AI 资讯
OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos
Amid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet” initiative to fix open-source software bugs.
AI 资讯
Why I Log response.model on Every Claude Call (and You Should Too)
It is a one-line habit that has saved me more debugging time than any clever abstraction: I log which model actually answered every Claude request. Not which model I asked for. Which one responded. In 2026, with model fallbacks, fast-changing model strings, and routing logic, those are not always the same thing. Here is why the gap exists and what it has caught. The request model and the response model can differ You send model: "claude-fable-5" . You assume Fable 5 answered. But the response object tells you what actually served the request: const response = await client . messages . create ({ model : " claude-fable-5 " , max_tokens : 16000 , thinking : { type : " adaptive " }, messages : [{ role : " user " , content : prompt }], }); console . log ( " requested fable-5, served: " , response . model ); Most of the time they match. The interesting cases are when they do not. The Fable 5 safeguard fallback The reason this matters most in 2026 is Fable 5's safeguards. Fable 5 has hard guardrails in cybersecurity, biology, chemistry, and health. If your prompt trips one, the request does not just refuse. It silently falls back to Opus 4.8 to produce a safe answer. For my security work, this is a sharp edge. I run contract-analysis prompts that can look adversarial to a safeguard. If one trips, I am quietly getting Opus 4.8 output while believing I am getting Fable-tier reasoning. The quality difference on a hard audit is exactly the thing I paid double for, and it vanished without an error. The only way to know is to read response.model : if ( ! response . model . startsWith ( " claude-fable-5 " )) { logger . warn ( { requested : " claude-fable-5 " , served : response . model }, " Fable 5 request fell back, likely a safeguard trip " , ); } Without that log, a fallback is invisible until I notice the analysis got worse and have no idea why. Routing logic and config drift The other source of the gap is my own code. I have routing that picks a model based on task type and
AI 资讯
Azure Key Vault: Where Every Secret in This Blog Actually Lives
I have written some version of "never hardcode secrets, store them in Key Vault instead" in at least five of my last nine posts on this blog. I never actually stopped to explain what that means in practice. This post fixes that, using the real secrets this very blog depends on: a database connection string, an admin panel password, and a set of GitHub deployment credentials. What Azure Key Vault Actually Is Azure Key Vault is a managed service for storing secrets, encryption keys, and certificates securely in the cloud. Instead of a password sitting in a configuration file or a public GitHub repository where anyone with read access can see it, the password lives in Key Vault - encrypted, access-controlled, and logged every single time it is read. Picture your code as a house with see-through walls - anyone looking at the repository can see everything inside, including any password left lying on the kitchen table. Key Vault is a bank vault a few streets away. Your code does not hold the password directly; it holds a key card that lets it walk over and request the password at the exact moment it is needed. Lose the key card, and you still cannot get into the vault without proper identity verification on top of it. Three Things Key Vault Stores Secrets are plain string values - passwords, connection strings, API keys, tokens. Keys are cryptographic keys used for encrypting and decrypting data, or for signing and verifying it. Certificates are X.509 certificates used for TLS or client authentication between services. Most applications, including this one, primarily use the Secrets feature. An Honest Admission About TechStackBlog's Own Setup This blog does not actually use Key Vault directly today. The database password lives in Azure App Service Configuration. The admin panel password and deployment credentials live in GitHub Secrets. For a single-application personal project, this is a perfectly reasonable and secure setup. Key Vault earns its place once you have multi
AI 资讯
AI found 300 WordPress plugin zero-days in 72 hours. I build plugins. Here's what changed for me.
Before I released my own AI chatbot plugin, I ran it through a security review. It came back with 35...
安全
Klue hack results in data breach at several cybersecurity firms
Huntress, HackerOne, Jamf, Recorded Future, and Tanium are among the cybersecurity companies that had data stolen following an earlier breach at market research firm Klue.
AI 资讯
88% of orgs hit an AI agent security incident — and half their agents run with no boundaries. That's an architecture problem.
