今日已更新 287 条资讯 | 累计 20259 条内容
关于我们

标签:#SEC

找到 672 篇相关文章

AI 资讯

Scankii: The First Static Security Scanner Built to Stop AI Agents from Leaking API Keys

Hey DevHunt community! 👋 I'm incredibly excited to launch Scankii! As developers, we are building more and more AI Agents using frameworks like LangChain, OpenHands, and AutoGen. The standard paradigm is giving these agents "skills" or "tools" — which are basically just Python functions combined with Natural Language instructions (prompts or docstrings). But here is the problem: Standard secret scanners (like GitLeaks or TruffleHog) are blind to AI-specific vulnerabilities. They only scan source code for hardcoded secrets. But what if your Python code securely loads an API key, and your English instructions accidentally trick the agent into printing that key to stdout? The agent framework captures that output, injects it into the LLM context window, and your secret is suddenly exposed. We call this Cross-Modal Leakage. Enter Scankii. 🛡️ Scankii solves this by analyzing the intersection of your Natural Language and your code. It uses a dual-engine pipeline (NL Semantic Analyzer + AST Syntax Analyzer) to track variable flows between your prompts and your code sinks. ✨ Core Features: Dual-Engine Scanning: Correlates English instructions with Python ASTs. Local-First & Fast: Your proprietary agent tools and code never leave your machine. CI/CD Ready: Outputs standard SARIF reports. Drop it into GitHub Actions or use it as a pre-commit hook. Framework Agnostic: Works with LangChain, AutoGen, CrewAI, MCP, or any custom python agent framework. I built Scankii to give developers peace of mind when scaling their agent toolchains. Security shouldn't be an afterthought when building autonomous systems. I would love for you to try it out on your agent repos, star the project, and leave any feedback or questions below! I'll be here all day answering them. 👇 GitHub Repository: https://github.com/ashp15205/scankii Installation: pip install scankii

2026-07-01 原文 →
AI 资讯

Your Git Commit History Is More Public Than You Think 🕵️‍♂️

In the open source world, we often say that "your code is your resume." However, what many developers forget is that every time they run a git push , they're handing over much more than just lines of code. They're delivering a permanent digital trail that can be tracked, analyzed, and used against them years later. This article is an educational guide about privacy in Git and how the metadata you generate every second can compromise your security and your professional future. The command that reveals your "naked identity" If you want to see exactly what you're sharing with the world, open your terminal in any repository and run the following command: git log --format = fuller Unlike the standard log, the fuller format breaks down the complete anatomy of your contributions. This is where most developers are shocked to see what they're actually leaking: 1. Name and Email (Direct Exposure) Git stores your user.name and user.email locally in every commit. This data: Is harvested by spam bots for marketing databases. Allows recruiters to map all your historical activity, even on projects you no longer represent. Exposes you to doxxing attacks if you contribute to controversial projects. 2. Dates and Timestamps (Time Analysis) Git not only saves the day, but also the exact second and time zone of the authorship and commit. This allows you to create an activity pattern : What time do you usually code? Are you working on personal projects during office hours? What geographical area are you actually in? 3. File Patterns and Metadata In addition to text, if you upload binaries (PDFs or images), these usually contain EXIF ​​metadata (GPS coordinates, camera model, etc.) that Git doesn't clean up by default. The Problem with "Permanent Logs" GitHub is, by design, an accountability platform, not a privacy one. Once a commit enters the public history, deleting it is extremely difficult and often pointless if the repository has already been cloned or indexed by third-party service

2026-07-01 原文 →
AI 资讯

Building a Fault-Tolerant File Storage over JPEG Images

TL;DR: The idea is to use a set of ordinary JPEG images as a distributed medium for an encrypted container. The data is split into redundant fragments and distributed across the images, allowing the container to be recovered even if some of the JPEG files are lost. We will not examine the code; instead, we will focus only on the general principle behind the approach. Where the idea came from Most steganographic systems follow a "one image — one file" model. If the image is lost or damaged, the embedded data is lost with it. The idea was to distribute the data container across multiple JPEG images while preserving the ability to recover the data even if some of those images are lost. I should point out right away that this is not steganography in the traditional sense. The additional data is written to JPEG images after the EOI ( End Of Image ) marker, where it can be easily detected by even the simplest analysis. The goal is not to completely hide the presence of the data, but to use ordinary JPEG images as a distributed medium for an encrypted container. At the same time, in everyday use the JPEG images remain fully functional, look like ordinary photographs, and do not attract attention. Even if the additional data is detected, it does not reveal whether it is an encrypted container, write artifacts, or simply an arbitrary sequence of bytes. Why JPEG First, JPEG is the most widely used image format. Photographs in this format naturally accumulate on computers and phones and are shared between people. Second, this format has one important property: a JPEG file ends with a special EOI marker. Everything written after it is ignored during image decoding, so the additional data does not affect how the image is displayed. This is the area we will use: JPEG JPEG Additional data EOI data │ │ │ ...░░░░░░░░░░░░░▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒ At first glance, the solution looks extremely simple: just split the encrypted container into fragments and write one fragment to the end of each JP

