While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn’t always the most efficient — and least noisy — way to get the LLM to do bad things. That’s why malicious actors have been turning to indirect prompt injection attacks on LLMs. The post Indirect…
Category: AppSec & Supply Chain Security
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
MIT researchers look to tame AI code with new controls
Despite the risks associated with artificial intelligence (AI) coding, developers remain enthusiastic, using it to keep up with the demand for delivery software at speed. A recent GitHub survey found that 92% of U.S.-based developers are using AI coding regularly. But while many developers are using AI to assist them in writing code, they seem…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
The race to secure the AI/ML supply chain is on — get out front
The explosive growth in the use of generative artificial intelligence (gen AI) has overwhelmed enterprise IT teams. To keep up with the demand for new AI-based features in software — and to deliver software faster in general — development teams have embraced machine learning-based AI coding tools. The post The race to secure the AI/ML…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
CVEs lose relevance: Get proactive — and think beyond vulnerabilities
Application security (AppSec) would not have existed for the past 25 years without the Common Vulnerabilities and Exposures (CVEs), the numbering system used for identifying discovered vulnerabilities in software. After the creation and adoption of the system in 1999, major companies such as Microsoft quickly began contributing CVE discoveries, using the Common Vulnerability Scoring System…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
OpenSSF guidelines encourage OSS developers to build securely
Developers have always had a conflicted relationship with security. While they don’t want to produce software with security flaws, they don’t want to be security experts either. With that in mind, the Open Source Security Foundation (OpenSSF) has released the Open Source Project Security Baseline. The post OpenSSF guidelines encourage OSS developers to build securely…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
CISO survey: 6 lessons to boost third-party cyber-risk management
Third-party cybersecurity incidents are on the rise, but organizations face challenges in mitigating risks arising for the software supply chain, a survey of 200 chief information security officers (CISOs) has found. The post CISO survey: 6 lessons to boost third-party cyber-risk management appeared first on Security Boulevard.
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
The cybersecurity ‘fog of war’: How to apply data science to cut through
One of the biggest problems cybersecurity teams face is the overwhelming uncertainty of situations as cyberattacks unfold. It’s hard to know what mitigations to work on first, which systems are most likely to risk business loss as threat rapidly moves across a network — and how to fix root problems as responders dig into an…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
7 container security best practices
Properly securing containers has never been easy, but the rise of software supply chain attacks — and new threats coming from AI — makes additional security controls essential. Threats and risks must be identified and addressed before containers are deployed, of course, but because the size and complexity of these virtual, self-contained software applications can…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
Agentic AI and software development: Here’s how to get ahead of rising risk
As technology leadership pushes ever harder to deeply embed AI agents into software development lifecycles — in some cases, even using agentic AI to replace midlevel developers — application security (AppSec) is about to go from complex to a lot more complicated. The post Agentic AI and software development: Here’s how to get ahead of…
AppSec & Supply Chain Security, Artificial Intelligence (AI)/Machine Learning (ML), Global Security News, Security Bloggers Network
The OWASP NHI Top 10 and AI risk: What you need to know
Identity management has long been a pillar of any sound cybersecurity program, ensuring that only authorized persons and machines have access to specific data and systems. Today, the rapid adoption of artificial intelligence (AI) is making it much more complicated to manage the identities of machines, making the appearance of the OWASP Non-Human Identities Top…
AppSec & Supply Chain Security, Global Security News, Governance, Risk & Compliance, Security Bloggers Network, security operations
AI is a double-edged sword: Why you need new controls to manage risk
As with just about every part of business today, cybersecurity has been awash in the promises of what AI can do for its tools and processes. In fact, cybersecurity vendors have touted the power of algorithmic detection and response for years. The post AI is a double-edged sword: Why you need new controls to manage…
AppSec & Supply Chain Security, Global Security News, Security Bloggers Network
Census III study spotlights ongoing open-source software security challenges
Backward incompatibilities, the lack of standard schemas for components, and projects staffed by too few developers are just some of the risks threatening the security of free and open-source software (FOSS), a study released by the Linux Foundation, the Open Source Security Foundation (OpenSSF), and Harvard University has found. The post Census III study spotlights ongoing…