News

AI is having its moment, reshaping how developers work. While the best AI tools enable faster app development and anomaly detection, they also fuel faster, more sophisticated cyberattacks.

The latest headlines are making it clear – no sector is immune. As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse engineer, analyze, and exploit applications at an alarming scale.

Gartner predicts that by 2028, 90% of enterprise software engineers will utilize AI code assistants to transform software development – placing the promise of lightning speed productivity gains in the hands of every developer and the welcome ability to automate repetitive, tedious tasks.

However, despite massive investments in AI, security continues to be a reluctant effort due to the perception that protection measures have the inverse effect, slowing down software innovation and application performance. The fact is AI has already amplified the threat landscape, especially in the realm of client applications, a primary cyberattack target.

Long considered outside the realm of a CISO’s control, software applications --particularly mobile apps --are a preferred entry point for attackers. Why? Because users tend to be less vigilant and the apps themselves “live” in the wild, outside of the enterprise network. CISO’s can no longer afford to ignore threats to these apps.

Consumers have a voracious appetite for apps, and they use them as part of their daily routines; the Apple App Store today has nearly 2 million apps and the Google Play Store has 2.87 million apps. According to recent data, the average consumer uses 10 mobile apps per day and 30 apps per month. Notably, 21% of millennials open an app 50 or more times per day, and nearly 50% of people open an app more than 11 times a day.

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities have also made it easier than ever for hackers to effortlessly analyze, and reverse-engineer at an alarming scale. In fact, the majority (83%) of applications were attacked in January 2025, and attack rates surged across all industries, according to Digital.ai’s 2025 State of App Sec Threat Report.

Dozens of apps are installed on each of the billions of smartphones in use worldwide. And each app in the wild represents a potential threat vector. Why? Because applications contain working examples of how to penetrate access to back-end systems. The billions of dollars spent every year on security perimeters is rendered useless in the world of mobile applications.

Every application made and released to customers increases a business's threat surface. Developing multiple mobile apps means more risk—and leaving even one app unprotected isn’t an option. AI tools have made it that much easier for even amateur threat actors to analyze reverse engineered code, create malware, and more.

If adversaries have access to the same robust productivity tools, why wouldn’t they use them to get even better and faster at what they do?

New research from Cato Networks threat intelligence report, revealed how threat actors can use a large language model jailbreak technique, known as an immersive world attack, to get AI to create infostealer malware for them: a threat intelligence researcher with absolutely no malware coding experience managed to jailbreak multiple large language models and get the AI to create a fully functional, highly dangerous, password infostealer to compromise sensitive information from the Google Chrome web browser.

The end result was malicious code that successfully extracted credentials from the Google Chrome password manager. Companies that create LLMs are trying to put up guardrails, but clearly GenAI can make malware creation that much easier. AI-generated malware, including polymorphic malware, essentially makes signature-based detections nearly obsolete. Enterprises must be prepared to protect against hundreds, if not thousands, of malware variants.

A recent study by Cybersecurity Ventures predicts that by 2025, cybercrime will cost the world $10.5 trillion annually, a massive increase from $3 trillion in 2015, with much of the rise attributed to the use of advanced technologies like LLMs.

Take attribution - many have used an LLM to write “in the voice of”- but attribution is that much more difficult in an AI world, because threat actors can mimic the techniques, comments, tools, and TTPs. False flag events become more prevalent, such as the attack on U.S. service member wives.

LLMs are accelerating the arms race between defenders and threat actors, lowering the barrier to entry, and allowing attacks to be more complex, more insidious, and more adaptive.

Enterprises can increase their protection by embedding security directly into applications at the build stage: this involves investing in embedded security that is mapped to OWASP controls; such as RASP, advanced Whitebox cryptography, and granular threat intelligence.

IDC research shows that organizations protecting mobile apps often lack a solution to test them efficiently and effectively. Running tests on multiple versions of an app slows the release orchestration process and increases the risk of delivering the wrong version of an app into the wild.

By integrating continuous testing and application security, software teams gain the game-changing ability to fully test protected applications, speeding up and expanding test coverage by eliminating manual tests for protected apps. This helps solve a major problem for software teams when testing and protecting apps at scale.

Modern enterprise application security is not a nice to have-- while CISOs certainly don’t need more work added to their plates, vectors that used to be outside of their control are now creating fissures inside what they do control.

