AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols

AI agent protocols -- including MCP, A2A, ANP, and ACP -- enable autonomous agents to discover capabilities, delegate tasks, and compose services across trust boundaries. Despite massive deployment MCP alone has 97M+ monthly SDK downloads, no systematic security framework for these protocols...

When AI Accelerates Cloud Migrations, Don't Let Security Be an Afterthought

The era of on-premises infrastructure is quickly becoming a thing of the past, with research from Pluralsight showing that over 90% of organizations now leverage the cloud. What’s driving the even faster shift over the last few years? Consider AWS's foray into generative AI programs and agents fo...

Weblate: exposure of personal IP address via email.

The exposure of personal IP addresses through email messages has been identified as a potential security issue. Email messages can pass through multiple servers, which may store or record the content, including the user's IP address, even if the email is encrypted during transit. The user's IP...

How to deploy AI safely

In this blog you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer CISO for AI, Yonatan Zunger, about how to build a plan to deploy AI safely. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most importa...

LLM Agents Should Employ Security Principles

Large Language Model LLM agents show considerable promise for automating complex tasks using contextual reasoning; however, interactions involving multiple agents and the system's susceptibility to prompt injection and other forms of context manipulation introduce new vulnerabilities related to...

PT-2024-28227

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The issue is related to a vulnerability in the PeCoffLoaderRelocateImage function, which can cause memory corruption due to an overflow. This can be triggered via an adjacent network, potentiall...

Security above all else—expanding Microsoft’s Secure Future Initiative

Last November, we launched the Secure Future Initiative SFI to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to rapid...

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Today, CISA partnered with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish the Principles for Package Repository Securitylink is external framework. Recognizing the critical role package repositories play in securing open source software...

Top 10 challenges of building an in-house application security program

Building a successful application security program can be a daunting task, as it involves many different skill sets. Resource constraints, lack of expertise, and cultural resistance are among the many challenges preventing organizations from reaping the full benefits of an in-house AppSec program...

Keeping A Critical Eye on IoT Devices

Keeping a Critical Eye on IoT Devices By Sam Quinn · April 21, 2022 Trellix Labs is excited to announce the beginning of a new video series which captures one of our senior vulnerability researchers work on hacking an IoT device from beginning to end. This will conclude with the releasing of a ne...

The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know

Late last week, the Open Web Application Security Project OWASP released its top 10 list of critical web application security risks. The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on...

Principles of a Cloud Migration – Security, The W5H – Episode WHAT?

Teaching you to be a Natural Born Pillar! Last week, we took you through the “WHO” of securing a cloud migration here, detailing each of the roles involved with implementing a successful security practice during a cloud migration. Read: everyone. This week, I will be touching on the “WHAT” of...

ACSC Releases Fundamentals of Cross Domain Solutions

The Australian Cyber Security Centre ACSC has released a cybersecurity guide outlining the fundamentals of cross domain solution CDS technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The...

QSC18 Virtual Edition – Securing our Networks and Enabling the Digital Transformation: One App at a Time

Qualys Chairman and CEO Philippe Courtot set the tone for the company’s first virtual conference, the QSC18 Virtual Edition, with a call to the industry to re-invent security to protect digital transformation efforts. CIOs and CISOs can’t continue accumulating disparate, point solutions that are...

Threat Modeling, Legos and Dancing Babies

SAN FRANCISCO–The concept of threat modeling has evolved quite a lot in the last few years, moving from an activity that massive software companies such as Microsoft and Google use to anticipate and defend against potential threats to their products to something that many smaller organizations...