Lucene search
K

387 matches found

Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.18 views

SOCpilot: Verifying Policy Compliance for LLM-Assisted Incident Response

Security operations centers SOCs are beginning to use large language models LLMs as copilots to draft incident-response plans. These plans may include actions that are valid per the catalog but still violate mandatory steps, required ordering, or approval gates before analyst review. SOCpilot mak...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.41 views

Toward Autonomous SOC Operations: End-To-End LLM Framework for Threat Detection, Query Generation, and Resolution in Security Operations

Security Operations Centers SOCs face mounting operational challenges. These challenges come from increasing threat volumes, heterogeneous SIEM platforms, and time-consuming manual triage workflows. We present an end-to-end threat management framework that integrates ensemble-based detection,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.6 views

AsmRAG: LLM-Driven Malware Detection by Retrieving Functionally Similar Assembly Code

Deep learning malware detectors achieve high classification accuracy but suffer from severe interpretability limitations, typically returning probabilistic verdicts that lack forensic context. We introduce AsmRAG, a framework performing malware analysis through Assembly-Level Retrieval-Augmented...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.13 views

Can SOC Operators Explain Their Decisions While Triaging Alarms? A Real-World Study

Security Operations Centers SOCs are pivotal in modern enterprises. Tasked to monitor complex network environments constantly under attack, SOCs can be active 24/7 and can include hundreds of operators supported by state-of-the-art technologies. Abundant research has studied the internal processe...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.7 views

A Sociotechnical, Practitioner-Centered Approach to Technology Adoption in Cybersecurity Operations: An LLM Case

Technology for security operations centers SOCs has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models LLMs, which exhibit issues such as hallucinations and inconsistent...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.27 views

AgentSOC: A Multi-Layer Agentic AI Framework for Security Operations Automation

Security Operations Centers SOCs increasingly encounter difficulties in correlating heterogeneous alerts, interpreting multi-stage attack progressions, and selecting safe and effective response actions. This study introduces AgentSOC, a multi-layered agentic AI framework that enhances SOC...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/13 11:41 a.m.5 views

Your MTTD Looks Great. Your Post-Alert Gap Doesn't

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmore warned that similar capabilities are weeks or months from proliferation. CrowdStrike's 2026...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/12 11:49 a.m.94 views

Cybersecurity-Detection-Engineering-POC-Event-Generator

Cybersecurity-Detection-Engineering-POC-Event...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/11 5:8 p.m.89 views

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.6 views

Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit

Large language models LLMs have recently emerged as promising tools for augmenting Security Operations Center SOC workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/09 7:0 p.m.7 views

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/09 7:0 p.m.19 views

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.7 views

LanG -- a Governance-Aware Agentic AI Platform for Unified Security Operations

Modern Security Operations Centers struggle with alert fatigue, fragmented tooling, and limited cross-source event correlation. Challenges that current Security Information Event Management and Extended Detection and Response systems only partially address through fragmented tools. This paper...

5.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2026/04/06 8:0 p.m.6 views

Why Every Enterprise Needs a Risk Operations Center (ROC)

Enterprise security has long optimized for speed of response over prevention of risk. At Qualys, we recognized early that this left half the problem unsolved, and we have spent years building the operational frameworks to close that gap. The Risk Operations Center is the result. Here is a scenari...

5.9AI score
Exploits0
HackRead
HackRead
added 2026/04/06 1:34 p.m.6 views

Why Security Researchers and Red Teams Are Turning to Workflow Automation

Security researchers and red teams adopt workflow automation to cut alert fatigue, enrich data, and scale operations across SOC, intel and recon tasks...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/30 1:16 p.m.26 views

The Wiz Blue Agent, now Generally Available

Accelerate your SecOps team with the Blue Agent for threat investigation, now Generally Available...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/30 12:0 a.m.1 views

Design Principles for the Construction of a Benchmark Evaluating Security Operation Capabilities of Multi-Agent AI Systems

As Large Language Models LLMs and multi-agent AI systems are demonstrating increasing potential in cybersecurity operations, organizations, policymakers, model providers, and researchers in the AI and cybersecurity communities are interested in quantifying the capabilities of such AI systems to...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/26 1:12 p.m.5 views

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exist...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/26 11:58 a.m.4 views

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso,...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/25 4:0 p.m.7 views

Identity security is the new pressure point for modern cyberattacks

Identity attacks no longer hinge on who a cyberattacker compromises, but on what that identity can access. As organizations manage growing numbers of human, non-human, and agentic identities, their access fabric multiplies across apps, resources, and environments, which increases both operational...

5.9AI score
Exploits0
Rows per page
Query Builder