security

Published on May 25, 2026 10:01 AM GMT TL;DR: Applications are now open for the Secure Program Synthesis Fellowship , powered by Apart Research and Atlas computing . Apply by Sunday the 31st of May . This fellowship offers part-time research opportunities on mentor-led projects at the intersection of formal methods, AI systems, and security . Participants work in small teams to tackle challenging…

标题 API Security in 2026: The Attacks That Are Destroying Production Systems 标签 security, api, webdev, programming, backend, devsecops 内容 API Security in 2026: The Real Attacks Destroying Production Systems Every week, another company announces a data breach. The attackers aren't using zero-days or sophisticated malware—they're exploiting the same API vulnerabilities that have existed for years. I…

This is a submission for the Google I/O 2026 Writing Challenge Everyone's excited about Gemini in Firebase. Almost nobody's talking about how to secure it. That's a problem. Firebase AI Logic lets you call Gemini directly from your client app—no backend server needed. That's powerful. It's also dangerous. The moment you put an AI endpoint on the internet, you've created an attack surface that mos…

AI Agents vs Smart Contracts: A New Security Paradigm In May 2026, AI agents are not just writing code — they're auditing it. And they're finding bugs that human auditors miss. The Reality of Smart Contract Security The Web3 bug bounty market exceeds $162 million in available rewards across hundreds of active programs in 2026. The biggest single bounty? Usual Protocol at $16,000,000 on Immunefi —…

I Built a GitHub App That Catches AI and Cloud Security Mistakes Automatically — In 4 Days, Zero Budget Twisted-Code'r Twisted-Code'r Twisted-Code'r Follow May 8 I Built a GitHub App That Catches AI and Cloud Security Mistakes Automatically — In 4 Days, Zero Budget # github # ai # security # cloud 1 reaction Comments Add Comment 3 min read

Practical API security guide covering OAuth 2.1 with PKCE, JWT signing and storage, authorization models, gateways, and testing tools.

End-to-end encrypted applications protect user data by ensuring that user secrets are only available on client devices. However, if a user loses all of their devices, they need a way to recover their data using only a short password. To realize a password-based secret recovery system resilient to brute-force attacks, prior works relied on secure hardware or a few non-colluding servers. In this w…

Block ciphers are versatile cryptographic ingredients that are used in a wide range of applications ranging from secure Internet communications to disk encryption. While post-quantum security of public-key cryptography has received significant attention, the case of symmetric-key cryptography (and block ciphers in particular) remains a largely unexplored topic. In this work, we set the foundation…

Implantable Medical Devices (IMDs) operate for decades in dynamic and adversarial environments, where device loss, backend compromise, and eventual post-explantation access are realistic long-term threats. Existing IMD security mechanisms largely focus on secure pairing and access control, but rely on long-lived secrets. As a result, a compromise occurring years after deployment can retroactively…

A drop in attacks in the Gulf of Guinea does not necessarily mean piracy has been resolved. Pirates have adapted their tactics, and the potential for resurgence remains high; this issue remains a critical security and development concern. It is not just a regional priority—it is an international imperative. The post Atlantic piracy, current threats, and maritime governance in the Gulf of Guinea a…

In computer science, the kernel is the soul of an operating system. Linux kernel is designed with very sound architectural knowledge of an Operating system. Linux has mostly three types of the kernel. They are the Monolithic kernel, Microkernel, and the hybrid kernel. Linux has the Monolithic kernel. A monolithic kernel is built for high […] The post How To Properly Secure sysctl in Linux: Securi…

New research proposes a novel data privacy preservation protocol for smart cities that leverages the security benefits of biometrics while maintaining energy efficiency. Biometric data, such as fingerprints or facial recognition, provides a unique identifier for user authentication. The protocol incorporates fuzzy commitment schemes, a cryptographic primitive well-suited for optics and photonics …

Security remains a popular research area in our conferences – MICRO-53 featured two sessions and eight papers dedicated to security. To contribute new ideas in this area, it is important for computer architects to keep up with recent developments in both architecture and security conferences. Our earlier blog post highlighted contributions from security conferences from […]

In an earlier blog post, we argued that computer architects working on security problems should follow security conferences. In this post, we highlight some of the recent results from this year’s events that may be of interest to our community. While security conferences encompass many topics and typically accept more papers than architecture conferences, several […]

Security has recently emerged as a first-class design consideration and an active research area in computer architecture community, with most top-tier conferences dedicating one or more sessions to security topics. Best Paper Awards at two most recent MICRO conferences went to security papers. The purpose of this blog post is to help researchers who are […]

Jan Hoffmann Jan jennsbl Thu, 09/10/2015 - 18:57 Hoffmann Associate Professor 9105 Gates and Hillman Centers janh@andrew.cmu.edu (412) 268-6309 Computer Science Department Michael Stanley Programming Languages Formal Methods Security and Privacy Faculty Ethan Chu Nathan Glover My research mission is to discover beautiful mathematica…

Matt Fredrikson Matt jennsbl Sun, 08/23/2015 - 22:42 Fredrikson Associate Professor 2126 Mehrabian Collaborative Innovation Center mfredrik@andrew.cmu.edu Computer Science Department Programming Languages Formal Methods Security and Privacy Faculty Saranya Vijayakumar Andy Zou My research is directed at understanding fundamental security and privacy issue…

David Brumley David csdadmin Tue, 10/14/2014 - 09:01 Brumley Professor of ECE, Affiliated Faculty 2202 Mehrabian Collaborative Innovation Center dbrumley@andrew.cmu.edu (412) 268-3851 CIT - Electrical and Computer Engineering Computer Science Department: Affiliated Formal Methods Security Cryptography Security and Priv…

David Garlan David csdadmin Tue, 10/14/2014 - 09:01 Garlan Professor 420 TCS Hall dg4d@andrew.cmu.edu (412) 268-5056 Software And Societal Systems Department Computer Science Department http://www.cs.cmu.edu/~garlan Programming Languages Security Formal Methods Mobile and Pervasive Computing Securi…

Correction: the notion of tainted refers to sessions and not to adversaries. There was a small typo . (Thanks to Bogdan) The reading group of today has been driven by Bogdan and Marcel. In the first part of the presentation, Bogdan talked about security definitions on distance bounding protocols. These definition best fit to RFID authentication, and they are designed as countermeasures against ma…