89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals - Related to ai, 89%, android, patch, devices

Google expands Android AI scam detection to more Pixel devices

Google has presented an increased rollout of new AI-powered scam detection capabilities on Android to help protect customers from increasingly sophisticated phone and text social engineering scams.

The tech giant says these aspects come in response to AI-assisted scam campaigns that, -Scam Alliance, have defrauded people of over $1 trillion.

"Today, we're launching two new industry-leading AI-powered scam detection elements for calls and text messages, designed to protect individuals from increasingly complex and damaging scams," reads Google's announcement.

"These attributes specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations."

Google warns that traditional spam protections designed to block these attempts are ineffective at stopping sophisticated scams that manifest after the victim has already started a conversation with the fraudsters.

To identify and stop these scams, Google has partnered with banks and other key entities to understand the scams consumers are facing.

"To enhance our detection capabilities, we partnered with financial institutions around the world to enhanced understand the latest advanced and most common scams their individuals are facing. For example, individuals are experiencing more conversational text scams that begin innocently, but gradually manipulate victims into sharing sensitive data, handing over funds, or switching to other messaging apps. And more phone calling scammers are using spoofing techniques to hide their real numbers and pretend to be trusted companies. Traditional spam protections are focused on protecting individuals before the conversation starts, and are less effective against these latest tactics from scammers that turn dangerous mid-conversation and use social engineering techniques. To enhanced protect individuals, we invested in new, intelligent AI models capable of detecting suspicious patterns and delivering real-time warnings over the course of a conversation, all while prioritizing user privacy. " ❖ Google ❖ Google.

The first set of security capabilities is AI-powered enhancements of existing spam protection mechanisms in Google Messages, Android's default SMS and RCS messaging app.

Google says 'Scam Detection' for Messages will now detect a broader range of scam attempts, including job and item delivery lures, warning customers and giving the option to study and block the sender.

The system, which is enabled by default, will only be activated when receiving messages from unknown senders whose numbers aren't in the user's contacts list.

The initial rollout will cover Android customers in the [website], the [website], and Canada.

A similar system will be introduced for calls, where Google's AI tool Gemini Nano will analyze conversations in real time to identify common fraud attempts, such as detecting signs of people asking for payments via gift card codes. The feature would alert the user via audio and haptic notifications when a scam is detected.

The new Scam Detection aspects in action.

This feature was first introduced in November 2024 and has been tested on a small set of Pixel 6+ devices, but it is now being rolled out to all English-speaking Pixel 9 clients in the [website].

Pixel 9 people will get the feature through Gemini Nano, while Pixel 6 to 8 series devices enrolled in Phone by Google beta will be restricted to less powerful Google AI models.

Both the Scam Detection for Messages and voice security capabilities analyze the conversation data on the device without sending any sensitive information to Google, so the new capabilities respect individuals' privacy.

Also, a characteristic "beep" will play at the start of the conversation, audible by both parties, to notify participants that AI-based analysis is taking place.

Still, Google decided to keep Scam Detection for calls disabled by default to relieve privacy concerns.

individuals can enable it by opening the Phone app, tapping the three-dot menu in the top right corner, selecting Settings → Scam Detection (if available), and toggling the feature to the ON position.

When Scam Detection is active, consumers are still given the option to turn it off during an individual call.

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines,......

HP liefert mit ThinPro ein Linux-basiertes Betriebssystem für Thin-Clients. Jetzt hat das Unternehmen eine Aktualisierung veröffentlicht, die hunderte......

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to depl......

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce.

The “Enterprise GenAI Data Security research 2025” by LayerX delivers unprecedented insights into the practical application of AI tools in the workplace, while highlighting critical vulnerabilities. Drawing on real-world telemetry from LayerX’s enterprise clients, this research is one of the few reliable information that details actual employee use of GenAI.

For instance, it reveals that nearly 90% of enterprise AI usage occurs outside the visibility of IT, exposing organizations to significant risks such as data leakage and unauthorized access.

Use of GenAI in the Enterprise is Casual at Most (for Now).

While the GenAI hype may make it seem like the entire workforce has transitioned their office operations to GenAI, LayerX finds the actual use a tad more lukewarm. Approximately 15% of individuals access GenAI tools on a daily basis. This is not a percentage to be ignored, but it is not the majority.

Yet. Here at The New Stack we concur with LayerX’s analysis, predicting this trend will accelerate quickly. Especially since 50% of clients currently use GenAI every other week.

In addition, they find that 39% of regular GenAI tool consumers are software developers, meaning that the highest potential of data leakage through GenAI is of source and proprietary code, as well as the risk of using risky code in your codebase.

