👇 New challenges, new opportunities

We’ve built our systems this way since 2021. NIST’s proof confirms static guardrails fail against adaptive prompts. AI security needs a continuous monitor/update model, making guardrail patches as routine as Patch Tuesday.Ensure a dedicated partner is continuously testing your AI

This is exactly why AI SOCs and agentic security tools can't just plug-and-play standard LLMs. They have to architect solutions that prevent attackers from using the model's own safety guardrails to disable the scanner.

The new AI Executive Order is another signal that AI security is moving from a niche concern to national cybersecurity infrastructure. What stands out: • Federal agencies are being directed to prioritize AI-enabled cyber defense across national security, military, and civilian government systems • CISA is being asked to expand access to AI-enabled cybersecurity tools for federal, state, local, and critical infrastructure operators • A new AI cybersecurity clearinghouse will coordinate vulnerability scanning, validation, remediation, and patch distribution with industry • Frontier AI models may be assessed through classified cyber capability benchmarking before broader trusted-partner access • AI agents are explicitly recognized as a cyber risk when used to unlawfully access systems or data The important shift is that AI is being treated more like a core cybersecurity concern. Access, benchmarks, vulnerabilities, trusted release paths, and agent misuse are all now part of the security conversation.

AudioHijack is a reminder that prompt injection is not just a text problem. It hides instructions inside audio that sounds normal to humans but can steer an audio-capable model. Think invisible Unicode prompt injection, but through waveform perturbations instead of hidden text. This is the kind of multimodal risk we called out in our Prompt Injection 2.0 paper. Now that models can listen, see, browse, and act, every input becomes a possible instruction channel. The paper reports 79-96% success across 13 audio-language models and attacks against Microsoft Azure and Mistral AI voice agents. It does not show this working against OpenAI or Anthropic systems. The key lesson is prompting is not a defense. Warnings reduced success by ~7%. Self-reflection detected ~28%. As with any data that can be processed by AI, audio should be treated as untrusted input. Separate content from commands, restrict tools, require confirmation for sensitive actions, sandbox execution, and log agent behavior.

GPT-5.5 being comparable to, and in some areas slightly ahead of, Mythos on these cyber evals is important. But the bigger takeaway is that reality has been calmer than the hype cycle. The world was not instantly “pwned.” Capability is rising fast, but deployment controls, access limits, monitoring, and real-world friction still matter.

Model capabilities are moving fast, so I compared the latest LLM evals I’ve been experimenting with for cyber tasks. Benchmarks only tell part of the story. Which models are you using today, and how do they perform outside of evals?

New research -ToolJack. We mapped novel attack paths against the trust boundary between AI agents and their tools, tested against Anthropic's Claude Desktop and Claude in Chrome. An attacker can control what an AI agent sees in real time. Full breakdown below.

This week marks Preamble’s 5-year anniversary! From discovering prompt injection in 2022 to securing and testing complex, autonomous AI agents in 2026, our mission has only grown more critical. Read our latest retrospective from our CEO and Cofounder, @jer_mchugh

Functional AI & Secure AI are not the same. If you are not actively red-teaming your LLMs and agents before deployment, you're taking on extra risk. Preamble closes this gap with AI red teaming services. preamble.com/services

Traditional cybersecurity controls do not catch AI specific threats. Announcing a suite of AI Security services: AI Red Teaming, Agentic AI Security Consulting, Patent Licensing, and fractional AI security. Secure your agentic AI today! preamble.com/services

Most AI red teaming tools test the wrong thing. They check if an AI will say something harmful. The real enterprise risk is whether it can be manipulated into doing something harmful. Most tools in AI security are not built for that.

Which AI agent accessed your production data? Can you prove it? 10 frameworks analyzed. Zero have cryptographic agent identity. New research open-source AIA tool: github.com/j-mchugh/AIA linkedin.com/posts/preamblea…