Context is King: Using API Sessions for Security Context
There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase…
Security
Criminals Exploiting FBI Emergency Data Requests
I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create…
Stay Safe from Fake E-Shops This Holiday Season
The holiday season is a busy time for online shopping, but it’s also when fake e-shops flood the internet, trying…
The Hidden Costs of API Breaches: Quantifying the Long-Term Business Impact
API attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen finances, and incident response budgets can…
Weekly Update 425
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Friday Squid Blogging: Squid-A-Rama in Des Moines
Squid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore…
AI Industry is Trying to Subvert the Definition of “Open Source AI”
The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows…
Prompt Injection Defenses Against LLM Cyberattacks
Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“: Large language models (LLMs) are increasingly…
Subverting LLM Coders
Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large…
AI-Powered APIs: Expanding Capabilities and Attack Surfaces
AI and APIs have a symbiotic relationship. APIs power AI by providing the necessary data and functionality, while AI enhances…