safety-risk-reliability-and-quality

From the motivation-pattern-log — a public, dated, falsifiable prediction log for AI-era cybersecurity attack patterns grounded in motivation analysis. Predictions are scored quarterly against stated falsifiers. PREDICTION-20260525-0007 Created: 2026-05-25 Pattern: boredom-with-asymmetric-leverage Substrate: GitHub Actions workflow files ( .github/workflows/*.yml ) and the broader "CI/CD configur…

Nginx CVE-2026-9256, AI Prompt Injection Defenses, and Claude AI Data Leak Demo Today's Highlights Today's security highlights include a critical new vulnerability in Nginx's rewrite module, CVE-2026-9256, and crucial insights into AI agent security. We also cover practical techniques like credential brokering to prevent AI prompt injection and a live demo showcasing silent file theft from Claude…

The article highlights that Microsoft Copilot Cowork is vulnerable to file exfiltration through indirect prompt injection attacks. Attackers can exploit processes that permit agents to operate and access sensitive data via Teams, emails, and shared platforms without immediate user approval. This poses a significant risk when users upload files or interact with compromised content, potentially ena…

Skip to: Results Table | eslint-plugin-security | SonarJS | Microsoft SDL | Interlace | Methodology This is the false-positive deep dive companion to I Benchmarked 17 ESLint Security Plugins . That overview ranks plugins by recall; this one drills into the FP code samples that drive alert fatigue. TL;DR I built a comprehensive benchmark with 40 vulnerable code patterns across 14 security categori…

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure …

Prompt injection doesn't get enough attention. SQL injection has decades of tooling and parameterized queries behind it. Prompt injection is maybe three years old as a documented attack class and most LLM-integrated apps are still wide open to it. The basic attack is disarmingly simple: instead of querying an LLM normally, an attacker embeds instructions inside the input that override the system …

As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.

A full technical audit of a coordinated follower inflation network — methodology, findings, and a detection rule simple enough to run in one query. On May 19, 2026, I published "Found a Coordinated GitHub Follow Botnet" — a piece documenting a coordinated follower inflation network on GitHub. The next day, my DEV.to follower count started climbing. Fast. Date New Followers May 19 75 May 20 288 Ma…

I'm offering 5 free 20-minute security audits for SaaS founders this month - no pitch attached. Background : I've spent a decade in cybersecurity and built a security monitoring tool for solo founders and small SaaS teams. I want to talk to more founders in this position - even ones who'll never use my product - so I'm offering 5 free audits this month. What you get: I run a passive security scan…

Operational Technology (OT) is experiencing one of the most remarkable shifts in its history as increased OT and Information Technology (IT) systems converge to form unified, intelligent systems. The aim of this review article is to look at the most important technology trends that are currently changing the OT landscape and consider the impact of these on architecture, operation, and security fo…

International audience

International audience

International audience

Forthcoming/in press

6G paradigm enables massive network slicing for pervasive digitization across vertical industries, demanding scalable,sustainable, AI-driven zero-touch automation, particularly under non-IID conditions in live networks. This work introducesa cloud-native service-level agreement (SLA)-driven stochastic policy to guarantee a scalable and fast operation of constrainedfederated learning (FL)-based an…

With the increasing deployment of Reinforcement Learning (RL) for network optimization at the edge of wirelessnetworks, the RL workload emerges as a significant challenge. While the placement of general Machine Learning workloadsacross the cloud–edge continuum has been widely studied, existing solutions typically exclude RL techniques due to theirdistinct structure and operational requirements. I…

Sixth-generation (6G) wireless networks are expected to meet all the demands of the next decade, a feasibility that is onlypossible with advances in network design and management. This paper first proposes a unified resource management framework for a 6G-based network architecture that includes an Open Radio Access Network (O-RAN) deployment and then defines a hierarchical network energy control …

International audience