Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard

Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard

NIST has released a comprehensive taxonomy of cyberattacks against AI systems, along with mitigation recommendations. This report aims to help organizations identify, address, and manage cyber risks faced by AI systems.

According to NIST, despite the significant progress of AI and machine learning in different application domains, these technologies remain vulnerable to attacks. The consequences of attacks become more dire when systems depend on high-stakes domains and are subjected to adversarial attacks. For example, to mitigate supply chain attacks against generative AI systems, NIST recommends:

  • Taxonomy of Attacks on GenAI Systems
  • Implementing robust access controls and authentication mechanisms
  • Conducting regular vulnerability assessments and penetration testing
  • Developing and implementing incident response plans and business continuity strategies

The report is primarily aimed at those in charge of designing, developing, deploying, and maintaining AI systems. It provides essential guidance on how to mitigate the risks associated with AI-powered systems.

ETSI Issues Quantum-Resistant Crypto Standard

ETSI has issued a new standard for quantum-resistant cryptography, providing organizations with a framework for implementing secure cryptographic protocols in the face of emerging threats. This development is crucial as many current cryptographic algorithms are vulnerable to attacks from powerful quantum computers.

The ETSI standard provides guidelines and recommendations for selecting, implementing, and using quantum-resistant cryptographic techniques. It also outlines the requirements for assessing and mitigating the risks associated with quantum computing-based attacks.

Cybersecurity Challenges in Commercial Satellites

Commercial satellites are increasingly critical to various economic activities, including telecommunications, financial transactions, television broadcasts, GPS navigation, weather monitoring, and more. However, these services are highly susceptible to cyber threats due to the increasing dependence on digital technologies.

The European Union Agency for Cybersecurity (ENISA) has published a report highlighting the cybersecurity challenges faced by commercial satellite operators. The report recommends implementing robust cybersecurity controls and mitigating measures to protect against cyber threats.

Ingress NGINX Controller Vulnerabilities Disclosed

Five vulnerabilities have been disclosed in the Ingress NGINX Controller for Kubernetes, a popular open-source controller used for managing Kubernetes clusters' network traffic. One vulnerability has a "critical" severity rating, while three are rated "high."

The Kubernetes open source project has fixed all of the vulnerabilities collectively known as IngressNightmare with the release of two new versions of the product: Ingress NGINX Controller 1.12.1 and Ingress NGINX Controller 1.11.5.

Tenable Cloud AI Risk Report 2025

The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability. The report also highlights the risks associated with AI developer services, including risky permissions defaults.

Key findings and insights from the report are available on the Tenable website. It provides essential guidance on how to transition to quantum-resistant cryptography and address the security challenges posed by AI-powered systems in cloud environments.