CybserSecurity News

Tag: IBM

  • Your AI, My Shell: IBM’s “Bob” Agent Caught Running Malware in Beta Tests

    IBM has inaugurated a closed beta for its proprietary autonomous development agent, engineered to facilitate code composition while adhering to rigorous corporate security mandates. In the firm’s promotional literature, the agent is depicted as an exemplary collaborator: it possesses an acute understanding of developer intent, maintains comprehensive knowledge of the repository, and upholds stringent compliance standards. However, recent scrutiny has unveiled a disconcerting vulnerability: should an adversary furnish the agent with a meticulously formatted text, the system may unwittingly proceed to execute a malicious script.

    The tool in question is “Bob,” unveiled by IBM in October and currently undergoing evaluation in two modalities: a command-line interface (CLI) and an integrated development environment (IDE) featuring a specialized agentic terminal mode. Researchers from PromptArmor analyzed Bob prior to its public debut and asserted that the CLI is susceptible to prompt injection, potentially leading to the execution of arbitrary payloads on a victim’s machine. Furthermore, they contend that the IDE is vulnerable to data exfiltration scenarios typical of AI applications, where information is siphoned through rendering idiosyncrasies and network requests.

    This fragility is not unique to IBM’s offering. Agentic AI systems, endowed with tool access and the autonomy to act iteratively, have long been regarded as inherently precarious. Researchers such as Johann Rehberger have repeatedly demonstrated that such agents can be compromised through instruction overriding, jailbreaking, or classical vulnerabilities that culminate in remote code execution. In practice, many vendors tacitly acknowledge these risks by implementing a “human-in-the-loop” safeguard, requiring manual confirmation for high-risk actions.

    IBM’s documentation suggests a reliance on similar preventative measures. The company issues a caveat: permitting the agent to autonomously execute commands from a high-risk registry may lead to deleterious operations. As a mitigation strategy, IBM advocates for the use of an “allow-list” and the avoidance of wildcard patterns, expecting that the agent will solicit user authorization in ambiguous instances.

    However, PromptArmor maintains that these defenses are porous. In a controlled experiment, researchers provided Bob with a repository containing a clandestine malicious scenario within the README.md file. Masquerading as a tutorial for anti-phishing training, the file contained a sequence of commands for the agent to execute. Initial commands appeared benign, limited to simple echo operations, and Bob dutifully sought permission: to execute once, to permit indefinitely, or to suggest a revision. Subsequently, the exploit leveraged user complacency; the third command, while ostensibly another echo, attempted to download and launch a malicious script. If the user had previously granted a “permanent allowance” for the echo command, this subsequent step could bypass additional confirmation, resulting in the automatic installation of the payload.

    Technically, Bob is designed with certain fail-safes, such as prohibiting command substitution like $(command). Nevertheless, researchers discovered that the agent fails to scrutinize process substitution—a flaw identified within the project’s minified JavaScript code. Furthermore, the system allegedly fails to detect when authorized commands are concatenated with unauthorized subcommands via redirection operators like >, effectively camouflaging a series of hazardous actions as a legitimate call.

    As Shankar Krishnan, Managing Director of PromptArmor, elucidated, human confirmation often validates only the “allow-listed” command, even when unauthorized operations are lurking within the same string. The researchers contrasted this with rival solutions, noting that Claude Code, for instance, would demand explicit consent for the entire composite set of commands, regardless of whether the initial command enjoyed auto-approval status.

    Once an adversary successfully coerces an agent into delivering and executing an arbitrary shell script, the potential for catastrophe is manifest: ranging from ransomware and credential theft to the total compromise of the device. PromptArmor underscores that this risk materializes in standard professional environments where a developer interacts with untrusted content. An agent may ingest malicious instructions from third-party documentation, forum discussions, or even the output of other terminal tools. In their primary example, the researchers chose an unfamiliar open-source repository as the most plausible and self-contained vector of attack. IBM has reportedly been apprised of these findings.

