Security and AI news from the week beginning 24 November 2025

Last week, several London councils were hit by a coordinated attack designed to steal data and shut down systems. The National Cyber Security Centre (NCSC), the National Crime Agency (NCA) and several cybersecurity vendors have been brought in to restore services.

Iberia admitted to losing 77GB of customer data through a breach at a third-party supplier. The data is said to only affect those customers who booked with Iberia and not the data held by its parent company, IAG. Another airline, Qantas, has also suffered a breach due to a third-party contact centre. It says that 5.7 million customer records have been lost.

Anthropic has said that it will begin to train its AI models based on chat transcripts unless users opt out. If they consent, chat and code transcripts will be retained for up to 5 years. With increasing numbers of people using AI for business purposes, it poses a serious risk to business-sensitive and PII data.

MIT has discovered a reason for the poor reliability of LLMs. It appears that LLMs can respond based on grammatical patterns they learn during training. It causes them to mistakenly link sentence patterns to specific topics. That means it doesn’t answer the question but instead responds to the phrasing in the question.

In another announcement, MIT said that AI can help achieve a clean energy future. It does that through several steps. It can help optimise the infrastructure and manage the grid to better use the energy that is created. One part of that is also managing the energy consumption in buildings. Another is directing where to build new generating capacity. Is this AI ensuring its survival, given that it needs power to function?

In Other News

Monq has emerged from stealth and raised $3 million for its AI-driven strategic negotiation platform. Monq’s AI agents combine LLM reasoning, contract intelligence, and behavioural science to negotiate complex, million-dollar supplier deals that power global enterprises.

Storyblok has partnered with OtterlyAI, a provider of AI search monitoring solution for marketing teams and brands. The partnership is a key part of Storyblok’s mission to help brands adapt and thrive in the new era of AI-powered consumer decision making.

BlueVoyant published its State of Supply Chain Defense report and it highlights some worrying trends. While investment in third-party risk management (TPRM) continues to rise, its effectiveness is being questioned. A common problem is a lack of organisational commitment. It is not the first report around risk management to call out organisational issues.

Firefly AI has announced the launch of its Cloud Resilience Posture Management (CRPM) solution. The solution is a new capability that adds to its Agentic Cloud Automation Platform. The CRPM solution helps organisations practically manage, monitor, and report on cloud outages, cyber attacks, and human errors. It aims to make resilience measurable and proactively manage cloud assets to maintain or restore capabilities for critical functions.

News you might have missed

ENCS

The European Network for Cyber Security (ENCS) announced that ELES, Slovenia’s transmission system operator, has joined the network as a member, reinforcing collaborative efforts to protect Europe’s electricity grid from evolving cyber threats.

The partnership will give ELES access to ENCS’s collaborative threat intelligence, specialist training and technical expertise – strengthening its ability to detect, prevent and respond to cyber incidents targeting high-voltage networks across Slovenia and beyond.

FBI IC3

The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors. In ATO fraud, cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the goal of stealing money or information for personal gain.

Intigriti

A blog from Eleanor Barlow at Intigriti looks at the challenge of understanding signal-to-noise for vulnerability management success. It focuses on how to turn your signal-to-noise ratio into a key metric to support your cybersecurity journey. We explore what this ratio means, how to score it, and look at common challenges companies face regarding scope, policy, staff, rewards, researchers, and processes.

ManageEngine

ManageEngine has announced the expansion of its cloud cost management platform, CloudSpend, by unveiling a multi-portal architecture for managed service providers (MSPs), cloud service providers (CSPs), and multi-tenant enterprises.

This latest capability delivers a comprehensive multi-portal experience, enabling organizations to address the burgeoning challenge of cloud cost management and scale their FinOps practices by bringing together unified cost visibility, secured segmentation, and contextual governance on a single, centralized interface.

noyb

noyb has succeeded in a complaint over the failure of Conde Nast to manage consent for visitors to its website. The French data protection authority CNIL has fined the French magazine publisher €750.000 for violating the consent requirements on its Vanity Fair website.

Security and AI news from the week beginning 17 November 2025

The post Security and AI news from the week beginning 24 November 2025 appeared first on Enterprise Times.