Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver

Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the...

SEED: Semi-Supervised Continual MalwarE Detection for Tackling ConcEpt Drift on a BuDget

Machine learning based malware detectors become obsolete over time due to concept drift in benign and malware applications. Recent methods rely on fully labeled data and use hierarchical contrastive loss HCL with active learning to improve robustness against drift by exploiting semantic structure...

Reconstruction of Personally Identifiable Information from Supervised Finetuned Models

Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...

AgentShield: Deception-Based Compromise Detection for Tool-Using LLM Agents

Defenses against indirect prompt injection IPI in tool-using LLM agents share two structural weaknesses. First, they all attempt to prevent attacks rather than detect the compromises that slip through. Second, they have only been evaluated in English, leaving users of low-resource languages such ...

Evaluating Tabular Representation Learning for Network Intrusion Detection

Classic Network Intrusion Detection Systems NIDS often rely on manual feature engineering to extract meaningful patterns from network traffic data. However, this approach requires domain expertise and runs counter to the widely adopted principle of modern machine learning and neural networks: tha...

Phishing Detection in Ethereum Via Temporal Graph Contrastive Learning

Blockchain and decentralized finance have revolutionized the financial ecosystem while simultaneously exposing it to cryptocurrency phishing attacks. Existing phishing detection methods primarily rely on graph learning, but they face significant limitations. Static graph learning approaches fail ...

XekRung Technical Report

We present XekRung, a frontier large language model for cybersecurity, designed to provide comprehensive security capabilities. To achieve this, we develop diverse data synthesis pipelines tailored to the cybersecurity domain, enabling the scalable construction of high-quality training data and...

Label-Efficient Training Updates for Malware Detection over Time

Machine Learning ML-based detectors are becoming essential to counter the proliferation of malware. However, common ML algorithms are not designed to cope with the dynamic nature of real-world settings, where both legitimate and malicious software evolve. This distribution drift causes models...

RadEar: A Self-Supervised RF Backscatter System for Voice Eavesdropping and Separation

Eavesdropping on voice conversations presents a growing threat to personal privacy and information security. In this paper, we present RadEar, a novel RF backscatter-based system designed to enable covert voice eavesdropping through walls. RadEar consists of two key components: i a batteryless RF...

6 Ways Agentic AI Changes How Systems Act and Adapt

Learn how agentic AI changes system behavior in production environments through supervised fine-tuning, structured oversight, and lifecycle governance to improve reliability, manage risk, and support accountable deployment...

ThreatFormer-IDS: Robust Transformer Intrusion Detection with Zero-Day Generalization and Explainable Attribution

Intrusion detection in IoT and industrial networks requires models that can detect rare attacks at low false-positive rates while remaining reliable under evolving traffic and limited labels. Existing IDS solutions often report strong in-distribution accuracy, but they may degrade when evaluated ...

From SFT to RL: Demystifying the Post-Training Pipeline for LLM-Based Vulnerability Detection

The integration of LLMs into vulnerability detection VD has shifted the field toward interpretable and context-aware analysis. While post-training methods have shown promise in general coding tasks, their systematic application to VD remains underexplored. In this paper, we present the first...

Exploring Semantic Labeling Strategies for Third-Party Cybersecurity Risk Assessment Questionnaires

Third-Party Risk Assessment TPRA is a core cybersecurity practice for evaluating suppliers against standards such as ISO/IEC 27001 and NIST. TPRA questionnaires are typically drawn from large repositories of security and compliance questions, yet tailoring assessments to organizational needs...

AlertBERT: A Noise-Robust Alert Grouping Framework for Simultaneous Cyber Attacks

Automated detection of cyber attacks is a critical capability to counteract the growing volume and sophistication of cyber attacks. However, the high numbers of security alerts issued by intrusion detection systems lead to alert fatigue among analysts working in security operations centres SOC,...

HACK NDSU: A Real-World Event to Promote Student Interest in Cybersecurity

Hack NDSU let students scan, probe, and hack North Dakota State University's campus network, under professionals' supervision, providing an aspirational experience, potentially motivating them to enter the field. This paper provides a blueprint for educational hacking events against production...

Llama-3.1-FoundationAI-SecurityLLM-Reasoning-8B Technical Report

We present Foundation-Sec-8B-Reasoning, the first open-source native reasoning model for cybersecurity. Built upon our previously released Foundation-Sec-8B base model derived from Llama-3.1-8B-Base, the model is trained through a two-stage process combining supervised fine-tuning SFT and...

PrivFly: A Privacy-Preserving Self-Supervised Framework for Rare Attack Detection in IoFT

The Internet of Flying Things IoFT plays a vital role in modern applications such as aerial surveillance and smart mobility. However, it remains highly vulnerable to cyberattacks that threaten the confidentiality, integrity, and availability of sensitive data. Developing effective intrusion...

Predicting Tail-Risk Escalation in IDS Alert Time Series

Network defenders face a steady stream of attacks, observed as raw Intrusion Detection System IDS alerts. The sheer volume of alerts demands prioritization, typically based on high-level risk classifications. This work expands the scope of risk measurement by examining alerts not only through the...

An Empirical Evaluation of LLM-Based Approaches for Code Vulnerability Detection: RAG, SFT, and Dual-Agent Systems

The rapid advancement of Large Language Models LLMs presents new opportunities for automated software vulnerability detection, a crucial task in securing modern codebases. This paper presents a comparative study on the effectiveness of LLM-based techniques for detecting software vulnerabilities...

A Comprehensive Study of Supervised Machine Learning Models for Zero-Day Attack Detection: Analyzing Performance on Imbalanced Data

Among the various types of cyberattacks, identifying zero-day attacks is problematic because they are unknown to security systems as their pattern and characteristics do not match known blacklisted attacks. There are many Machine Learning ML models designed to analyze and detect network attacks,...