security

The historic go-to solution for network booting is PXE. PXE is based on DHCP and TFTP. It is tricky to correctly configure, even trickier to make it highly available and good luck with the security with this clear-text unsigned protocol. The modern web has long standardized on HTTPS with TLS certificates for server authentication, integrity and confidentiality. Moreover, highly available setups a…

Security Groups vs NACLs Explained for Beginners In the previous articles, we learned about: VPC Subnets Internet Gateway Route Tables These components help AWS resources communicate with each other and with the internet. But there is still one important question: Even if a server is reachable, should everyone be allowed to access it? The answer is No . We need security controls that decide: Who …

Published on : 2026-06-06 Reading time : 8 min Tags : #security #python #audit #devops Overview Over 3 months, I developed and audited 6 Python projects (3 bots + 3 libraries): a FastAPI + Telegram Bot + LLM integration system. I discovered 25 security/code issues and fixed 23 immediately. Audit scope : 91 Python files Issues found : 25 (5 critical, 18 medium, 2 minor) Fix rate : 92% (23/25) Crit…

This post demonstrates how to implement Open Authorization (OAuth) Code flow as an inbound authorization mechanism for MCP servers hosted on Amazon Bedrock AgentCore Gateway. By the end of this guide, you will have a production-ready setup where each AI assistant request is authenticated with a valid user identity token issued from your organization’s identity provider.

How gVisor-powered sandbox isolates AI-generated code at the kernel level and why it changes everything for multi-tenant agentic systems. In this article we are going discuss on below points The problem with AI agents writing code What is GKE Agent Sandbox? How gVisor intercepts the kernel Architecture deep dive Setting it up: step by step Production patterns Conclusion There's a moment every eng…

The interesting result isn't who won. It's that across four security domains, Claude and Gemini missed the same hardening steps — and if you've shipped AI-generated auth middleware this year, your code almost certainly has the same gaps, and your review didn't catch them either. For the record, the scoreboard: one Gemini win, two ties, one split — a statistical dead heat. That's the last time the…

Published on May 25, 2026 10:01 AM GMT TL;DR: Applications are now open for the Secure Program Synthesis Fellowship , powered by Apart Research and Atlas computing . Apply by Sunday the 31st of May . This fellowship offers part-time research opportunities on mentor-led projects at the intersection of formal methods, AI systems, and security . Participants work in small teams to tackle challenging…

标题 API Security in 2026: The Attacks That Are Destroying Production Systems 标签 security, api, webdev, programming, backend, devsecops 内容 API Security in 2026: The Real Attacks Destroying Production Systems Every week, another company announces a data breach. The attackers aren't using zero-days or sophisticated malware—they're exploiting the same API vulnerabilities that have existed for years. I…

This is a submission for the Google I/O 2026 Writing Challenge Everyone's excited about Gemini in Firebase. Almost nobody's talking about how to secure it. That's a problem. Firebase AI Logic lets you call Gemini directly from your client app—no backend server needed. That's powerful. It's also dangerous. The moment you put an AI endpoint on the internet, you've created an attack surface that mos…

AI Agents vs Smart Contracts: A New Security Paradigm In May 2026, AI agents are not just writing code — they're auditing it. And they're finding bugs that human auditors miss. The Reality of Smart Contract Security The Web3 bug bounty market exceeds $162 million in available rewards across hundreds of active programs in 2026. The biggest single bounty? Usual Protocol at $16,000,000 on Immunefi —…

I Built a GitHub App That Catches AI and Cloud Security Mistakes Automatically — In 4 Days, Zero Budget Twisted-Code'r Twisted-Code'r Twisted-Code'r Follow May 8 I Built a GitHub App That Catches AI and Cloud Security Mistakes Automatically — In 4 Days, Zero Budget # github # ai # security # cloud 1 reaction Comments Add Comment 3 min read

Practical API security guide covering OAuth 2.1 with PKCE, JWT signing and storage, authorization models, gateways, and testing tools.

End-to-end encrypted applications protect user data by ensuring that user secrets are only available on client devices. However, if a user loses all of their devices, they need a way to recover their data using only a short password. To realize a password-based secret recovery system resilient to brute-force attacks, prior works relied on secure hardware or a few non-colluding servers. In this w…

Block ciphers are versatile cryptographic ingredients that are used in a wide range of applications ranging from secure Internet communications to disk encryption. While post-quantum security of public-key cryptography has received significant attention, the case of symmetric-key cryptography (and block ciphers in particular) remains a largely unexplored topic. In this work, we set the foundation…

Implantable Medical Devices (IMDs) operate for decades in dynamic and adversarial environments, where device loss, backend compromise, and eventual post-explantation access are realistic long-term threats. Existing IMD security mechanisms largely focus on secure pairing and access control, but rely on long-lived secrets. As a result, a compromise occurring years after deployment can retroactively…

A drop in attacks in the Gulf of Guinea does not necessarily mean piracy has been resolved. Pirates have adapted their tactics, and the potential for resurgence remains high; this issue remains a critical security and development concern. It is not just a regional priority—it is an international imperative. The post Atlantic piracy, current threats, and maritime governance in the Gulf of Guinea a…

In computer science, the kernel is the soul of an operating system. Linux kernel is designed with very sound architectural knowledge of an Operating system. Linux has mostly three types of the kernel. They are the Monolithic kernel, Microkernel, and the hybrid kernel. Linux has the Monolithic kernel. A monolithic kernel is built for high […] The post How To Properly Secure sysctl in Linux: Securi…

New research proposes a novel data privacy preservation protocol for smart cities that leverages the security benefits of biometrics while maintaining energy efficiency. Biometric data, such as fingerprints or facial recognition, provides a unique identifier for user authentication. The protocol incorporates fuzzy commitment schemes, a cryptographic primitive well-suited for optics and photonics …

Security remains a popular research area in our conferences – MICRO-53 featured two sessions and eight papers dedicated to security. To contribute new ideas in this area, it is important for computer architects to keep up with recent developments in both architecture and security conferences. Our earlier blog post highlighted contributions from security conferences from […]

In an earlier blog post, we argued that computer architects working on security problems should follow security conferences. In this post, we highlight some of the recent results from this year’s events that may be of interest to our community. While security conferences encompass many topics and typically accept more papers than architecture conferences, several […]