organisations that rely solely on static defences risk being bypassed, while those that adopt adaptive, intelligence driven measures can better mitigate the risk.”

National Cyber Security Centre and partners, including the Cyber League, released guidance to counter covert network threats. They advise organisations of all sizes to map and baseline traffic from edge devices, especially VPN and remote access connections. They also recommend using dynamic threat feed filtering that includes indicators of compromised infrastructure to improve detection and reduce exposure to hidden attack networks.

“Potential victims should implement two-factor authentication for remote access and, where possible, apply zero trust controls, IP allow lists, and machine certificate verification.” continues the advisory. “Larger or high-risk entities should consider active hunting of suspicious SOHO/IOT traffic, geographic profiling, and machine learning based anomaly detection.”

National Cyber Security Centre explains that China-linked covert networks keep evolving, with new and updated infrastructures appearing regularly due to countermeasures, exploits, and technical changes.

“The number of covert networks used by China-nexus cyber actors is large, with new networks regularly developed and deployed.” reads the joint advisory. “The existing covert networks change too, either because of defensive or legal action, or simply as a result of software updates and new exploits being used to target different technologies for incorporation into the network.”

Because these networks change so often, full technical descriptions quickly become outdated and offer limited value for defenders. Still, most share a common structure: an operator enters through an on-ramp or entry node, then routes traffic across multiple compromised devices acting as traversal nodes, before exiting through an exit node that often sits near the target’s region. Understanding this basic flow helps defenders identify where they sit in the chain and improve detection and response strategies against these dynamic proxy-based networks.

NCSC provides tailored guidance to defend against covert networks built from compromised devices. It explains that defending these attacks requires layered strategies based on an organisation’s size and risk level, and it does not eliminate all risk.

All organisations should map internet-facing assets, baseline normal traffic, especially VPN and remote connections, and use dynamic threat feeds that include covert infrastructure indicators. They should also deploy multi-factor authentication and consider tools like the Cyber Action Toolkit and Cyber Essentials.

Higher-risk organisations should strengthen controls with IP allow lists, geographic and behavioural filtering, zero trust models, SSL machine certificates, and reduced internet exposure. They should also explore anomaly detection using machine learning.

The largest or most exposed organisations should actively hunt for signs of covert networks, track known infrastructure using threat intelligence, analyse NetFlow data, and integrate dynamic blocklists and alerts. For critical sectors, the Cyber Assessment Framework supports advanced defensive maturity.

Federal Bureau of Investigation reports describe large China-linked botnets, such as Raptor Train, used for state-aligned cyber activity. In September 2024, researchers from Lumen’s Black Lotus Labs discovered the Raptor Train botnet, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by the China-linked APT group Flax Typhoon (also called Ethereal Panda or RedJuliett). The botnet has been active since at least May 2020, reaching its peak with 60,000 compromised devices in June 2023.

Since May 2020, over 200,000 devices, including SOHO routers, NVR/DVR devices, NAS servers, and IP cameras, have been compromised and added to the Raptor Train botnet, making it one of the largest China-linked IoT botnets discovered. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, China)

A newly issued cybersecurity advisory highlights an evolution in the tactics, techniques and procedures (TTPs) employed by China-Nexus threat actors. The report, released with support from the UK Cyber League and coordinated by the National Cyber Security Centre (NCSC-UK) alongside international partners, sheds light on how Chinese threat actors are relying on large-scale covert networks of compromised devices to conduct malicious cyber operations.

A Strategic Shift in China-Nexus TTPs 

In recent years, cybersecurity experts have observed a clear transition in China-Nexus TTPs. Rather than relying on dedicated, individually controlled infrastructure, Chinese threat actors are now leveraging expansive networks of compromised devices, commonly referred to as covert networks or botnets. These networks are primarily composed of Small Office/Home Office (SOHO) routers, Internet of Things (IoT) devices, and other internet-connected hardware. According to the advisory, the majority of China-Nexus actors are believed to be using such covert networks, with multiple networks operating simultaneously and often shared among different groups. These networks are continuously updated, making them highly adaptable and difficult to track. Any organization targeted by Chinese threat actors could be affected. For example, the group known as Volt Typhoon has used these covert networks to pre-position cyber capabilities within critical infrastructure, while Flax Typhoon leveraged similar methods for espionage operations.