2026-07-01 原文 →
AI 资讯

Stop Letting AI Agents Raw-Dog Your Filesystem: Building SafeMCP

We need to have a serious talk about the Model Context Protocol. Everyone is losing their minds over "vibe coding" right now. You plug an MCP server into Cursor, Claude Code, or VS Code, tell the AI to fix a bug across three directories, and go grab a coffee while it spins up local servers, reads files, and executes terminal commands. It feels like absolute magic. But honestly? It's also completely terrifying. Maybe I’m just paranoid, but it seems like we’ve collectively skipped the part where we ask ourselves if giving a statistical text-prediction engine raw, unvetted access to our local machines is a good idea. Some security folks are already warning that we’re walking directly into a massive remote code execution crisis. Think about it. Most MCP servers run as local subprocesses. They inherit your exact user permissions. If you run your editor as an admin or with access to sensitive environment variables, so does the AI. And the real issue isn't that the AI will spontaneously turn evil. The issue is prompt injection. The Security Void in the Hype I spent some time looking through public MCP servers on GitHub recently, and the sheer lack of input validation is wild. Because developers are rushing to build cool tools, basic security hygiene has completely lagged behind. If an AI agent reads an untrusted string—like a malicious comment in a GitHub issue, an automated email, or a dirty record inside a database—it can easily be manipulated into executing an injection payload. The model doesn't know the difference between your system instructions and the data it's processing. It treats them exactly the same. What happens when a prompt injection tricks a standard filesystem MCP tool into looking for a file named ../../../../../../etc/passwd or pulling your private AWS keys? The tool just does it. It’s a classic path traversal vulnerability, except instead of a malicious hacker typing it into a web form, an automated agent is doing it because a piece of text told it to.

2026-07-01 原文 →
AI 资讯

Your OTP regex assumes six digits. Supabase magic links don't.

Sign-in worked flawlessly in dev. Then a real user pasted a real code and got "invalid format" — before the code ever reached Supabase. The credential was fine. My regex was wrong. Here's the one-line assumption that broke auth for every human who wasn't me. I run a Discord-native Company Brain. Teams /save docs and /ask grounded answers; access is gated by a magic-link claim that emails a one-time code. Standard GoTrue OTP flow. The client shows a box, you paste the code, the server verifies it. Boring — which is exactly what auth should be. The bug: a six-digit assumption in a validation guard The claim handler did a cheap client-side sanity check before calling verifyOtp : // The bug. Looks reasonable. Rejects every real code. const OTP = /^ \d{6} $/ ; function normalize ( input : string ): string { const code = input . trim (); if ( ! OTP . test ( code )) throw new Error ( " Enter the 6-digit code from your email. " ); return code ; } Every OTP tutorial uses \d{6} . Every code demo shows six digits. So I typed six digits into the test and it passed. In dev I was generating my own codes and never actually reading the email. Supabase's GoTrue emits an eight-digit code on this project. ^\d{6}$ rejects eight digits outright. The user's perfectly valid credential got thrown out by my own front door with a lie for an error message — "enter the 6-digit code" when the email plainly showed eight. Why it happens: OTP length is a setting, not a constant The length of a GoTrue email OTP is configurable — GOTRUE_MAILER_OTP_LENGTH (Dashboard → Authentication → Email). It defaults to six in many setups and to eight in others depending on when and how the project was provisioned. The number in the tutorial is that author's project setting , not a property of OTPs. Hardcoding 6 couples your client to a server config you don't control and might change. Bump the length for security later and every client silently starts rejecting valid codes. No error in your logs — the rejection

