Experimental News Clipping Site

Tag: vulnerability

  • Wired: AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

    by

    Kurt Seifried
    in

    Source URL: https://arstechnica.com/security/2025/04/ai-generated-code-could-be-a-disaster-for-the-software-supply-chain-heres-why/ Source: Wired Title: AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks Feedly Summary: A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code. AI Summary and Description: Yes Summary: The text reports…

  • Slashdot: Microsoft CEO Says Up To 30% of the Company’s Code Was Written by AI

    by

    Kurt Seifried
    in

    Source URL: https://developers.slashdot.org/story/25/04/30/1735210/microsoft-ceo-says-up-to-30-of-the-companys-code-was-written-by-ai Source: Slashdot Title: Microsoft CEO Says Up To 30% of the Company’s Code Was Written by AI Feedly Summary: AI Summary and Description: Yes Summary: Microsoft CEO Satya Nadella revealed that a significant portion, between 20%-30%, of the company’s code in repositories is generated by AI. This revelation occurred during a discussion…

  • CSA: Putting the App Back in CNAPP

    by

    Kurt Seifried
    in

    Source URL: https://cloudsecurityalliance.org/articles/breaking-the-cloud-security-illusion-putting-the-app-back-in-cnapp Source: CSA Title: Putting the App Back in CNAPP Feedly Summary: AI Summary and Description: Yes Summary: The text outlines the limitations of current Cloud-Native Application Protection Platform (CNAPP) solutions in addressing application-layer security threats. As attackers evolve to exploit application logic and behavior rather than just infrastructure misconfigurations, the necessity for…

  • Slashdot: AI-Generated Code Creates Major Security Risk Through ‘Package Hallucinations’

    by

    Kurt Seifried
    in

    Source URL: https://developers.slashdot.org/story/25/04/29/1837239/ai-generated-code-creates-major-security-risk-through-package-hallucinations?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: AI-Generated Code Creates Major Security Risk Through ‘Package Hallucinations’ Feedly Summary: AI Summary and Description: Yes Summary: The study highlights a critical vulnerability in AI-generated code, where a significant percentage of generated packages reference non-existent libraries, posing substantial risks for supply-chain attacks. This phenomenon is more prevalent in open…

  • Schneier on Security: Applying Security Engineering to Prompt Injection Security

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/04/applying-security-engineering-to-prompt-injection-security.html Source: Schneier on Security Title: Applying Security Engineering to Prompt Injection Security Feedly Summary: This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police…

  • Cisco Talos Blog: Year in Review: AI based threats

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/year-in-review-ai-based-threats/ Source: Cisco Talos Blog Title: Year in Review: AI based threats Feedly Summary: 2024 wasn’t the year that AI rewrote the cybercrime playbook — but it did turbocharge some of the old tricks. Read this summary of AI-based threats, from Talos’ 2024 Year in Review. AI Summary and Description: Yes Summary: The…