How Covert Networks Operate 

Although botnets are not new, China-Nexus actors are now deploying them at an unprecedented scale and with strategic intent. These covert networks allow attackers to mask their identity, route malicious traffic through multiple nodes, and reduce the risk of attribution. Typically, an attacker accesses the network via an entry point, or “on-ramp,” and routes activity through numerous compromised devices—called traversal nodes—before exiting near the target. This multi-hop approach obscures the origin of the attack. These networks support every stage of a cyber operation, from reconnaissance and scanning to malware delivery, command-and-control communication, and data exfiltration. They are also used for general browsing, enabling threat actors to research vulnerabilities and refine TTPs without revealing their identity. The presence of legitimate users on some networks further complicates attribution. 

Real-World Examples and Scale 

Evidence suggests that some covert networks used by China-Nexus actors are developed and maintained by Chinese cybersecurity firms. One notable example is the “Raptor Train” network, which infected over 200,000 devices globally in 2024. It was reportedly managed by Integrity Technology Group, a company also linked by the FBI to activities associated with Flax Typhoon. Another example includes the KV Botnet used by Volt Typhoon, which primarily exploited outdated Cisco and NetGear routers. These devices were particularly vulnerable because they had reached “end-of-life” status, meaning they no longer received security updates. The scale and adaptability of these networks present a major challenge. As Paul Chichester, NCSC Director of Operations, stated: “Botnet operations represent a significant hreat to the UK by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyberattacks.”

Challenges for Network Defenders 

Cybersecurity researchers have long been aware of such threats, but the evolving nature of China-Nexus TTPs introduces new difficulties. A key issue identified by Mandiant Intelligence in May 2024 is “indicator of compromise (IOC) extinction.” Traditional defenses, such as static IP blocklists, are becoming less effective because attackers can operate from vast, constantly changing pools of devices.  As compromised nodes are patched or removed, new ones are quickly added, making these networks highly dynamic. This fluidity undermines conventional detection and mitigation strategies. 

Defensive Measures and Best Practices 

The advisory outlines several steps organizations can take to defend against China-Nexus covert networks: 

For all organizations: 

• Maintain a clear inventory of network edge devices. 

• Establish baselines for normal network activity, particularly VPN access. 

• Monitor for unusual connections, including those from consumer broadband ranges. 

• Use dynamic threat intelligence feeds. 

• Implement multi-factor authentication for remote access. 

For higher-risk organizations: 

• Use IP allow lists instead of blocklists for VPN access. 

• Apply geographic and behavioral profiling of incoming connections. 

• Adopt zero-trust security models. 

• Enforce SSL machine certificates. 

• Reduce exposure of internet-facing systems. 

• Explore machine learning tools to detect anomalies. 

For the most at-risk entities: 

• Treat China-Nexus covert networks as advanced persistent threats (APTs). 

• Conduct active threat hunting for suspicious IP activity. 

• Map and monitor known covert networks using threat intelligence. 

The post APT28 Hijacks Home Routers to Steal Corporate Credentials appeared first on Daily CyberSecurity.

The Russian-linked threat group APT28 has continued to leverage vulnerable network devices to carry out large-scale DNS hijacking campaigns, enabling adversary-in-the-middle attacks. Recent developments show that these operations have drawn direct intervention from U.S. authorities.  The U.S. Department of Justice and the FBI announced a court-authorized operation to disrupt a network of compromised routers controlled by Russia’s military intelligence unit, widely known as APT28. According to findings aligned with prior reporting from the NCSC, the group has been exploiting routers to intercept communications, harvest credentials, and target individuals and organizations of intelligence interest. 

DNS Hijacking and Adversary-in-the-Middle Tactics 

APT28’s operations include DNS hijacking, a technique that manipulates how domain names are resolved into IP addresses. By altering DNS settings, often at the router level, attackers redirect legitimate traffic through malicious infrastructure. This enables adversary-in-the-middle (AitM) attacks, where victims unknowingly connect to spoofed services. These malicious endpoints are designed to imitate legitimate platforms, allowing attackers to intercept login sessions and extract sensitive data, including passwords, OAuth tokens, and emails. Both the FBI and the NCSC have noted that these attacks can impact browser sessions and desktop applications alike, increasing the scale and effectiveness of credential harvesting.

