It's a myth that you need Mythos to find bugs: Open source models can do it just as well
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs Black Hat Asia Open source models can find bugs as effectively as Anthropic's Mythos, according to Ari Herbert-Voss, CEO of AI-powered security startup RunSybil and OpenAI's first security hire.…
Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.
Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and XDR unify visibility, detection, and automated response to strengthen proactive defense. [...]
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. [...]
Agents Fuel Digital Risk Protection, Open-Source Intel Adoption in Regulated SpacesOuttake will invest $40 million to grow its automated platform for digital risk protection and open-source threat intelligence. CEO Alex Dhillon says the New York-based startup's agent-led model stands apart by replacing manual labor with scalable AI workflows.
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE)
A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host
Plus: automated SBOMs, $250,000 bounties ahead interview No good idea - like rewarding open source software developers and maintainers for their contributions - goes unabused by cybercriminals, and this was the case with the Tea Protocol and two token farming campaigns.…
AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.…
A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB)
DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale.
Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE)
Automated incident response solutions help reduce the mean time to respond to incidents, address known security threats, and also minimize alert fatigue. Learn more about these solutions from Wazuh, the open source XDR/SIEM platform. [...]
The kit is written in NodeJS and has automated setup and detection evasion capabilities
A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems
In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links