4 matches found
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested mor...
Secure Coding with AI, from Creation to Inspection
While prior studies have explored security in code generated by ChatGPT and other Large Language Models, they were conducted in controlled experimental settings and did not use code generated or provided from actual developer interactions. This paper not only examines the security of code generat...
Trace Gadgets: Minimizing Code Context for Machine Learning-Based Vulnerability Prediction
As the number of web applications and API endpoints exposed to the Internet continues to grow, so does the number of exploitable vulnerabilities. Manually identifying such vulnerabilities is tedious. Meanwhile, static security scanners tend to produce many false positives. While machine...
Phish Swims Past Email Security with Milanote Pages
The Milanote app, billed as the “Evernote for creatives” by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways SEGs, researchers said. Milanote is a tool for organizing and collaborating on...