snyk-agentic-appsec-poc

Snyk Agentic AppSec POC Proof of concept demonstrating autono...

sec-recon-agent

sec-recon-agent Type-safe security triage built on Pydantic A...

Lightweight Vulnerability Detection from Code Metrics and Token Features

Vulnerability detection for C/C++ code increasingly relies on heavy representations such as code graphs and deep models, while many practical workflows still benefit from fast and reproducible ranking baselines for human triage. This preprint studies a lightweight function-level vulnerability...

The Increasing Role of AI in Vulnerability Research

At Wordfence, we run a bug bounty program that pays out mid-six figures per year to researchers in bug bounties for WordPress related vulnerabilities. Funding this research helps us improve security for the WordPress community overall, and helps us secure our customers by rolling out protection f...

Red-Teaming Claude Opus and ChatGPT-Based Security Advisors for Trusted Execution Environments

Trusted Execution Environments TEEs e.g., Intel SGX and ArmTrustZone aim to protect sensitive computation from a compromised operating system, yet real deployments remain vulnerable to microarchitectural leakage, side-channel attacks, and fault injection. In parallel, security teams increasingly...

AXE: An Agentic EXploit Engine for Confirming Zero-Day Vulnerability Reports

Vulnerability detection tools are widely adopted in software projects, yet they often overwhelm maintainers with false positives and non-actionable reports. Automated exploitation systems can help validate these reports; however, existing approaches typically operate in isolation from detection...

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent

Triaging security alerts is often very repetitive because false positives are caused by patterns that are obvious to a human auditor but difficult to encode as a formal code pattern. But large language models LLMs excel at matching the fuzzy patterns that traditional tools struggle with, so we at...

Prompting the Priorities: A First Look at Evaluating LLMs for Vulnerability Triage and Prioritization

Security analysts face increasing pressure to triage large and complex vulnerability backlogs. Large Language Models LLMs offer a potential aid by automating parts of the interpretation process. We evaluate four models ChatGPT, Claude, Gemini, and DeepSeek across twelve prompting techniques to...

Synergizing Static Analysis with Large Language Models for Vulnerability Discovery and Beyond

This report examines the synergy between Large Language Models LLMs and Static Application Security Testing SAST to improve vulnerability discovery. Traditional SAST tools, while effective for proactive security, are limited by high false-positive rates and a lack of contextual understanding...

New Research: Optimizing DAST Vulnerability Triage with Deep Learning

On November 11th 2022, Rapid7 will for the first time publish and present state-of-the-art machine learning ML research at AISec, the leading venue for AI/ML cybersecurity innovations. Led by Dr. Stuart Millar, Senior Data Scientist, Rapid7's multi-disciplinary ML group has designed a novel deep...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

A proactive approach to more secure code

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre MSRC has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019...

DLL の植え付けの脆弱性のトリアージ

本記事は、Security Research & Defense のブログ “Triaging a DLL planting vulnerability” 2018 年 4 月...