AI traffic targets high-value flows, not just public pages

🤘 Imagine protecting an entire web journey like a login or registration — just by visiting your site in a browser. The system automatically maps every step a user takes, including all underlying API interactions. From there, you can instantly deploy a flagship fraud model for ATO bots or synthetic signups… or even roll your own. That’s INSTANT observability - and it’s now possible with something we’ve been building at Darwinium: Journey Recorder. With Journey Recorder, we capture the key details of user interactions and use AI to translate them into a full journey configuration. You can then test the journey in the same built-in browser to make sure everything is wired up — before deploying to the perimeter edge. I’m seriously pumped about this one. 🔥  #fraudprevention #machinelearning #AI #security #innovation #Darwinium

Scams tied to tech brands, online shopping, and personal finance are all surging, and scammers are getting better at using trusted names to get people to click.   We appreciate Anshel Sag and the Moor Insights & Strategy team for digging into McAfee’s new scam findings and why on-device AI matters for everyday consumers.   The article also highlights how McAfee’s on-device AI helps stop these threats faster and more privately, detecting scam texts, emails, and even manipulated audio in videos right on your device.   At McAfee, we’re focused on using good AI to fight bad AI and giving people simple tools that make staying safe a lot easier. https://mcafee.ly/48dEBwt

There needs to be the concept of trusted-source or trusted-device – that the AI will accept instructions only from certain terminals or sources. "David" logged in with corporate credentials (and 2FA/3FA) via an internal IP address (including corporate VPN IP addresses), sure. Random user of web page, NFW. The AI hack that convinced a chatbot to sell a $76,000 car for $1 https://lnkd.in/erJTcY5c  

AI/ML tools can help fight fraud but 80% of businesses struggle with using data and technology to improve accuracy. Read about the challenges in the 2025 Global eCommerce Fraud & Payments Report. 👉 https://vi.sa/47rwo6y #Cybersource #VisaAcceptanceSolutions #GlobalFraud #FraudManagement #AI

A poorly-architected fraud system doesn't just leak money, it actively drives away good customers ➡️ when you falsely decline a legitimate user, there's a 27% chance they will never return. The fix isn't just "better rules" but rather a complete architectural shift. A modern, 3-layer, pre-authorization stack is the only way to scale: 1️⃣ The front line: bot detection & device fingerprinting 2️⃣ The transaction: velocity checks & throttling 3️⃣ The brain: AI/ML models & custom rule engines This is the model we use. The result? Our average chargeback rate is 0.3%, less than half the 0.8% industry average. Keen to know more about our fraud detection? Link in comments👇

AI browsers face a security flaw as inevitable as death and taxes https://ift.tt/0xr3GY5 Agentic features open the door to data exfiltration or worse Feature  With great power comes great vulnerability. Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.… via The Register - Security https://ift.tt/ORWhFe9 October 28, 2025 at 08:46AM

A new generation of AI-powered browsers, like OpenAI’s Atlas and Perplexity’s Comet, are changing the threat landscape. They remember everything. Sync everywhere. And operate far beyond your DLP’s visibility. Employees are unknowingly creating permanent backdoors to your most sensitive data, from source code to financial projections. Traditional DLPs were never built to see it. Our latest blog breaks down: How AI browsers act as autonomous data agents. The five hidden exfiltration vectors your DLP misses. How Nightfall AI prevents AI browser data leaks before they happen. If you’re not protecting against AI browser exfiltration, you’re already exposed. Read the full analysis: https://lnkd.in/g2SPSz2k

Be careful using AI browsers such as Comet or the new OpenAI browser. Websites could have hidden prompt injections that can give the attacker access to your browser, computer, data, accounts. This technology is super new and almost certainly not security tested sufficiently. Details on recent findings from Brave: https://lnkd.in/eNm5pzxR

PSA: AI browsers look super cool on the surface, but I seriously discourage their use for now. These browsers are subject to prompt injection attacks that can exfiltrate user information. Think of it like entrusting a well-meaning but gullible assistant to do your digital errands. That’s effectively what AI browsers are - they’re vulnerable to hidden instructions on webpages that can expose your data to bad actors.

🚨 WARNING: Attackers might steal your bank details via AI-powered browsers like Comet. Brave (another browser company) just exposed how a single hidden message in a web page can hijack your entire AI browsing session. When you ask an AI browser like Comet to “summarise” any page, hidden commands (in invisible or obscured text) can trigger the AI to steal emails, grab passwords/OTPs, and leak your data—without you lifting a finger. In a demo, a rogue Reddit comment made Comet mine user credentials and exfiltrate them, bypassing browser security boundaries like SOP and CORS. Brave’s solution: isolate user prompts from page content, validate risky actions, require explicit user approval for anything sensitive, and keep agentic AI browsing separate from regular use. Watch out.