LLMs

Most agentic AI projects in production have stalled over data problems

AI, automation, Confluent, cybersecurity, data, LLMs, News, report /

Most agentic AI projects in production have stalled over data problems 2026-06-18 at 07:00 By Anamarija Pogorelec Enterprises are connecting AI agents to live data feeds and putting them to work on tasks that once required human review, from IT operations to software development. The number doing this in production reached 32 percent in 2026, […]

Most agentic AI projects in production have stalled over data problems Read More »

Low-skilled attacker used Claude, Codex to breach 14 companies

agentic AI, attack, attack tools, Claude Code, cybersecurity, Don't miss, Hot stuff, LLMs, News, research /

Low-skilled attacker used Claude, Codex to breach 14 companies 2026-06-17 at 18:43 By Zeljka Zorz Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised server

Low-skilled attacker used Claude, Codex to breach 14 companies Read More »

The SOC’s visibility gap comes down to staffing

agentic AI, AI, cybersecurity, Don't miss, LLMs, News, SANS, security operations, SOC, survey, Threat Intelligence /

The SOC’s visibility gap comes down to staffing 2026-06-17 at 09:00 By Mirko Zorz AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third

The SOC’s visibility gap comes down to staffing Read More »

Open-source CI/CD abuse detector guards against stolen credential attacks

automation, Claude Code, Don't miss, GitHub, LLMs, News, open source /

Open-source CI/CD abuse detector guards against stolen credential attacks 2026-06-15 at 08:30 By Sinisa Markovic CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure

Open-source CI/CD abuse detector guards against stolen credential attacks Read More »

A hardware neural network backdoor that hides in plain sight

backdoor, chip, Don't miss, Features, hardware, Hot stuff, LLMs, News, research /

A hardware neural network backdoor that hides in plain sight 2026-06-15 at 08:00 By Mirko Zorz Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips

A hardware neural network backdoor that hides in plain sight Read More »

Senior engineers are spending their week cleaning up AI-generated code

AI, code, code analysis, DevOps, Don't miss, generative AI, Hot stuff, LLMs, New Relic, News, report /

Senior engineers are spending their week cleaning up AI-generated code 2026-06-15 at 07:00 By Anamarija Pogorelec At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated

Senior engineers are spending their week cleaning up AI-generated code Read More »

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)

AI, CISA, Don't miss, Horizon3.ai, Hot stuff, LLMs, News, open source, Proxy, vulnerability /

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) 2026-06-09 at 15:21 By Zeljka Zorz A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Monday. About CVE-2026-42271 LiteLLM is

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) Read More »

The security questions around Chinese AI coding models in U.S. software

AI, Booz Allen Hamilton, China, code, code analysis, cybersecurity, LLMs, News, report, USA /

The security questions around Chinese AI coding models in U.S. software 2026-06-09 at 08:46 By Anamarija Pogorelec Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according

The security questions around Chinese AI coding models in U.S. software Read More »

Treating AI agents like service accounts for federated query security

access control, agentic AI, AI, CISO, cybersecurity, Don't miss, Features, LLMs, News, opinion, strategy /

Treating AI agents like service accounts for federated query security 2026-06-09 at 08:46 By Mirko Zorz In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than

Treating AI agents like service accounts for federated query security Read More »

Autonomous AI-driven worm can reason its way through corporate networks

AI, Don't miss, Hot stuff, LLMs, News, research, threat, worms /

Autonomous AI-driven worm can reason its way through corporate networks 2026-06-03 at 20:20 By Zeljka Zorz Researchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate on a fixed list of exploits. Instead, it analyzes each target it encounters,

Autonomous AI-driven worm can reason its way through corporate networks Read More »

AI red teaming agents change how LLMs get tested

agentic AI, AI, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, research /

AI red teaming agents change how LLMs get tested 2026-05-21 at 08:00 By Mirko Zorz Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source

AI red teaming agents change how LLMs get tested Read More »

When your AI assistant has the keys to production

agentic AI, AI, cybersecurity, Don't miss, LLMs, News, research, security operations /

When your AI assistant has the keys to production 2026-05-20 at 09:34 By Sinisa Markovic Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure.

When your AI assistant has the keys to production Read More »

The AI backdoor your security stack is not built to see

AI, backdoor, cybersecurity, Don't miss, enterprise, Features, LLMs, Microsoft, News, research /

The AI backdoor your security stack is not built to see 2026-05-18 at 09:42 By Sinisa Markovic Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from

The AI backdoor your security stack is not built to see Read More »

HEIDI: Free IDE security plugin for open-source vulnerability checks

Connecting Software, DevSecOps, Don't miss, LLMs, News, programming, software, software development, supply chain /

HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a

HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »

Can your coding style predict whether your code is vulnerable?

code analysis, cybersecurity, Don't miss, LLMs, News, research, software development /

Can your coding style predict whether your code is vulnerable? 2026-05-05 at 13:21 By Sinisa Markovic Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years

Can your coding style predict whether your code is vulnerable? Read More »

What researchers learned about building an LLM security workflow

cybersecurity, LLMs, News, research, security operations, SOC /

What researchers learned about building an LLM security workflow 2026-05-04 at 09:46 By Sinisa Markovic Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any investigation involve pulling together logs from several sources to decide whether something is worth

What researchers learned about building an LLM security workflow Read More »

Open-source privacy proxy masks PII before prompts reach external AI services

data security, Dataiku, Don't miss, generative AI, GitHub, LLMs, News, open source, OpenAI, Privacy, software /

Open-source privacy proxy masks PII before prompts reach external AI services 2026-05-01 at 11:49 By Sinisa Markovic Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an

Open-source privacy proxy masks PII before prompts reach external AI services Read More »

Indirect prompt injection is taking hold in the wild

agentic AI, AI, data theft, Don't miss, DoS, Forcepoint, Google, Hot stuff, LLMs, News, prompt injection, research, SEO, threat /

Indirect prompt injection is taking hold in the wild 2026-04-24 at 23:26 By Zeljka Zorz The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves hiding (more or less) covert instructions inside ordinary web pages, waiting for an AI agent

Indirect prompt injection is taking hold in the wild Read More »

Scenario: Open-source framework for automated AI app red-teaming

agentic AI, automation, Don't miss, framework, GitHub, LLMs, News, open source, red team, software /

Scenario: Open-source framework for automated AI app red-teaming 2026-04-23 at 09:47 By Mirko Zorz Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems every day. LangWatch has released Scenario, an open-source framework that runs automated red-team exercises against AI agents using

Scenario: Open-source framework for automated AI app red-teaming Read More »

PentAGI: Open-source autonomous AI penetration testing system

AI, automation, cybersecurity, Don't miss, GitHub, LLMs, News, open source, penetration testing, software /

PentAGI: Open-source autonomous AI penetration testing system 2026-04-22 at 10:09 By Anamarija Pogorelec Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans, researches, and

PentAGI: Open-source autonomous AI penetration testing system Read More »

Scroll to Top