The good news is that there are now robust, baseline protections that balance the need for security with the need for speed of innovation and performance. These features can be added instantly to almost any app in the wild and go right back into the app store.

1. The ability to protect by inserting security into DevOps processes without slowing down developers by adding security after coding and before testing

2. The ability to monitor via threat monitoring and reporting capabilities for apps in production

3. The ability to react by building apps with runtime application self-protection (RASP)

AI is accelerating code production, breeding applications, and reshaping app security – it’s time to stop thinking like a white knight and think like a hacker.

We list the best online cybersecurity courses.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

For business leaders right now, two small words seem almost impossible to avoid: AI agents. Built on the ‘brain’ of an AI model, and armed with a specific purpose and access to tools, agents are autonomous decision-makers that are being increasingly integrated into live business processes.

Unlike normal AI tools, which rely on user prompts, agent-based – agentic – AI can execute tasks iteratively, making decisions that carry real business consequences, and real governance risk. In short, agents aren’t tools, they’re teammates. As well as sitting in an organization’s tech stack, they sit on its org chart.

Marc Benioff, cofounder, chairman and CEO of Salesforce, the $260 billion valued software giant, says that today’s CEOs will be the last to manage all-human workforces. (Asked if an agent could replace him some day, Benioff responded, half-joking, “I hope so.”) The sooner businesses recognize this shift, the faster they can move to securing and governing AI for accelerated innovation.

Just as human workers come under the umbrella of human resources (HR), it’s useful to think of agents as non-human resources (NHRs). Just like humans, there are costs to employing NHRs – including computing, architecture and security costs – and they need induction, training and appropriate limitations on what they can do, and how.

This is especially true as these NHRs move up the value chain to perform high-skill tasks that once belonged to mid-senior level talent. For example, autonomous agents are actively managing supplier negotiations, handling payment terms, and even adjusting prices based on commodity and market shifts – functions typically handled by teams of trained analysts.

Introducing NHRs at the enterprise level is requiring an entire rethink of governance and security. That’s because existing cybersecurity focuses on managing human risk, internally and externally; it’s not built for the realities of always-on, self-directed agents that understand, think, and act at machine speed.

Like the best employees, the most effective agents will have access to enterprise data and applications, from staffing information and sensitive financial data to proprietary product secrets. That access opens the organization up the risk of attacks from outside, as well as misuse from within.

In 2024, the global average cost of a data breach was $4.9 million, a 10% jump on the previous year and the highest total ever – and that was before the introduction of agents. In the AI era, bad actors have new weapons at their disposal, from prompt injection attacks to data and model poisoning.

Internally, a misaligned agent can trigger a cascade of failures, from corrupted analytics to regulatory breaches. When failures stem from internally-sanctioned AI, there may be no obvious attacker, just a compliant agent acting on flawed assumptions. In the age of agents, when actions are driven by non-deterministic models, unintentional behavior is the breach – especially if safeguards are inadequate.

Imagine an agent is tasked with keeping a database up to date, and has access and permissions to insert or delete data. It could delete entries relating to Fast Company, for example, by accurately finding and removing the term ‘Fast Company’.

However, it could equally decide to delete all entries that contain the word ‘Fast’ or even entries starting with ‘F’. This crude action would achieve the same goal, but with a range of unintended consequences. With agents, the question of how they complete their task is at least as important as what that task is.

As organizations introduce teams of agents – or even become predominantly staffed by agents – that collaborate to rapidly make decisions and take action with a high level of opaqueness, the risk is amplified significantly.

The key to effective agentic adoption is a methodical approach from the start. Simply rebadging existing machine learning or GenAI activity, such as chatbots, as ‘agentic’ – a practice known as ‘agent washing’ – is a recipe for disappointing return on investment

Equally, arbitrarily implementing agents without understanding where they are truly needed is the same as hiring an employee who is unsuited to the intended role: it wastes time, resources, and can create tension and confusion in the workforce. Rather, businesses must identify which use cases are suitable for agentic activity and build appropriate technology and business models.

The security of the AI model underlying the agent should be extensively red-teamed, using simulated attacks to expose weaknesses and design flaws. When the agent has access to tools and data, a key test is its ability to resist agentic attacks that learn what does and doesn’t work, and adapt accordingly.