A stat from 2026 that should stop you cold: 88% of organizations reported a confirmed or suspected AI agent security incident in the past year (92.7% in healthcare). And more than half of all agents run with no security oversight and no logging — naked. The problem isn't that the AI isn't smart enough. It's that almost nobody welded boundaries around it. And boundaries are exactly where rigor lives. The incident list: speed flooring it, boundaries naked The last couple of weeks of security signals line up scarily well: 88% of orgs reported confirmed/suspected AI agent incidents in the past year; healthcare 92.7% ; over half of agents have no security oversight or logging. Supply chain is the front door. A plugin-ecosystem supply-chain attack harvested agent credentials from 47 enterprise deployments ; attackers used them to reach customer data, financial records, and proprietary code — undetected for six months. A public skills marketplace at one point hosted 824 of 10,700 malicious "skills." Config is an attack surface. Check Point disclosed remote code execution in a popular coding agent via poisoned repository config files ; MCP (Model Context Protocol) is the connective tissue across nearly every incident this year — poisoned configs, malicious marketplace skills, unauthenticated exposed MCP servers. By early 2026, at least ten public incidents across six major AI coding tools were attributed to " agents acting with insufficient boundaries. " The industry's own summary: AI agent security in 2026 is a supply chain problem first, a prompt-injection problem second. And every one of these shares a single root cause — the agent can act, but there's no architectural boundary on what it can touch, change, or call. Why "naked" is inevitable: bolt-on boundaries always leak Why do half the agents run with no oversight? Because in the mainstream approach, boundaries are bolt-ons : an allow-list here, a gateway there, logs you read after the fact. The trouble: The tools an
AI 资讯
Podcast: How eBPF Empowers Developers to Observe Inside the Linux Kernel in a Safe and Unintrusive Way
Dan Fineran explores how eBPF has evolved far beyond its roots in packet filtering into a robust, safe way to extend the Linux kernel. He explains how the eBPF "verifier", the security guardrail, enables implementation of deep observability and networking without the risks of traditional kernel modules or the slow upstreaming process. By Dan Fineran
AI 资讯
Article: Understanding ML Model Poisoning: How It Happens and How to Detect It
In this article, the author explores data poisoning as a threat to machine learning systems, covering techniques such as label flipping, backdoors, clean-label poisoning, and gradient manipulation. The article reviews real-world incidents, discusses the challenges of detecting poisoned data, and presents practical defenses, tools, and operational practices for securing ML training pipelines. By Igor Maljkovic
AI 资讯
Daybreak: Tools for securing every organization in the world
OpenAI introduces new Daybreak tools, including Codex Security and GPT-5.5-Cyber, to help organizations find, validate, and patch vulnerabilities at scale.
AI 资讯
Patch the Planet: a Daybreak initiative to support open source maintainers
OpenAI introduces Patch the Planet, a Daybreak initiative helping open-source maintainers find, validate, and fix vulnerabilities with AI and expert review.
AI 资讯
World Cup Scams Are Getting Harder to Spot
From fake tickets to cloned websites, AI is magnifying World Cup scams. Can fans distinguish between what’s real and what’s not?
AI 资讯
Non-Human Identities: The Silent Attack Surface No One Is Monitoring
Most organizations know exactly how many employees they have. Far fewer know how many non-human identities currently have access to their cloud environment. That blind spot is becoming one of the fastest-growing attack surfaces in modern security. For years, enterprise security focused primarily on protecting human identities. We deployed Single Sign-On (SSO), enforced Multi-Factor Authentication (MFA), and implemented Conditional Access policies. And it worked — human identities have become significantly harder to compromise. Meanwhile, another class of identities has quietly exploded across cloud environments: service principals, workload identities, OAuth applications, CI/CD runners, and AI service roles. Today, these Non-Human Identities (NHIs) often outnumber human users by a factor of 10 to 50. As organizations accelerate cloud adoption and integrate AI into daily operations, this imbalance continues to grow. Defining the Non-Human Identity Landscape Unlike human users, machine identities rarely appear in HR systems or organizational charts. Yet they frequently hold some of the most privileged access in the environment. Common high-risk categories include: OAuth Applications and Third-Party Integrations — Apps granted broad access to Microsoft 365, Salesforce, Google Workspace, or Slack via delegated permissions. Service Principals and Managed Identities — AWS IAM roles, Azure Managed Identities, and GCP service accounts used by Lambda functions, EC2 instances, or Bedrock agents. Workload Identities — Kubernetes Service Accounts (e.g., Amazon EKS) and GitHub Actions OIDC roles. CI/CD Pipeline Identities — Tokens used by automation platforms to deploy infrastructure. AI Service Roles — Dedicated identities for Amazon Bedrock agents, model invocation, vector stores, and retrieval pipelines. Every new AI workflow creates additional machine identities. Why Attackers Are Targeting NHIs Attackers follow the path of least resistance. While human accounts are now heav