Since LayerX is situated in the browser, the tool has visibility into the use of Shadow SaaS. This means they can see employees using tools that were not approved by the organization’s IT or through non-corporate accounts.

And while GenAI tools like ChatGPT are used for work purposes, nearly 72% of employees access them through their personal accounts. If employees do access through corporate accounts, only about 12% is done with SSO. As a result, nearly 90% of GenAI usage is invisible to the organization. This leaves organizations blind to ‘shadow AI’ applications and the unsanctioned sharing of corporate information on AI tools.

50% of Pasting Activity intoGenAI Includes Corporate Data.

Remember the Pareto principle? In this case, while not all customers use GenAI on a daily basis, customers who do paste into GenAI applications, do so frequently and of potentially confidential information.

LayerX found that pasting of corporate data occurs almost 4 times a day, on average, among customers who submit data to GenAI tools. This could include business information, customer data, financial plans, source code, etc.

How to Plan for GenAI Usage: What Enterprises Must Do Now.

The findings in the findings signal an urgent need for new security strategies to manage GenAI risk. Traditional security tools fail to address the modern AI-driven workplace where applications are browser-based. They lack the ability to detect, control, and secure AI interactions at the source—the browser.

Browser-based security provides visibility into access to AI SaaS applications, unknown AI applications beyond ChatGOT, AI-enabled browser extensions, and more. This visibility can be used to employ DLP solutions for GenAI, allowing enterprises to safely include GenAI in their plans, future-proofing their business.

Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the ......

Gemeinsam mit über zwanzig weiteren zivilgesellschaftlichen Organisationen richtet der Chaos Computer Club (CCC) einen Appell für eine digitale Brandm......

Google has revealed the rollout of artificial intelligence (AI)-powered scam detection elements to secure Android device customers and their personal inf......

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Apple is urging macOS, iPhone and iPad consumers immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices.

Patches are available for effected devices running iOS [website] and macOS Monterey [website] Patches address two flaws, which basically impact any Apple device that can run either iOS 15 or the Monterey version of its desktop OS, .

One of the flaws is a kernel bug (CVE-2022-32894), which is present both in iOS and macOS. “out-of-bounds write issue [that] was addressed with improved bounds checking.”.

The vulnerability allows an application to execute arbitrary code with kernel privileges, , which, in usual vague fashion, presented there is a findings that it “may have been actively exploited.”.

The second flaw is identified as a WebKit bug (tracked as CVE-2022-32893), which is an out-of-bounds write issue that Apple addressed with improved bounds checking. The flaw allows for processing maliciously crafted web content that can lead to code execution, and also has been reported to be under active exploit, . WebKit is the browser engine that powers Safari and all other third-party browsers that work on iOS.

The discovery of both flaws, about which little more beyond Apple’s disclosure are known, was credited to an anonymous researcher.

One expert expressed worry that the latest Apple flaws “could effectively give attackers full access to device,” they might create a Pegasus-like scenario similar to the one in which nation-state APTs barraged targets with spyware made by Israeli NSO Group by exploiting an iPhone vulnerability.

“For most folks: enhancement software by end of day,” tweeted Rachel Tobac, the CEO of SocialProof Security, regarding the zero-days. “If threat model is elevated (journalist, activist, targeted by nation states, etc): enhancement now,” Tobac warned.

The flaws were unveiled alongside other news from Google this week that it was patching its fifth zero-day so far this year for its Chrome browser, an arbitrary code execution bug under active attack.

The news of yet more vulnerabilities from top tech vendors being barraged by threat actors demonstrates that despite the best efforts from top-tier tech companies to address perennial security issues in their software, it remains an uphill battle, noted Andrew Whaley, senior technical director at Promon, a Norwegian app security enterprise.

The flaws in iOS are especially worrying, given the ubiquity of iPhones and clients’ utter reliance on mobile devices for their daily lives, he expressed. However, the onus is not only on vendors to protect these devices but also for clients to be more aware of existing threats, Whaley observed.

“While we all rely on our mobile devices, they are not invulnerable, and as people we need to maintain our guard just like we do on desktop operating systems,” he noted in an email to Threatpost.

At the same time, developers of apps for iPhones and other mobile devices also should add an extra layer of security controls in their technology so they are less reliant on OS security for protection, given the flaws that frequently crop up, Whaley observed.

“Our experience exhibits that this is not happening enough, potentially leaving banking and other end-clients vulnerable,” he mentioned.

[website] million people were affected, in a breach that could spell more trouble down the line.

EdFinancial and the Oklahoma Student Loan Authority (OSLA)......

Der IT-Security-Fachmann Tim Philipp Schäfers hat beim Bundesamt für Migration und Flüchtlinge (BAMF) eine schwerwiegende Sicherheitslücke entdeckt, d......

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stea......