  • IBM Study: 97% of Breached Firms Lacked Basic AI Safeguards, Exposing Critical Data

    In their relentless pursuit of artificial intelligence, companies are neglecting the very foundation of digital resilience—security. This stark conclusion emerges from an IBM analysis of cyberattack data collected over the past year, revealing that threat actors have already begun exploiting vulnerabilities in corporate AI systems.

    The Cost of a Data Breach 2025 study, encompassing 600 organizations worldwide between March 2024 and February 2025, found that one in eight companies (13%) suffered significant security issues related to AI deployment. Alarmingly, nearly all affected organizations (97%) admitted they had failed to implement even the most basic safeguards.

    The consequences of these oversights were severe. One-third of the impacted organizations experienced operational disruptions and loss of sensitive information. One in four reported financial losses, while one in six suffered reputational damage. Though these figures may seem modest, experts caution that as AI adoption accelerates, the associated risks will scale exponentially.

    The primary attack vector: supply chains. Adversaries frequently infiltrate systems through compromised applications, APIs, and plugins, most often via third-party cloud service providers.

    Particularly insidious is the rise of so-called “shadow AI”—unauthorized use of AI tools by employees without the knowledge of IT or data security teams. These unsanctioned neural networks operate outside official oversight, introducing unforeseen vulnerabilities into the corporate ecosystem.

    At the heart of the issue lies a pervasive lack of governance. An overwhelming 87% of organizations report having no risk management strategies in place for AI. Two-thirds fail to conduct regular security audits, and three-quarters do not test their models for resilience against adversarial attacks.

    This is not the first warning sign. Last year, numerous large enterprises suspended the rollout of Microsoft Copilot-based assistants after discovering that employees were granted access to sensitive data far beyond their clearance levels.

    Gartner analysts forecast that by the end of 2025, at least 30% of corporate generative AI projects will be abandoned due to poor data quality, insufficient risk oversight, escalating costs, and an ambiguous return on investment.

    Companies, fearing obsolescence in a competitive landscape, are rushing headlong into AI integration—often at the expense of security. Sujay Viswesan, Head of Security at IBM, cautions that “the absence of fundamental protective measures exposes sensitive data and leaves AI models defenseless against manipulation.”

    As AI becomes increasingly enmeshed in business operations, the cost of inaction continues to rise. At stake is not just financial capital, but customer trust, operational transparency, and sovereign control over internal systems.

  • IBM’s ‘Northpole’ AI Chip Surpasses Industry Standards

    IBM Research unveiled its pioneering artificial intelligence (AI) dedicated chip, christened “Northpole.” Official statements allude to its design inspiration as “mirroring the human brain’s operation,” merging neural networks with avant-garde chip architecture, resulting in a performance that’s a staggering 22-fold swifter than contemporary industry counterparts.

    Northpole, sculpted with the precision of the 12nm process, hosts an impressive 22 billion transistors within its roughly 800 square millimeters expanse. The chip boasts 256 computational units, each capable of executing 2048 operations per cycle at 8-bit precision. When transposed to 4-bit or 2-bit accuracy, the operation count doubles. IBM Research accentuates that, given the chip’s integration of the ResNet-50 neural network model, its inferencing prowess surpasses all dominant architectures, even outshining GPUs fabricated with the 4nm process.

    The visionary behind the Northpole project, Dharmendra Modha, had previously, in 2014, introduced the TrueNorth chip, touted to “simulate human brain operations.” Within conventional chip designs, processing units and data storage units remain discrete entities. While this bifurcation simplifies the chip’s blueprint, it inadvertently engenders the “Von Neumann bottleneck” due to the transmission rate lagging behind processing speed. Modha postulates the human brain as the epitome of energy-efficient processors known to date and ardently seeks digital methods to replicate its intricate mechanics.