From there, governance means more than mere supervision; it means encoding organizational values, risk thresholds, escalation paths, and ‘stop’ conditions into agents' operational DNA. Think of it as digital onboarding. But instead of slide decks and HR training, these agents carry embedded culture codes that define how they act, what boundaries they respect, and when to ask for help.

As autonomous agents climb the (virtual) corporate ladder, the real risk isn't adoption – it's complacency. Businesses that treat AI agents as tools rather than dynamic, accountable team members will face escalating failures, eroding trust among customers.

No smart business would let a fresh grad run a billion-dollar division on day one. Likewise, no AI agent should be allowed to enter mission-critical systems without undergoing structured training, testing, and probation. Enterprises need to map responsibilities, surface hidden dependencies, and clarify which decisions need a human in the loop.

For example, imagine a global operations unit staffed by human analysts, with AI agents autonomously monitoring five markets in real-time, and a machine supervisor optimizing output across all of them. Who manages whom – and who gets credit or blame?

And what of performance? Traditional metrics, such as hours logged or tasks completed, don't capture the productivity of an agent running hundreds of simulations per hour, testing and iterating at scale and creating compounding value.

To help surface and answer these questions, many businesses are hiring Chief AI Officers and forming AI steering committees that have cross-department representation. Teams can collaboratively define guiding principles that not only align with each sector of the business but the company as a whole.

A well-configured agent should know when to act, when to pause, and when to ask for help. That kind of sophistication doesn’t happen by accident, it needs a proactive security and governance approach.

This isn't just a technical evolution; it's a test of leadership. The companies that design for transparency, adaptability, and AI-native governance will define the next era. NHRs aren't coming, they're already here. The only question is whether we'll lead them or be led by them.

We list the best HR outsourcing service and the best PEO service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• The iPhone 17 could go eSIM-only in more countries
• Changes are tipped for the Apple Clear Case accessory
• The launch is scheduled for Tuesday, September 9

Apple is almost certainly going to make the iPhone 17 official on Tuesday, September 9, but as we count down the days to the big launch event, the leaks are continuing – including fresh rumors around eSIMs and the official Apple Clear Case.

Current iPhone models are eSIM-only in the US, and according to a source speaking to MacRumors, retail employees at Apple Authorized Resellers in the EU are now being told to prepare to handle iPhones without physical SIM cards as well.

We've been hearing for months that the new, super-slim iPhone 17 Air model would only have support for eSIMs and not the physical cards, but it seems that's now going to be extended to other iPhones in more countries.

With eSIMs offering better security and more convenience, the move isn't really much of a surprise. Google has now gone eSIM-only for the first time with the new Google Pixel 10 series, though for now this only applies to phones sold in the US.

You’ve probably already seen the new iPhone 17 clear case, but here’s another look at it. Would you prefer an all-clear version? pic.twitter.com/jsCPankDkxSeptember 1, 2025

The other iPhone 17 leak doing the rounds today concerns the iPhone 17 Pro Clear Case with MagSafe – one of the official cases Apple is expected to launch for the new handset (and which it already offers for the iPhone 16 Pro).

As per images posted by tipsters @MajinBuOfficial and @SonnyDickson, there will be some tweaks to the design. Less of the case will be transparent, with a panel covering most of the back of the phone and hiding the MagSafe connectors.

We can also see there's a bigger cut-out for the cameras at the top, backing up the leaked renders we've seen of the redesign of this phone. The Apple logo also gets shifted down so it's in the center of the space below the cameras.

It also looks as though the case will support the new Crossbody Strap accessory that's been rumored, which lets you carry your iPhone with a magnetic lanyard. In a little over a week, we'll know for sure what Apple has been working on.

• 4 ways the iPhone 17 can improve on the iPhone 16
• There could be a new 3-year plan for the iPhone
• What do you want to see from the iPhone 17?

We've still got a few days until The Summer I Turned Pretty season 3 episode 9 is released (September 3), but luckily, Prime Video has given us an entirely new trailer (which you can catch below) for the final three episodes of the season. Belly (Lola Tung) is set to have her Emily in Paris moment, fleeing to the city after her wedding to Jeremiah (Gavin Casalegno) fell through at the last minute.

Not to be a hater, but this is exactly what I wanted to happen anyway. The only way Belly was going to turn her life around was to ditch the boys she's been yearning for – but that doesn't mean they won't be following her to Paris in some form. In fact, I think the new trailer tells us exactly how the love triangle is going to shake out.