2026-07-01 原文 →
AI 资讯

Aikido buys Root to patch open source in place, without the upgrade dance

Every open-source CVE backlog has that one line item you keep sliding into next quarter. The library is a couple of majors behind, the upgrade breaks four services, and the fix upstream ships against a version you cannot ride to. So you file the ticket again. (Everyone's doing great, thanks for asking.) On June 30, Aikido Security said it had acquired Root, whose whole pitch is to make that ticket go away by another route: patch the vulnerability directly into the version already resolved by your build, and skip the upgrade entirely. Per The New Stack, the deal is worth $70 million, and Root's patching technology gets folded into a new Aikido product. Let me phrase what has just moved as plainly as I can. A vendor now edits open-source packages on your behalf and hands you back a version string upstream never shipped. If that sentence made you flinch, hold the flinch. It is doing useful work. The problem this is actually solving The dirty secret of dependency remediation is that a lot of "known" CVEs sit unfixed because remediating them means a version bump that carries breaking changes. You do not get a security patch for the 2.x line, you get a "fixed in 4.0" release note and a laugh track. Backporting the fix is the right operational move: keep the API surface, change only the vulnerable bytes. Linux distributions have done exactly this for decades. The reason your app team is not doing it too is that nobody has the muscle to maintain a patched fork of every transitive dependency in a lockfile. If Aikido now makes that muscle available to the average CI/CD owner, teams get a lever they simply did not have. That is the honest upside. Own it. Who is signing what, exactly Here is the part I care about, which is trust. When your build resolves a package by name and version, you rely on a chain: the registry answers, the digest matches what upstream published, the SBOM you generate downstream still refers back to that same identity. A backported build breaks that chai

2026-07-01 原文 →
AI 资讯

Privacy by design: what it is and how to apply it

"Privacy by design" is one of those phrases you read everywhere and rarely understand. It is often treated as a document to attach to a project, a box to tick before going live. In reality it is not a piece of paperwork: it is the way software is conceived and built from the very first line, so that it protects people's data without anyone having to remember to do so afterwards. What the GDPR actually says The principle is written plainly in Article 25 of the GDPR, which speaks of "data protection by design and by default". These are two distinct things. Protection by design concerns the choices made while the system is being built. Protection by default concerns how the system behaves the moment it is switched on, before anyone touches a single setting. The law does not mandate a specific technology. It asks for an outcome: that data protection be built into the system, proportionate to the risks, and not bolted on afterwards as a patch. It is a difference of substance, not of form. A well-designed system does not have to chase compliance: it already has it inside. It is not a document, it is an architecture The most common mistake is to reduce privacy by design to a file. A report is written, filed, and the building goes on exactly as before. But a PDF protects no data. What protects data are the technical decisions: what information is collected, where it is stored, who can see it, how long it stays, what happens when it is no longer needed. These decisions are made at design time, and changing them later costs far more than getting them right at the start. The principles, turned into concrete choices Privacy by design becomes useful only when it stops being a slogan and turns into a series of choices. Translated into practice, the principles sound like this. Minimisation. You collect only the data genuinely needed to deliver the service. A field you do not collect does not need protecting, cannot be lost in a breach, does not need keeping. The safest piece of da

2026-07-01 原文 →
AI 资讯

A Simple Way to Reduce the Grype Noise

Security Team: “I have a major Grype...with what I Syfted out of your provided image." Developer: “Well your Grype is slowing me down...let’s tone it down a notch.” While deploying bookstack into my local environment, this issue surfaced. It is true for many organizations today deploying images and packages in their environment. How can this noise fatigue in the software supply chain be remedied? Add a .gype.yaml file to the root directory of your project. This will allow grype to ignore certain CVE's that do not execute or pose a threat in your environment. The yaml config can be as simple as below: Linux Environment # grype.yaml ignore : - vulnerability : CVE-2026-32631 reason : " Platform-specific false positive. Git for Windows only; not applicable to this Linux-based image." - vulnerability : CVE-2016-2781 reason : " Chroot escape via ioctl. Containers rely on namespaces/cgroups, not chroot, so this path isn't exploitable here." OR # grype.yaml ignore : - vulnerability : CVE-2026-32631 - vulnerability : CVE-2016-2781 This will help developers and security engineers get along better. 😃 Grype config reference: https://oss.anchore.com/docs/reference/grype/configuration/

2026-07-01 原文 →
AI 资讯

A Prompt Is a Wish. A Tool Is a Law.

