PT-2026-47173

Posting this because I think it deserves more technical discussion than it's been getting. depthfirst a security startup ran an autonomous AI agent against FFmpeg's 1.5M lines of C. It returned 21 confirmed zero-days, each with a reproducible PoC. Nine CVEs assigned so far CVE-2026-39210 through...

name-Omni

Omni – Autonomous Red Team Lead & Bug Bounty Hunter Powered...

AI in Cybersecurity Education -- Scalable Agentic CTF Design Principles and Educational Outcomes

Large language models are rapidly changing how learners acquire and demonstrate cybersecurity skills. However, when human--AI collaboration is allowed, educators still lack validated competition designs and evaluation practices that remain fair and evidence-based. This paper presents a...

Before You Hand over the Wheel: Evaluating LLMs for Security Incident Analysis

Security incident analysis SIA poses a major challenge for security operations centers, which must manage overwhelming alert volumes, large and diverse data sources, complex toolchains, and limited analyst expertise. These difficulties intensify because incidents evolve dynamically and require...

OpenClaw: What is it and can you use it safely?

An AI tool with a funny name has caused quite a commotion as of late—including some allegations of machine consciousness—so here is a breakdown on OpenClaw. Launched in November 2025, OpenClaw is an open-source, autonomous artificial intelligence AI agent that was made to run locally on your own...

Malicious AI

Interesting: Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream python library. This represents a first-of-its-kind cas...

All gas, no brakes: Time to come to AI church

Welcome to this week's edition of the Threat Source newsletter. Brothers and sisters, gather close for a moment. We are all security followers here gathered in fellowship and community, with one joyful spirit to fight the good fight and do good out there in the security world. It is with that...

crossbow-agent

🤖 crossbow-agent - The Smart Way to Secure Your System 🚀 G...

nim-pentest-agent

NimPentestAgent Agent autonome de pentest intelligent pour CT...

PT-2025-44737

Name of the Vulnerable Software and Affected Versions Yandex Disk versions prior to 3.2.45.3275 Description A Search Order Hijacking issue exists in Yandex Disk on MacOS due to an uncontrolled search path element. This allows for exploitation of the system. Recommendations Update Yandex Disk to...

CyberSleuth: Autonomous Blue-Team LLM Agent for Web Attack Forensics

Large Language Model LLM agents are powerful tools for automating complex tasks. In cybersecurity, researchers have primarily explored their use in red-team operations such as vulnerability discovery and penetration tests. Defensive uses for incident response and forensics have received...

ScamAgents: How AI Agents Can Simulate Human-Level Scam Calls

Large Language Models LLMs have demonstrated impressive fluency and reasoning capabilities, but their potential for misuse has raised growing concern. In this paper, we present ScamAgent, an autonomous multi-turn agent built on top of LLMs, capable of generating highly realistic scam call scripts...

AI Agent Smart Contract Exploit Generation

We present A1, an agentic execution driven system that transforms any LLM into an end-to-end exploit generator. A1 has no hand-crafted heuristics and provides the agent with six domain-specific tools that enable autonomous vulnerability discovery. The agent can flexibly leverage these tools to...