Microsoft Azure CTO says Claude found vulns in Apple II code
…Nor is it a win for most open source projects, since AI is also good at finding irrelevant or non-existent security problems, causing a burden for maintainers drowning in AI slop…
Search
AI slop got better, so now maintainers have more work
…Much of the notional productivity gain from AI may just be AI tool users moving the cost of code review off the books. ® open source ai and ml ai software security
Documentation can contain malicious instructions for agents
…for some time in the developer community that AI models sometimes hallucinate package names , a shortcoming that security experts have shown can be exploited by uploading malicious code under the invented package…
Google unleashes Gemini AI agents on the dark web
…It also enables unified governance and controls within Google Security Operations for the security agents they build. ® special_features cybercrime google ai rsa rsa conference
Fake applicants are sending security-killing malware
…The operation, detailed in a threat report from networking and security outfit Aryaka , exploits one of the most mundane workflows within an organization: hiring. Researchers say the bait arrives as what looks…
AI agent hacked McKinsey chatbot for read-write access
Security AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours David and Goliath…but with AI agents Researchers at red-team security startup…
Cheap Chinese models are overtaking Anthropic
…On Monday, the US-China Economic and Security Review Commission issued a report assessing the competitive threat posed by Chinese AI companies. "Chinese labs have narrowed performance gaps with top Western large…
Voice phishing skyrockets as smooth crims talk their way in
…devices like firewalls, routers, and VPNs, generally by exploiting zero-day bugs. Operators of edge devices don't often protect them with endpoint security products, so attacks running the machines often evade…
McGraw Hill linked to 13.5M-record data leak
…Extended security updates for old Exchange, and Skype for Biz Commvault has a Ctrl+Z for rogue AI agents Anthropic's Project Glasswing CVE tally is still anyone's guess Raspberry Pi…
Two different attackers poisoned popular open source tools
…great place to leverage AI," he said. "Start turning on AI agents to identify where these open source projects are in your environment." All of the security experts we spoke with noted…