GigaTap articles tagged ai security.
- Security beyond benchmarks: Microsoft MDASH moves to production - Microsoft’s MDASH moves from benchmark success into live engineering pipelines, embedding AI-driven vulnerability discovery directly into DevSecOps workflo
- AI branding as phishing leverage in modern attacks - Threat actors are using AI platform branding as a trust layer on top of standard phishing infrastructure, increasing engagement without changing core attac
- AI coding agents need access, not custody - 1Password’s Codex integration points to a cleaner model for agentic development: scoped, just-in-time credentials that stay out of prompts, code, terminals
- AI found the bugs. Now comes the patch problem - Anthropic’s Project Glasswing reportedly surfaced thousands of serious vulnerability candidates. The real issue is the widening gap between discovery, vali
- AI Security Budgets Shift From Tools to Control - AI security budgets are moving toward lifecycle governance of agentic systems. Visibility is no longer enough without enforcement across development and pr
- ChatGPhish Shows the Phishing Risk Inside AI Summaries - Permiso’s ChatGPhish disclosure points to a practical risk: trusted Markdown rendering can make AI web summaries part of the phishing surface.
- Reconstructing AI activity in security investigations - Microsoft defines a structured way to rebuild AI interactions into a coherent investigative timeline using scope, context, and signal across security telem
- Microsoft Build 2026 turns AI security into an ops problem - Microsoft’s Build 2026 security announcements matter less as AI hype and more as an operational check on code, agents, data, and model risk.
- AI Is Making Bug Hunting Faster - AI will not replace expert exploit work overnight. The sharper risk is speed: more actors can search, triage, and weaponize vulnerability leads faster.
- Patching Faster Will Not Fix the Bug Wave - Risky Business #836 points to a harder problem: AI may speed vulnerability discovery, but patching alone cannot carry the full security load.
- AI Speeds Up Bug Discovery. Repair Is the Real Test - AI can make vulnerability discovery faster than disclosure and patch workflows can absorb. The privacy risk sits in old systems, weak inventory, and slow r
- Do not let AI agents turn metrics into damage - Agentic misalignment is an access-control problem. Limit what AI agents can reach, change, and optimize before their shortcuts become operational risk.
- Evidential Survivability: Ethereum’s Verification Bet - OCP frames Ethereum as durable verification infrastructure for AI-era systems. The useful test is what evidence survives when tools, vendors, and runtimes
- Exploitability Is Becoming the AppSec Filter - Snyk’s Continuous Offensive Security pitch points to a real shift: teams need fewer abstract findings and better proof of what can actually be exploited.
- Mythos raises the cost of slow software supply chains - Chainguard’s Mythos guidance is best read as an operational warning: faster exploit development makes opaque dependencies, slow patching, and weak build pr
- SGLang RCE bugs put exposed AI servers at risk - CERT/CC reports two RCE flaws and one path traversal issue in SGLang’s multimodal runtime. No patch is available yet, so network exposure is the main contr
- AI DDoS Is a Readiness Problem, Not Just a Bigger Flood - The source is promotional and thin on incident detail, but the defensive signal is real: DDoS playbooks need to handle faster probing, adaptive traffic, an
- AI-assisted macOS exploit work is the real signal - A short Schneier item claims Anthropic’s Mythos model was used in work on a macOS kernel memory corruption exploit. The useful takeaway is not panic, but a
- AI Security Risk Is Mostly Governance Failure - Zapier’s AI security checklist points to a practical problem: unmanaged tools, sensitive uploads, and weak account controls create more immediate risk than
- Microsoft’s agent safety tools move testing into CI - RAMPART and Clarity show how agent safety is becoming an engineering workflow: test scenarios, design checks, and reproducible incident handling.
- Patch Tuesday gets quieter, but the patch race speeds up - Microsoft’s May 2026 update has no cited zero-days, but 118 fixes and broader vendor patch surges show how AI-assisted bug discovery may be changing securi
- Snyk’s AI Security Push Moves Closer to the Code - Snyk is betting that AI-generated code needs security controls inside developer workflows, backed by partners who can implement governance at enterprise sc
- AI-Assisted Exploits Move From Theory to Operations - GTIG says it identified a zero-day believed to be AI-developed, pointing to a more mature phase of AI use in adversary workflows.
- AI code review meets live infrastructure - Cloudflare tested Mythos and other security LLMs on live infrastructure code. The useful lesson is not autonomy, but where model-assisted review needs cont
- AI makes basic SaaS security harder to ignore - Microsoft’s guidance for growing businesses is vendor-led, but the practical point is real: AI tools inherit your identity, access, and data-control mistak
- ship-safe scans the new agent-era security seam - A public GitHub project claims checks for CI/CD drift, agent permissions, MCP tool injection, secrets, and AI dependency risk. Useful idea, but verify scop
- PentestAgent: AI Agents Move Into Black-Box Testing - PentestAgent is a Python framework for AI-assisted black-box security testing. The project is worth watching, but its GitHub metadata is not proof of readi
- PentestAgent: What to Check Before You Trust It - PentestAgent is an AI framework for black-box security testing. The useful question is not hype, but deployment model, data handling, update discipline, an
- AI apps are leaking power through bad configuration - Microsoft warns that exposed AI services, weak authentication, and cloud-native defaults are creating practical attack paths without zero-days.
- Pentagi shows where AI pentest agents are heading - Pentagi is an open-source autonomous penetration testing project. The useful question is not hype, but fit, scope control, and what teams must verify before use.
- Prompt Injection, Real RCE: the agent-tool boundary is fragile - Microsoft details two fixed Semantic Kernel vulnerabilities showing how prompt injection can become host-level code execution when model-controlled tool pa