U.S. Operation Targets APT28 Infrastructure 

The disruption effort, publicly disclosed by the Department of Justice, targeted a network of small office/home office (SOHO) routers compromised by APT28, also known as Fancy Bear, Sofacy, Sednit, STRONTIUM, Forest Blizzard, and Pawn Storm. The group is widely attributed to Russia’s GRU Unit 26165.  Since at least 2024, APT28 actors have exploited known vulnerabilities to gain access to thousands of TP-Link routers globally. After stealing credentials, they modified router configurations to redirect DNS traffic to malicious servers under their control. These operations were initially indiscriminate. However, the attackers implemented automated filtering mechanisms to identify DNS queries of intelligence value. For selected targets, the malicious DNS resolvers returned fraudulent records for domains, particularly those mimicking Microsoft Outlook services, to facilitate adversary-in-the-middle attacks against encrypted traffic.  Through this approach, APT28 was able to harvest unencrypted passwords, authentication tokens, emails, and other sensitive data from devices connected to compromised routers.

Official Statements on the Threat 

U.S. officials described the campaign as both persistent and dangerous. Assistant Attorney General John A. Eisenberg stated, “The GRU’s predatory use of networks in American homes and businesses for its malicious cyber operations remains a serious and persistent threat.”  U.S. Attorney David Metcalf added, “Russian military intelligence once again hijacked Americans’ hardware to commandeer critical data,” emphasizing that the government would continue to respond aggressively to nation-state cyber threats.  FBI officials also stressed the scale of the campaign. Assistant Director Brett Leatherman noted that compromised routers were used globally for espionage, while Special Agent Ted E. Docks highlighted that devices across more than 23 U.S. states had been weaponized. 

How the FBI Disrupted the DNS Hijacking Network 

As part of the court-authorized operation, referred to as Operation Masquerade, the FBI deployed technical measures to neutralize the U.S. portion of APT28’s infrastructure.  According to court documents: 

• The FBI sent commands to compromised routers to collect evidence of APT28 activity. 
• Reset DNS settings, removing malicious resolvers and restoring legitimate ISP configurations.
• Blocked the actors’ ability to regain unauthorized access. 

The operation was carefully tested on affected TP-Link devices to ensure that it did not disrupt normal functionality or collect user content. Importantly, the remediation steps can be reversed by users through factory resets or manual configuration changes. 

Continued Router Exploitation and Infrastructure Tactics 

These developments align closely with earlier findings from the NCSC, which documented how APT28 used Virtual Private Servers (VPSs) as malicious DNS infrastructure. Two main clusters were identified: 

• Cluster One: Focused on modifying DHCP DNS settings in SOHO routers, enabling selective DNS hijacking and adversary-in-the-middle attacks.  
• Cluster Two: Involved forwarding DNS traffic through a layered infrastructure, with some operations targeting high-value devices, including those in Ukraine.  

APT28’s activity has also included exploitation of vulnerabilities such as CVE-2023-50224 in TP-Link routers, allowing attackers to extract credentials and reconfigure DNS settings via crafted HTTP requests.

Targeted Services and Indicators 

APT28’s DNS hijacking campaigns have frequently targeted Microsoft Outlook-related domains, including: 

• autodiscover-s.outlook[.]com  
• imap-mail.outlook[.]com  
• outlook.live[.]com  
• outlook.office[.]com  
• outlook.office365[.]com  

These targets reflect a clear focus on email-based intelligence gathering. Supporting infrastructure includes numerous malicious IP ranges and identifiable server configurations, such as unusual SSH ports and “dnsmasq-2.85” DNS services. 

Mitigation and Security Recommendations 

Both the FBI and the NCSC recommend immediate steps to mitigate risks associated with DNS hijacking and adversary-in-the-middle attacks: 

• Replace end-of-life or unsupported routers  
• Update firmware to the latest available versions  
• Verify DNS settings to ensure they point to legitimate resolvers  
• Disable or secure remote management interfaces  
• Implement firewall rules to limit exposure  
• Enable multi-factor authentication (MFA) to reduce credential abuse  
• Users are also encouraged to monitor their networks and report suspected compromises to appropriate authorities. 

The post NCSC’s High-Stakes Warning on State-Sponsored Hijacking of Your Messaging Apps appeared first on Daily CyberSecurity.

The UK Cyber Security & Resilience Bill is progressing through Parliament Royal Assent expected later in 2026.

The post What the UK Cyber Security & Resilience Bill Means for Security Practitioners appeared first on Security Boulevard.

