LLMs

“Context bombs” can frustrate AI-driven attacks, researchers found

“Context bombs” can frustrate AI-driven attacks, researchers found 2026-07-14 at 15:27 By Zeljka Zorz A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable isn’t the technique – prompt injection is old news – but the direction it’s pointed: not […]

“Context bombs” can frustrate AI-driven attacks, researchers found Read More »

Fake smart home residents could stand in for real ones in security research

Fake smart home residents could stand in for real ones in security research 2026-07-14 at 08:30 By Anamarija Pogorelec Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house and watching for months, which is slow, costly,

Fake smart home residents could stand in for real ones in security research Read More »

Cynative: Open-source deep research agent

Cynative: Open-source deep research agent 2026-07-13 at 09:00 By Mirko Zorz Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can delete a bucket, flip a permission, or leak a secret on

Cynative: Open-source deep research agent Read More »

20 open-source cybersecurity tools to keep your team ready for anything

20 open-source cybersecurity tools to keep your team ready for anything 2026-07-08 at 08:30 By Anamarija Pogorelec AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent

20 open-source cybersecurity tools to keep your team ready for anything Read More »

Researchers make the case for a cybersecurity AI scientist

Researchers make the case for a cybersecurity AI scientist 2026-07-07 at 09:30 By Mirko Zorz Autonomous AI agents have started doing real security work. Language-model agents probe software for flaws, run penetration tests, and chain together attack steps that once needed a human operator. Research about security has stayed slower and more manual, built around

Researchers make the case for a cybersecurity AI scientist Read More »

Non-interactive SSH attacks dominate after login

Non-interactive SSH attacks dominate after login 2026-07-03 at 08:30 By Sinisa Markovic Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from addresses all over the world. The common picture of what comes

Non-interactive SSH attacks dominate after login Read More »

DarkMoon: Open-source AI pentesting platform

DarkMoon: Open-source AI pentesting platform 2026-06-29 at 08:30 By Mirko Zorz Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester. Automation promises to narrow

DarkMoon: Open-source AI pentesting platform Read More »

Sycophantic chatbots and the harms that build over many chats

Sycophantic chatbots and the harms that build over many chats 2026-06-29 at 08:00 By Sinisa Markovic People use AI chatbots for company, advice, and emotional support, and these systems answer in ways meant to hold their attention. Researchers describe the resulting risks as affective safety, a class of harm that exists because humans are emotional

Sycophantic chatbots and the harms that build over many chats Read More »

Companies keep bolting AI onto their products, and the security bill is coming due

Companies keep bolting AI onto their products, and the security bill is coming due 2026-06-29 at 07:30 By Mirko Zorz Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else,

Companies keep bolting AI onto their products, and the security bill is coming due Read More »

LLM security advice looks solid until you check the hard cases

LLM security advice looks solid until you check the hard cases 2026-06-25 at 09:00 By Anamarija Pogorelec Plenty of people now type their security worries straight into a chatbot. A hacked account, a suspicious email, a stalker who might be tracking a phone, all of it lands in the same window someone would use to

LLM security advice looks solid until you check the hard cases Read More »

Best practices for AI in open-source work

Best practices for AI in open-source work 2026-06-25 at 08:00 By Anamarija Pogorelec Free and open source software developers us AI coding assistants such as Claude Code, Copilot CLI, Antigravity, and OpenCode in their daily work. The Software Freedom Conservancy responded to that trend with a set of recommendations for contributors who use these tools,

Best practices for AI in open-source work Read More »

Most agentic AI projects in production have stalled over data problems

Most agentic AI projects in production have stalled over data problems 2026-06-18 at 07:00 By Anamarija Pogorelec Enterprises are connecting AI agents to live data feeds and putting them to work on tasks that once required human review, from IT operations to software development. The number doing this in production reached 32 percent in 2026,

Most agentic AI projects in production have stalled over data problems Read More »

Low-skilled attacker used Claude, Codex to breach 14 companies

Low-skilled attacker used Claude, Codex to breach 14 companies 2026-06-17 at 18:43 By Zeljka Zorz Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised server

Low-skilled attacker used Claude, Codex to breach 14 companies Read More »

The SOC’s visibility gap comes down to staffing

The SOC’s visibility gap comes down to staffing 2026-06-17 at 09:00 By Mirko Zorz AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third

The SOC’s visibility gap comes down to staffing Read More »

Open-source CI/CD abuse detector guards against stolen credential attacks

Open-source CI/CD abuse detector guards against stolen credential attacks 2026-06-15 at 08:30 By Sinisa Markovic CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure

Open-source CI/CD abuse detector guards against stolen credential attacks Read More »

A hardware neural network backdoor that hides in plain sight

A hardware neural network backdoor that hides in plain sight 2026-06-15 at 08:00 By Mirko Zorz Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips

A hardware neural network backdoor that hides in plain sight Read More »

Senior engineers are spending their week cleaning up AI-generated code

Senior engineers are spending their week cleaning up AI-generated code 2026-06-15 at 07:00 By Anamarija Pogorelec At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated

Senior engineers are spending their week cleaning up AI-generated code Read More »

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) 2026-06-09 at 15:21 By Zeljka Zorz A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Monday. About CVE-2026-42271 LiteLLM is

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) Read More »

The security questions around Chinese AI coding models in U.S. software

The security questions around Chinese AI coding models in U.S. software 2026-06-09 at 08:46 By Anamarija Pogorelec Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according

The security questions around Chinese AI coding models in U.S. software Read More »

Treating AI agents like service accounts for federated query security

Treating AI agents like service accounts for federated query security 2026-06-09 at 08:46 By Mirko Zorz In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than

Treating AI agents like service accounts for federated query security Read More »

Scroll to Top