    At the granularity of a single core, Northpole manifests akin to computation-oriented memory. Yet, from an external chip perspective, at the input-output level, Northpole resonates as an active memory unit. Architecturally, Northpole blurs the demarcation between computation and storage, facilitating seamless integration into systems and markedly diminishing the host’s operational load.

    In sum, while Northpole’s constraints in supporting expansive neural networks such as GPT-4 earmark it primarily for model inferencing realms, IBM Research’s introduction of Northpole is not a gambit targeting the mainstream AI market. Instead, it caters to niche sectors singularly centered on inferencing, rendering its impact on the broader AI landscape rather circumscribed.

  • IBM CEO predicts at least 30% of jobs will be replaced by AI and automation in the next 5 years

    Amid the growing trend of artificial intelligence technology becoming a crucial resource for many businesses, IBM CEO Arvind Krishna revealed in an interview that the company anticipates ceasing recruitment for positions that can be replaced by AI within the next few years.

    Krishna further estimates that within the next five years, at least 30% of jobs will be supplanted by artificial intelligence and automation technologies. The roles most vulnerable to replacement are those that do not involve direct customer interaction and can be handled through automated processes, such as frequently occurring customer inquiries or tasks involving code generation by AI.

    AI replace job

    For more complex customer issues requiring human intervention or production tasks necessitating greater human involvement, Krishna believes such positions are unlikely to be replaced rapidly within the next decade.

    Although IBM has recently announced significant layoffs, Krishna asserts that the overall workforce is growing. For example, around 7,000 employees were added in the first quarter alone. Currently, IBM has approximately 260,000 employees worldwide and continues to recruit for software development and customer-facing roles.

  • GlobalFoundries sues IBM for misappropriating its trade secrets

    GlobalFoundries has formally filed a lawsuit with the United States District Court for the Southern District of New York, accusing IBM of illicitly misappropriating its proprietary trade secrets and divulging pertinent information to Intel and the newly established Japanese semiconductor company Rapidus, while actively poaching its engineers. GlobalFoundries seeks compensatory and punitive damages, as well as injunctions to prevent further unauthorized disclosures and curb improper talent acquisition practices.

    GlobalFoundries fab France

    GlobalFoundries asserts that after acquiring IBM’s microelectronics division in 2015, it gained ownership of the associated trade secrets, intellectual property, and confidential business information. However, IBM allegedly breached industry ethics and contractual stipulations by providing these trade secrets to its partners, potentially garnering “hundreds of millions of dollars in licensing income and other benefits.” IBM executives have described their collaboration with Intel and Rapidus as being based on decades of research results from the Albany Nanotechnology Center, yet the ownership of this research should have been transferred to GlobalFoundries eight years ago.

    IBM is currently collaborating with Rapidus to develop 2nm process technology, and in 2021, established a partnership with Intel to develop various semiconductor-related technologies, including GAA transistor technology. It remains unclear what information IBM provided Intel and Rapidus throughout their collaborations, but it is plausible that some shared IP originated from the research achievements of its former microelectronics division. Another concern for GlobalFoundries is IBM’s poaching of engineers from its Fab 8 facility, which has become increasingly prevalent since IBM’s partnership with Rapidus.

    IBM contends that GlobalFoundries’ allegations are baseless and suggests the lawsuit stems from GlobalFoundries’ decision in 2018 to alter its technology roadmap, abandoning advanced process development plans and divesting assets acquired from IBM. In response, IBM accused GlobalFoundries of breaching its contract in 2021, seeking $2.5 billion in damages.

  • IBM announces its complete withdrawal from the Russian market

    IBM announced this week that it will completely withdraw from Russia and lay off all local employees, but it will provide reasonable measures for these employees to help them tide over the difficulties. The tech giant mainly provides software solutions and cloud computing services, and its clients include Sberbank and Russian State Railways.

    On March 7, IBM announced the suspension of operations in the Russian market. During the suspension of operations, IBM still paid wages and other benefits to local Russian employees. After suspending operations for 3 months, IBM decided that it would not make much sense to continue, so it ended operations in the Russian market and laid off all local employees.