How I let non-engineers ship AI tools to production — and the boring infrastructure that made it safe. A product manager described a workflow in plain English — "every morning, pull yesterday's failed payments, group them by error code, and post a summary to our channel." Twenty minutes later it was running in production. She never opened an editor. She never saw a line of TypeScript. She talked to an agent, the agent wrote the code, and — once a human had reviewed the pull request — it shipped. That sentence should make you nervous. It made me nervous, and I'm the one who built the thing. The demo is "look, it wrote the code." The operation is "a marketer's tool now has a path to the payments database and nobody reviewed it." The interesting engineering isn't the part where an LLM writes code — that's the easy, demo-able part. It's the guardrails that decide whether the code it writes is allowed to exist. Here's the platform, and the five problems I had to solve to make it safe to hand to people who can't read the code that runs. The shape of the thing The platform is a place where anyone — engineers, PMs, designers, QA — can publish a reusable AI tool, and everyone else can use it. Write once, available to all. A few terms up front, because the whole design leans on them: MCP (Model Context Protocol) is a standard way for an AI client to discover and call your functions. The key detail: there's a step where the client asks the server "what tools do you have?" and the server answers with a list. Hold onto that — half the design hangs off that one list. Cloudflare Workers is code that runs on Cloudflare's servers at the network edge instead of your own. Durable Objects is per-session server-side storage that lives outside the model's context — the finite, token-costing window of everything the model can currently see. None of this is exotic; what matters is where each piece of state lives. Under the hood it's three small Workers speaking MCP: a gateway (auth, routin

2026-06-30 原文 →
AI 资讯

Sycophancy in AI Is the Safety Problem That Looks Like Politeness

I corrected my AI system mid-task. A terse one-liner: "wrong." Instead of asking which part was wrong, it manufactured an explanation. It cited a rule number that didn't exist, described a limitation I'd never written, and apologized for a mistake it couldn't actually identify. The correction was real. The apology was fabricated. It was trying to agree with me so hard that it invented evidence to support the agreement. That's sycophancy in AI. And if you're running AI in anything that resembles production, it's already happening to you. What Is Sycophancy in AI? Sycophancy in AI is a systematic behavioral distortion where models produce outputs that match what the user wants to hear rather than what's accurate. It goes well beyond your chatbot saying "Great question!" before every response. The mechanism is straightforward. Modern language models are trained using Reinforcement Learning from Human Feedback (RLHF). Human evaluators rate model responses. Responses with higher ratings get reinforced. The problem: evaluators are human. They rate responses higher when those responses validate their existing beliefs, sound confident, and don't push back. Anthropic's research on sycophancy confirmed this across five state-of-the-art AI assistants, finding that both humans and preference models sometimes prefer convincingly written sycophantic responses over correct ones. The model learns a simple lesson. Agreeing is rewarded. Disagreeing is punished. Over thousands of training iterations, the model develops a tendency to mirror the user's position, soften objections, and present information in whatever framing the user seems to prefer. This is a structural incentive baked into the training process itself, not a bug in any individual model. Why It's More Than Annoying In a chatbot demo, sycophancy is a quirk. In production, it's a compounding failure mode. Here are four patterns I've observed running an AI operations system in daily production. They don't always happen in s

2026-06-30 原文 →
AI 资讯

The Hidden Cost of Free Online Image Compressors

I analyzed what happens when you upload a photo to 5 popular free image compression sites. The Test I uploaded a 4.2MB photo to each service and monitored network requests. Results: Service A : File sent to their CDN (AWS us-east-1). 12 analytics trackers fired simultaneously. Service B : File uploaded, but 5 minutes later a second request sent the file to a different domain. Service C : Cleanest of the five, but their privacy policy reserves the right to "use uploaded content to improve compression algorithms." Service D : 23 third-party scripts loaded on the page. Your image URL is accessible to all of them. Service E : Actually clean — only one request to their server for processing. Only one of five didn't leak data to third parties. One. The Alternative I built compress2png.com to test whether image compression could work without any server. Turns out Canvas API + clever JavaScript handles it: Resize images client-side before export Strip EXIF/metadata in the browser Convert to optimal formats based on content For format-specific needs, svg2png.org handles vector conversion and webp2png.io handles next-gen format conversion — all browser-local. Check the Network tab next time you use a "free" online tool. You might be surprised what you find.

2026-06-30 原文 →