#security
Every summary, chronological. Filter by category, tag, or source from the rail.
Governing Autonomous AI via Institutional Attestation
Instead of monitoring AI reasoning, secure high-risk autonomous actions by requiring cryptographically verified, independent attestations for every execution step.
Scaling Cyber Defense: From Vulnerability Discovery to Patching
OpenAI's Daybreak initiative shifts the focus of AI-powered cybersecurity from merely finding vulnerabilities to automating the end-to-end patching process, supported by new models, developer plugins, and open-source partnerships.
RIFT-Bench: A Framework for Automated Agentic AI Red-Teaming
RIFT-Bench provides a standardized, graph-based methodology to automatically discover and stress-test autonomous AI agent architectures, enabling unified security evaluation across heterogeneous systems.
OpenAI's Patch the Planet Initiative for Open Source Security
OpenAI has launched 'Patch the Planet,' a collaboration with security firm Trail of Bits, to provide open source maintainers with expert security reviews and AI-assisted tooling to identify and remediate vulnerabilities.
5 Low-Effort Backend Configurations for Production Resilience
Improve backend stability and performance by implementing response compression, request timeouts, connection pooling, secret caching, and tiered rate limiting.
Patch the Planet: Scaling Open Source Security with AI-Assisted Workflows
OpenAI's 'Patch the Planet' initiative pairs frontier AI models with human security experts to identify, validate, and patch vulnerabilities in critical open-source infrastructure, reducing the burden on maintainers.
Securing Multi-Agent Systems with Cryptographic Identity
To prevent 'confused deputy' vulnerabilities in multi-agent systems, move away from static path-based security and implement identity-based delegation chains using SPIFFE, OAuth2, and cryptographic headers.
IBM TechnologyWhy MCP and ChatGPT Apps Use Double Iframes
To securely render third-party UI, ChatGPT uses a double-iframe pattern: an outer iframe provides a sandboxed environment on a unique subdomain, while an inner iframe uses 'srcdoc' to render the app, preventing cross-origin storage access and CSP violations.
AI EngineerManaging AI Agents as First-Class Enterprise Identities
NewCore has raised $66M to provide a dedicated identity and access management platform for AI agents, treating them as autonomous employees rather than simple service accounts.
Securing Continuous Data Summarization Against Adversarial Attacks
This paper addresses vulnerabilities in continuous data summarization systems by identifying multi-target adversarial attack vectors and proposing robust defense mechanisms to ensure AI trustworthiness.
OpenAI Introduces Lockdown Mode to Mitigate Prompt Injection Risks
OpenAI has launched 'Lockdown Mode' for ChatGPT Business and select personal accounts, a security feature that restricts high-risk functionalities like live web browsing and agent mode to reduce data exfiltration risks from prompt injection attacks.
Standardizing AI Agent Authentication with auth.md
WorkOS introduced auth.md, an open protocol that allows AI agents to securely register and obtain scoped credentials using existing OAuth standards, eliminating the need for insecure raw API keys.
Navigating AI Security: Strategy vs. Platform Reality
While platform leaders advocate for centralized AI security and agentic defense, developers face significant risks from platform-level vulnerabilities and slow credential revocation, highlighting a gap between security advice and infrastructure execution.
Perplexity Open-Sources Bumblebee for Endpoint Supply-Chain Security
Bumblebee is a read-only, Go-based scanner that audits developer endpoints for vulnerable packages, editor extensions, and AI tool configurations without executing potentially malicious code.
Securing .NET AI Integrations Against Prompt Injection
Prompt injection is the AI equivalent of SQL injection. Protect your .NET applications by treating all input—including internal database records—as untrusted, implementing multi-layer sanitization, and using dynamic boundary tokens to isolate user data from system instructions.
Modernizing User Authentication: Passkeys and Identity APIs
Improve user retention and security by replacing legacy passwords with phishing-resistant passkeys, federated identity, and browser-mediated verification protocols.
Chrome for DevelopersSecuring Development Environments in an Era of Supply Chain Attacks
Frequent supply chain attacks and device compromises highlight the urgent need for developers to adopt restrictive security practices, such as using secure package managers and isolated development environments.
Maximilian SchwarzmullerHallucination as Exploit: Security Risks in Multimodal AI Agents
Multimodal AI agents are vulnerable to 'evidence-carrying' attacks, where attackers use hallucination to force models into executing malicious code or leaking sensitive data via manipulated visual inputs.
Reverse Engineering Claude Mythos for Vulnerability Discovery
Claude Mythos uses parallel ephemeral agents and a shared 'Engagement Graph' to maintain context and certainty, enabling more effective automated vulnerability discovery than standalone models.
Showing 21 of 21