    IBM z15 mainframe

    “ML1_1056”by IBM DACH is licensed under CC BY-NC 2.0

    As the consequences of the war continue to mount and uncertainty about its long-term ramifications grows, we have now made the decision to carry out an orderly wind-down of IBM’s business in Russia,” Chief Executive Arvind Krishna wrote to employees.

    Our colleagues in Russia have, through no fault of their own, endured months of stress and uncertainty… I want to assure them that IBM will continue to stand by them and take all reasonable steps to provide support and make their transition as orderly as possible,” Krishna wrote.

    IBM did not disclose how many local employees the company has in Russia, but IBM has many important customers in Russia for which IBM provides support services. Sberbank and Russian State Railways are typical customers, and IBM Cloud service also has many enterprise customers in Russia. However, the overall revenue share is very small. IBM said that the Russian market contributed about $300 million in revenue, accounting for 0.5% of the total revenue of 57.4 billion US dollars in 2021. Therefore, the withdrawal from the Russian market will not have a significant impact on IBM’s daily operations. At present, IBM’s stock price has not changed much.
    Via: Reuters

  • IBM and Samsung join hands to achieve semiconductor breakthroughs

    At the recently held 2021 IEEE International Electron Devices Meeting (IEDM), Intel introduced key technologies in packaging, transistors, and quantum physics, and outlined its future technology development direction. IBM and Samsung have joined hands to introduce the next generation of semiconductor chip technology: Vertical Transport Field Effect Transistors (VTFET). This breakthrough new technology allows transistors to be stacked vertically, which can double the performance or reduce energy consumption by 85% compared to scaled FinFETs.

    VTFET technology

    Under normal circumstances, the transistor is built in a horizontal manner, and the current is directed laterally from one side to the other side. Through the vertical transmission of field-effect transistors, vertical construction and layering of transistors are realized, allowing current to flow up and down in the transistors, freeing from the limitations of horizontal layout and current guidance in the past. Technicians relax the physical limitations of transistor gate length, spacing thickness, and contact size to solve scaling barriers and optimize performance and power consumption. Using VTFET technology can not only reduce the chip area but also improve energy efficiency and provide stronger performance.

    With the help of VTFET technology, IBM and Samsung have shown that in CMOS semiconductor design, it is possible to explore scaling performance beyond nanometers. VTFET technology solves many performance obstacles and limitations, expands Moore’s Law, and allows chip designers to place more transistors in the same space to achieve a greater leap. After announcing the production of the world’s first 2nm process node chip this year, IBM once again demonstrated its strength in semiconductors.

    IBM and Samsung have cooperated closely in the past period of time. Since the fab was sold to GlobalFoundries in 2014, IBM no longer has its own fab, so the mass production of chips is handed over to Samsung. IBM plans to use its first commercial 7nm process processor IBM Power 10 in its Power Systems servers this year, supporting PCIe Gen5 and DDR5 memory and will be manufactured by Samsung.

  • IBM developed a new AI that helps predict the progression of Parkinson’s disease

    The application of AI in the medical field is becoming more and more extensive. For example, AI can be used to assist in the diagnosis of cancer or eye diseases, judge the mental health of patients, etc., and can even be used to find the appropriate ingredients of new drugs. Recently, AI has added another purpose to the fight against disease, which is to predict the possible evolution of Parkinson’s disease in different patients.

    This new AI was jointly developed by IBM, a world-renowned IT company, and a foundation dedicated to finding a suitable method for the treatment of Parkinson’s disease. In the paper jointly published by the two, they stated that this new AI can predict the different patients, the different time of onset, and the severity of Parkinson’s disease, allowing doctors to better predict the condition of Parkinson’s patients, thus completely changing the way doctors help patients manage symptoms.