AI 资讯
Defender flujos de agentes contra el OWASP LLM Top 10
Corro varios agentes respaldados por Bedrock en producción: análisis de documentos, emparejamiento de contenido, búsqueda en registros, búsqueda semántica. Esta es una pasada honesta sobre el OWASP Top 10 para aplicaciones LLM desde el lado de la implementación : el código de verdad que defiende cada riesgo y, igual de importante, las categorías donde mi respuesta es "parcial" o "todavía no". Primero el modelo de amenazas Un flujo de agentes es un pipeline: entrada no confiable → prompt → modelo → parseo → actuar. Cada flecha es una superficie de ataque. Antes de cualquier control, la pregunta más útil que me hice fue esta: ¿qué puede HACER de verdad un agente si el modelo está completamente manipulado? Mi respuesta dio forma a todo lo de abajo. Los agentes son mayormente-de-lectura : llaman a un modelo, leen filas acotadas de la base de datos, y escriben resultados de análisis con llave del usuario que pide. Sin shell, sin SQL arbitrario, sin llamada a herramientas. El radio de impacto es chico por construcción, que es el control más barato que existe. TL;DR, estatus honesto OWASP LLM Mi estatus El control LLM10 Consumo sin límite Fuerte Límite de tasa + cortacircuitos de costo mensual + topes de tokens por modelo LLM06 Agencia excesiva Fuerte (por diseño) Sin llamada a herramientas; mayormente-de-lectura; escrituras acotadas a quien llama LLM01 Inyección de prompt Parcial Contenido del usuario enmarcado como DATOS (delimitadores + preámbulo anti-inyección) LLM02 Divulgación de info sensible Parcial Limpieza de PII por regex antes del modelo; exclusiones auditadas LLM05 Manejo inadecuado de salida Parcial Validación de esquema + chequeos de fundamentación + sanear-antes-de-renderizar LLM07 Fuga del system prompt Parcial Registro versionado de prompts + regla anti-eco LLM08 Vector/Embedding N/A (todavía no construido) (nada) AuthN/Z + interruptor de apagado Fuerte Llave interna, gateo por cuota/gama, deshabilitado por agente LLM10 Consumo sin límite: empieza aquí, e
AI 资讯
container escape is becoming an agent workload
The scary part of an agent-driven container escape is not the container escape. That sounds wrong, so let me be precise. The primitives in Sysdig's latest threat research are not new magic. A mounted Docker socket has been a bad idea for years. Over-permissioned Kubernetes service accounts have been a bad idea for years. Privileged containers are dangerous. Host namespace tricks are dangerous. Secrets reachable from application pods are dangerous. None of this should surprise anyone who has had to review production Kubernetes setups with a straight face. The new part is the operator. Sysdig observed what it describes as an LLM-harness-driven attacker exploiting a vulnerable marimo notebook, enumerating the container and host environment, using the Docker socket as an escape path, creating privileged containers, reading host credentials, and replaying a Kubernetes service-account token to dump Secrets. That is the part worth sitting with. Not because the agent invented a new class of exploit. Because it made the old mistakes compose faster. the attack surface was already there Most security incidents are not movie plots. They are boring edges left open long enough for someone to connect them. In this case, the edges are familiar. An internet-reachable application had a vulnerability. The workload had access to a Docker socket. The container environment exposed enough information to enumerate possible escape paths. A Kubernetes service-account token was available. The token had enough RBAC to read Secrets. Secrets contained useful downstream credentials. That is not one bug. That is a chain of assumptions. The application team may have thought about the notebook vulnerability. The platform team may have thought about the Docker socket as a convenience for one workflow. The Kubernetes team may have thought the service account was scoped "only" to a namespace. The security team may have had runtime alerts somewhere in the backlog. Each decision can look locally tolerabl
AI 资讯
Stop Pasting Sensitive Data into Random Websites: Meet Parsify 🛡️