The adoption of artificial intelligence in software development is prompting cybersecurity leaders to reassess how secure modern systems truly are. Speaking at the RSA Conference on March 24 in San Francisco, the head of the UK’s National Cyber Security Centre (NCSC) called on the global security community to prioritize “vibe coding safeguards” as AI-generated code becomes more common.  Dr. Richard Horne, CEO of the NCSC, emphasized that while AI-assisted development, often referred to as vibe coding, offers clear efficiency gains, its long-term impact on cybersecurity depends on how responsibly it is implemented. Without proper safeguards, he warned, the technology could deepen existing weaknesses in software systems. 

Why Vibe Coding Safeguards Are Critical 

During his keynote at the RSA Conference, Horne highlighted a persistent issue in digital systems: the prevalence of exploitable vulnerabilities. He described this as a “fundamental issue with the quality of technology we use,” stressing that AI must not replicate or scale these flaws.  “The attractions of vibe coding are clear,” Horne said. “Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own.”  He added that AI tools must be designed carefully from the beginning. “The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities.” 

NCSC’s Position on AI-Generated Code 

Alongside Horne’s address at the RSA Conference, the NCSC published a blog post on March 24 warning that AI-generated code currently presents “intolerable risks” for many organizations. At the same time, it acknowledged that vibe coding shows “glimpses of a new paradigm” in software development.  The agency expects adoption to grow due to clear business benefits. As a result, it urges organizations to act early by embedding core security principles and implementing effective vibe coding safeguards.  Horne also pointed to the broader cybersecurity landscape, noting that cyber risk is now of “greater consequence than ever before.” He attributed this to increased exposure, inherent vulnerabilities, and a complex network of threat actors who collaborate and overlap.  To address these challenges, he compared cyber defense to a coordinated strategy, where collective action across the ecosystem produces the strongest results.

Market Shifts and the SaaSpocalypse 

The push for vibe coding safeguards comes amid wider disruption in the technology sector. In February 2026, fears that AI could undermine the Software-as-a-Service (SaaS) model triggered significant volatility in U.S. tech stocks, referred to as the “SaaSpocalypse.”  This development reflects growing uncertainty about how software will be built and maintained in the future. Historically, SaaS adoption reduced the burden of managing on-premises systems but introduced concerns around provider trust, shared risk, and data sovereignty.  The NCSC suggests that AI-driven development could follow a similar path. As the cost and effort required to create tailored software decrease, organizations may rethink whether to buy, build, or forgo certain systems altogether. 

Implementing Vibe Coding Safeguards Now 

David C, CTO for architecture at the NCSC, reinforced the need for immediate action. He noted that while current AI-generated code is not consistently secure or reliable, it can significantly improve developer productivity.  He argued that organizations should begin implementing vibe coding safeguards now, rather than waiting for the technology to mature.  AI tools, he explained, could help strengthen security practices in practical ways. These include improving legacy systems, reducing technical debt, maintaining allow-lists of approved connections, and rewriting critical components using more secure frameworks or memory-safe programming languages.  He also outlined a potential future where AI-generated code is more secure by default than many existing on-premises or SaaS solutions, offering a possible path forward for organizations still cautious about cloud adoption. 

UK’s NCSC warns of potential Iranian cyberattacks as Middle East tensions rise, urging vigilance from exposed organizations.

The UK’s National Cyber Security Centre (NCSC) has warned organizations of a potential increase in Iranian cyber threats amid the escalating Middle East conflict. While it sees no immediate shift in the direct threat to Britain, officials stress the situation could change rapidly. The advisory targets companies with operations or supply chains in the region, urging them to remain alert and strengthen defenses.

“As a result of the ongoing conflict in the Middle East, there is likely no current significant change in the direct cyber threat from Iran to the UK, however due to the fast-evolving nature of the conflict, this assessment may be subject to change.” reads the advisory published by UK NCSC. “There is almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence, or supply chains, in the Middle East. 

The NCSC advises UK organisations to prepare for possible spillover effects from Iran-linked hacktivists by reviewing existing guidance on DDoS attacks, phishing activity and ICS Targeting.

Businesses with offices or supply chains in the Middle East should strengthen their security posture, increase monitoring, and reassess their external attack surface in line with heightened-threat guidance. The agency also recommends enrolling in its Early Warning service for timely alerts.

Critical National Infrastructure (CNI) operators are encouraged to review preparedness guidance for severe cyber scenarios, while physical and personnel risks should be addressed using National Protective Security Authority sabotage guidance.