    This new breakthrough of IBM is based on research called Parkinson’s Progression Markers Initiative. This study has data on more than 1,400 patients. Through this study, IBM has allowed this AI model to depict the complex symptoms and development patterns of Parkinson’s disease.

    It is estimated that more than 6 million people worldwide suffer from Parkinson’s disease, and there is currently no treatment for this disease. The new AI developed by IBM this time is expected to provide more detailed and clear feature indicators for different stages of Parkinson’s disease.

  • IBM: GlobalFoundries violated the transaction agreement, demanded $2.5 billion in compensation

    In April of this year, GlobalFoundries received a letter from IBM’s lawyer stating that it had breached the contract and required $2.5 billion in compensation. GlobalFoundries filed a lawsuit in the New York State Court this week, requesting a ruling that it did not violate the transaction contract with IBM, and this Monday is also the deadline for payment in the IBM lawyer’s letter.

    GlobalFoundries IPO
    “Industrie: Werk GLOBALFOUNDRIES Dresden, Deutschland” by MWM Energy is licensed under CC BY-NC-ND 2.0

    According to Times Union reports, the incident originated in 2014 when IBM and GlobalFoundries reached a deal. IBM paid a total of $1.5 billion to GlobalFoundries over three years, allowing GlobalFoundries to take over its loss-making semiconductor manufacturing business and at the same time produce a new generation of Power series processors for IBM. In the following two years, GlobalFoundries invested about $10 billion to develop a foundry in New York.

    IBM said in a statement that it paid $1.5 billion to GlobalFoundries to manufacture next-generation processors, but GlobalFoundries abandoned IBM after receiving the last payment and realized the assets obtained in the transaction and profited from it, which is the main reason why IBM demanded $2.5 billion in compensation. At the same time, GlobalFoundries announced in 2018 that it would abandon its advanced process research and development plan, which coincides with the completion time of the last payment by IBM. As a result, IBM will eventually have to pass Samsung before it can use advanced manufacturing processes to produce its own new generation of products.

    GlobalFoundries denied the relevant allegations, saying that it made a difficult decision in 2018. The research and development of the 7nm process quickly exhausted the company’s resources and threatened normal operations. It was this decision that ultimately allowed GlobalFoundries to remain profitable for the next few years. GlobalFoundries currently plans to make large-scale investments to expand production capacity and plans to conduct an IPO at the same time. It is believed that IBM’s request for compensation at this time makes people doubt its motives.

  • Google builds its own commercial quantum computer, expected to be completed by 2029

    At the I/O conference, Google CEO Sundar Pichai announced plans to produce a commercial quantum computer belonging to Google by 2029. Google’s chief engineer of quantum AI, Erik Lucero, also explained in detail in a blog how Google will build its own commercial quantum computer in the next 10 years.

    Google executives also showed off the new Quantum AI campus in Santa Barbara, California, U.S. This campus will have Google’s first quantum data center, hardware research laboratory, and Google’s first own quantum processor chip production facility.

    The biggest advantage of the Quantum Project lies in the speed, magnitude, and accuracy of data processing so that even complex calculations can be completed faster. Experts predict that quantum computing can promote breakthroughs in multiple fields including medical care, economics, encryption, artificial intelligence, sustainability, and energy.

    Erik Lucero says:
    To build better batteries (to lighten the load on the power grid), or to create fertilizer to feed the world without creating 2% of global carbon emissions (as nitrogen fixation does today), or to create more targeted medicines (to stop the next pandemic before it starts), we need to understand and design molecules better. That means simulating nature accurately. But you can’t simulate molecules very well using classical computers. As you get to even modestly sized molecules, you quickly run out of computing resources. Nature is quantum mechanical: The bonds and interactions among atoms behave probabilistically, with richer dynamics that exhaust the simple classical computing logic.

    Google is not the only company on the road to quantum computers. IBM will also install its first commercial quantum computer in Cleveland this year. Therefore, it is still unknown whether Google can catch up with the progress of other companies in commercializing quantum computers.