At the end of season 3 episode 8, Belly spots Conrad (Christopher Briney) at the airport, after spending her entire bachelorette and pre-wedding prep pining for him (and then denying her feelings to anyone who asks). The closing moments set the scene for the start of a new romantic love affair, with the pair whisked away to Europe to start afresh.

I don't think this will happen in The Summer I Turned Pretty season 3 episode 9, and two details in the final trailer prove me right... and I love being right.

The first clue is that Conrad is obviously completely missing from the above trailer, much like Jeremiah. Instead, the emphasis is place on Belly rediscovering who she actually is away from the drama, introducing brand-new characters as she begins to make friends as part of a study abroad scheme.

This only proves my theory of Conrad being a fantasy at the airport right, conjured in Belly mind's of what she wants to see, not who is actually there. I'd put good money on episode 9 opening with Belly looking at Conrad, a figure walking in front of him before his face changes completely, revealed as a stranger who merely looks similar.

The second clue is what we see at the end of the trailer. As Belly arrives back home to her new French pad, she finds a letter from Conrad on the doorstep. That's right, people – his letters are likely to be even more emotional than the one we've already seen from his mom. It's a touch that indicates the kind of person he is, as if routinely going out of his way to make Belly's life better (like the peach stand scene) didn't already tell us.

Writing a letter instead of texting or emailing is the hit of old-school romance we sorely want from the hit Amazon show, completely buying into Belly's visions of a love affair for the ages. It also keeps him at the perfect distance while she continues to find her feet, as well as padding out the remaining three episodes as far as they'll stretch.

I think we're also going to see Belly forcing herself into imagining Jeremiah was there with her, prolonging the inevitable even further. I'm just grateful we're getting a proper break from her indecision in The Summer I Turned Pretty season 3 episode 9... I'm fed up screaming at the TV for her to put herself first.

• Stand ready for Invincible season 5's arrival, worm: Amazon confirms the hit Prime Video show's fourth chapter won't be its last
• Ballard season 2 would have a ‘very exciting’ arc says Maggie Q – but the Bosch spin-off might not return, despite being Prime Video’s #1 show
• New to Prime Video? Here are 5 movies and TV shows with over 90% on Rotten Tomatoes to get you started

• The developers of Indiana Jones and the Great Circle have discussed its upcoming DLC in a new interview
• The Order of the Giants will feature a dynamic difficulty level that will scale based on your progress in the main game
• The expansion will be integrated into the existing Vatican level

The Indiana Jones and the Great Circle developers have discussed the game's upcoming downloadable content (DLC) in a new interview.

In a conversation with IGN, creative director Axel Torvenius and lead game designer Zeke Virant revealed that the The Order of the Giants DLC will adapt its difficulty level depending on your progress in the main game.

Set in the Vatican location, it will be smartly integrated in the game's existing content.

"The conventional way of doing DLC is to add something that stands after, or a miniature game on the side, but we didn't really feel that that was the best," Torvenius said.

According to the developers, implementing the expansion in this way was a challenge but it should make for a smoother experience for all players, no matter where they are in the game.

"Players who are at the end of the game don't need to worry about the difficulty as actually we have a new system in place where players are dynamically scaled based on how far they progressed," Virant said.

"We know a lot of players are coming back from the endgame and would like to have a continuation of that difficulty, especially if they have health upgrades and a lot of abilities.

"If you've progressed to the Vatican but you haven't gotten to Giza yet, we keep it on a first tier of difficulty," he added. "If you've gotten to Giza, then we adjust it up to a second tier. And then once you've gotten to Sukhothai, we adjust to a third tier."

This will impact things like the amount of health each enemy has, in addition to how many will attack at one time.

As someone who first played the game back at launch, I've been raring for an excuse for a new playthrough and The Order of the Giants sounds perfect. Now that I know I won't be experiencing the DLC at a disadvantage on a fresh save, there's no reason not to pull the trigger.

Indiana Jones and the Great Circle is available now on PC, Xbox Series X and Series S, and PlayStation 5. A Nintendo Switch 2 port is also on the way.

• Hell Is Us is a surprisingly enjoyable and accessible semi-soulslike - just don't expect a cheerful story
• Pragmata is part puzzle game, part sci-fi shooter, and all a surprising amount of fun
• I spent six hours blasting grubs in Gears of War: Reloaded, and it was a bloody good time