“In light of rapidly evolving events in the Middle East, it is critical that all UK organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains that are in areas of regional tensions,” Jonathon Ellison, the NCSC’s director for national resilience said.

CrowdStrike says Iran-linked hackers are already initiating DDoS and reconnaissance activity, signaling potential escalation, The Guardian reported.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Iran)

A coordinated cyberattack that targeted Poland's energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog.

The UK's National Cyber Security Centre (NCSC) has issued a warning about the threat posed by distributed denial-of-service (DDoS) attacks from Russia-linked hacking groups who are reported to be continuing to target British organisations. Are you prepared? Read more in my article on the Hot for Security blog.

Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK’s National Cyber Security Centre (NCSC) has warned that it may never be “fixed” in the way SQL injection was.

Two years ago, the NCSC said prompt injection might turn out to be the “SQL injection of the future.” Apparently, they have come to realize it’s even worse.

Prompt injection works because AI models can’t tell the difference between the app’s instructions and the attacker’s instructions, so they sometimes obey the wrong one.

To avoid this, AI providers set up their models with guardrails: tools that help developers stop agents from doing things they shouldn’t, either intentionally or unintentionally. For example, if you tried to tell an agent to explain how to produce anthrax spores at scale, guardrails would ideally detect that request as undesirable and refuse to acknowledge it.

Getting an AI to go outside those boundaries is often referred to as jailbreaking. Guardrails are the safety systems that try to keep AI models from saying or doing harmful things. Jailbreaking is when someone crafts one or more prompts to get around those safety systems and make the model do what it’s not supposed to do. Prompt injection is a specific way of doing that: An attacker hides their own instructions inside user input or external content, so the model follows those hidden instructions instead of the original guardrails.

The danger grows when Large Language Models (LLMs), like ChatGPT, Claude or Gemini, stop being chatbots in a box and start acting as “autonomous agents” that can move money, read email, or change settings. If a model is wired into a bank’s internal tools, HR systems, or developer pipelines, a successful prompt injection stops being an embarrassing answer and becomes a potential data breach or fraud incident.

We’ve already seen several methods of prompt injection emerge. For example, researchers found that posting embedded instructions on Reddit could potentially get agentic browsers to drain the user’s bank account. Or attackers could use specially crafted dodgy documents to corrupt an AI. Even seemingly harmless images can be weaponized in prompt injection attacks.

Why we shouldn’t compare prompt injection with SQL injection

The temptation to frame prompt injection as “SQL injection for AI” is understandable. Both are injection attacks that smuggle harmful instructions into something that should have been safe. But the NCSC stresses that this comparison is dangerous if it leads teams to assume that a similar one‑shot fix is around the corner.

The comparison to SQL injection attacks alone was enough to make me nervous. The first documented SQL injection exploit was in 1998 by cybersecurity researcher Jeff Forristal, and we still see them today, 27 years later. 

SQL injection became manageable because developers could draw a firm line between commands and untrusted input, and then enforce that line with libraries and frameworks. With LLMs, that line simply does not exist inside the model: Every token is fair game for interpretation as an instruction. That is why the NCSC believes prompt injection may never be totally mitigated and could drive a wave of data breaches as more systems plug LLMs into sensitive back‑ends.

Does this mean we have set up our AI models wrong? Maybe. Under the hood of an LLM, there’s no distinction made between data or instructions; it simply predicts the most likely next token from the text so far. This can lead to “confused deputy attacks.”

The NCSC warns that as more organizations bolt generative AI onto existing applications without designing for prompt injection from the start, the industry could see a surge of incidents similar to the SQL injection‑driven breaches of 10—15 years ago. Possibly even worse, because the possible failure modes are uncharted territory for now.

What can users do?

The NCSC provides advice for developers to reduce the risks of prompt injection. But how can we, as users, stay safe?

• Take advice provided by AI agents with a grain of salt. Double-check what they’re telling you, especially when it’s important.
• Limit the powers you provide to agentic browsers or other agents. Don’t let them handle large financial transactions or delete files. Take warning from this story where a developer found their entire D drive deleted.
• Only connect AI assistants to the minimum data and systems they truly need, and keep anything that would be catastrophic to lose out of their control.
• Treat AI‑driven workflows like any other exposed surface and log interactions so unusual behavior can be spotted and investigated.

---

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.