Hey DEV community! 👋 How many times a day do you need to format a messy JSON string, convert a CSV file, or parse a timestamp? And how many times do you find yourself pasting that data—which might contain API keys, user emails, or proprietary code—into a random website you found on Google? We’ve all done it, but in an era of constant data leaks, it’s a massive security risk. That’s exactly why I built Parsify . What is Parsify? Parsify is an all-in-one data converter and developer toolset designed to handle your daily formatting, parsing, and data manipulation tasks completely offline and client-side. No servers, no tracking, and absolutely no data leaks. Everything happens right inside your browser sandbox. 🚀 Key Features 100% Secure & Offline: Your data never leaves your local machine. Once the page loads, you can literally pull your internet plug and it will still work perfectly. All-in-One Toolkit: No more bookmarking ten different sites for ten different tasks. From JSON formatting and base64 encoding to data conversions, it’s all under one roof. Built for Speed: A clean, lightning-fast UI with batch-processing support to keep your workflow uninterrupted. Privacy by Design: Zero tracking scripts, zero ads, and zero database logging. Why I Built It Most online utilities are bloated with tracking pixels, pop-up ads, and cookies. Worse, you have no idea what happens to the data you paste into their input fields. As a developer, I wanted a tool that felt like a local desktop app but possessed the accessibility of a web app. Parsify is the bridge. It gives you the convenience of a web utility with the strict security boundaries of local execution. Check It Out (It's Free!) If you’re tired of compromising on data privacy for quick utilities, give it a spin: 👉 parsify.tools I’m actively working on adding more tools and converters to the suite. I would absolutely love to get the DEV community's feedback! What converters or formatting utilities do you use daily that you
AI 资讯
Stop polling: real-time email and calendar webhooks with Nylas
If your integration polls Nylas every minute to check for new email, you're doing too much work and still getting stale data. Polling is a tax: you burn rate limit on requests that mostly return nothing, and a message that arrives at 12:00:05 doesn't reach your app until the next poll. Webhooks flip that around. Nylas pushes a notification to your endpoint the moment something happens — a message arrives, an event changes, a contact is created — and your app reacts in real time. This post walks the webhook surface from both sides: the HTTP API that registers and manages webhooks, and the Nylas CLI , which has genuinely useful tooling for the part everyone gets stuck on — verifying signatures and testing webhooks against local code. I work on the CLI, so the terminal commands below are the ones I run when I'm wiring up a webhook receiver. Triggers and destinations A webhook has two halves: the trigger types it listens for and the destination URL it pushes to. Trigger types are dotted event names like message.created , event.updated , and contact.created , grouped into categories — grant, message, thread, event, contact, calendar, folder, and notetaker. You subscribe one destination to as many triggers as you want. The CLI lists every available trigger so you don't have to guess the names: # All trigger types nylas webhook triggers # Only message-related triggers nylas webhook triggers --category message Webhooks are application-scoped, not grant-scoped: one webhook registered on your application receives notifications for every connected account, identified by the grant_id in each payload. See the notifications overview for the full event model. Before you begin You need a Nylas API key — webhook management is admin-level, so it uses the application's API key rather than a grant. You also need an HTTPS endpoint reachable from the public internet to receive the notifications. The CLI gets the key set up: nylas init # create an account, generate an API key For local de
AI 资讯
Precision Loss and Rounding Exploits in Financial Smart Contracts
A smart contract does not need an overflow, reentrancy bug, or broken access-control check to lose money. Sometimes, the exploit is hidden inside an ordinary division: uint256 result = amount * rate / SCALE; The expression looks harmless. It may even produce the expected answer in every unit test. But financial smart contracts operate with integer arithmetic. Fractions are discarded, rounding direction changes who receives value, and an error of one unit can be repeated across thousands of transactions. In a financial protocol, rounding is not merely a mathematical implementation detail. Rounding is a value-transfer policy. Every division should therefore answer three questions: Which direction does the calculation round? Which party benefits from that direction? Can the rounding advantage be repeated or amplified? This article examines the most dangerous precision problems in Solidity and the engineering patterns used to prevent them. Solidity Does Not Have Native Fixed-Point Arithmetic Most financial formulas use fractions: interest = principal × rate × time fee = amount × fee percentage shares = assets × total shares ÷ total assets collateral value = token amount × oracle price Solidity primarily performs these calculations with integers. For unsigned integers: uint256 result = 5 / 2; The result is: 2 The fractional component is discarded. For positive values, this behaves like rounding down: 2.5 → 2 This appears insignificant until the result represents: vault shares; debt; collateral; protocol fees; interest; rewards; liquidation bonuses; exchange rates; token prices. The lost fraction does not disappear economically. One party receives less value, while another party retains the remainder. Precision Loss Is Not Always Small Consider a protocol calculating a percentage: function calculateFee( uint256 amount, uint256 feeBps ) public pure returns (uint256) { return amount * feeBps / 10_000; } For a 0.3% fee: amount = 100 feeBps = 30 fee = 100 × 30 ÷ 10,000 fee =
AI 资讯
Why your monorepo audits are lying to you (and how to fix the rot)
We’ve all been there: running a dependency audit, seeing a tool report 100 "unused" files, and realizing with horror that half of those files are actually critical architectural hubs. Static analysis tools in the JavaScript ecosystem are historically built to be "safe"—they flag anything they cannot explicitly trace. But in a complex monorepo with circular dependencies, alias-heavy build tools like Vite, and custom workspace configurations, these tools often collapse. They stop auditing and start "pruning"—treating your architecture as a pile of junk to be deleted. Most tools rely on simple pattern matching or basic Abstract Syntax Tree (AST) walks. They struggle to build a true Control Flow Graph (CFG) or identify Strongly Connected Components (SCCs). When an engine encounters a cycle in a monorepo, it doesn't see a complex architectural component; it sees a disconnected node, labels it "orphaned," and suggests a deletion plan that would effectively brick your build. To audit an architecture correctly, you need to move beyond simple string resolution. You need deep AST and CFG parsing, utilizing high-performance parsers (like OXC) to map actual execution paths. You also need SCC analysis to detect circular dependency chains across package boundaries, coupled with worker-pool parallelization, because auditing 10,000 files in a monorepo shouldn't block the main process. By leveraging these core concepts, I developed entkapp to validate the structural integrity of a workspace. Consider this audit log from an intentionally broken repository: [Linker-DEBUG] Attempting to resolve package-a ... Resolved to: C:/.../package-a/index.js 🔄 Detecting circular dependencies... ⚠️ Detected 1 circular dependencies: Cycle #1: packages/package-a/index.js -> packages/package-a/index.js Here, the engine is forced to acknowledge the structural reality, not just the file list. It validates the boundary, identifies the cycle, and reports the smell without blindly nuking the project. The g
开发者
bcrypt and Laravel: 72 Bytes, Not 72 Characters
I expected bcrypt to silently drop characters past 72. I did not expect it to bake in half an emoji. That's what happens with a specific password combination I tested. The original password still works. But strip the emoji (a password manager, a different keyboard, a Unicode normalizer) and you're locked out. Your Laravel validator passed it as valid the whole time. The 72-Byte Rule bcrypt has a hard input limit of 72 bytes. Not characters - bytes. When you call password_hash($password, PASSWORD_BCRYPT) , PHP silently truncates anything past byte 72. Most developers know this in theory. But for ASCII-only apps, it never bites. 72 ASCII characters is already a very long password, and the silent clip is harmless in practice. The trouble starts with multi-byte scripts. How Many Characters Fit? Character set Bytes per char Effective bcrypt limit ASCII 1 72 chars Cyrillic 2 36 chars CJK (Chinese, Japanese, Korean, common block) 3 24 chars Emoji 4 18 chars Past the byte limit, a longer password adds no security at all. A 200-character Cyrillic password hashes identically to its own first 36 characters. Byte 73 and beyond simply do not exist from bcrypt's point of view. So "longer always produces a stronger bcrypt hash" is not true. A Cyrillic user with a 37-character password gets silently truncated at char 36. The hash is still consistent. The user logs in fine, but any variation past character 36 doesn't matter to bcrypt. Annoying from a security standpoint, but it does not break login. The Split-Byte Trap The 72-byte limit cuts at a byte boundary, not a character boundary. If a multi-byte character falls on that cut, bcrypt bakes in an incomplete UTF-8 sequence. // 35 Cyrillic chars = 70 bytes, emoji = 4 bytes, total = 74 bytes $password = str_repeat ( 'А' , 35 ) . '🔑' ; $hash = password_hash ( $password , PASSWORD_BCRYPT ); password_verify ( $password , $hash ); // ? password_verify ( str_repeat ( 'А' , 35 ), $hash ); // ? password_verify ( str_repeat ( 'А' , 36 ), $h
开发者
👾 Server Access Logs with GoAccess
Part 1: Self-hosting on Jetson Orin Nano 👽 Jetson Orin Nano Web Server Follow-up...