All You Need Is A Fuzzing Brain: An LLM-Powered System for
Automated Vulnerability Detection and Patching
https://arxiv.org/pdf/2509.07225
Automated Vulnerability Detection and Patching
https://arxiv.org/pdf/2509.07225
1👍3
Alaid TechThread
Завершился финальный этап DARPA AIxCC https://www.darpa.mil/news/2025/aixcc-results Участники начали делиться наработками: Первое место Team Atlanta https://team-atlanta.github.io Второе место Trail of Bits: https://www.trailofbits.com/buttercup/ https…
The Art of Vibe-Crashing
Seed generation in the LLM era
https://support.shellphish.net/blog/2025/09/02/shellphish-x-aixcc-dg/
Seed generation in the LLM era
https://support.shellphish.net/blog/2025/09/02/shellphish-x-aixcc-dg/
support.shellphish.net
The Art of Vibe-Crashing | Shellphish Support Syndicate
The goal of Shellphish Support Syndicate is to support the Shellphish team in all their endeavors.
🔥3
securing ai agents.pdf.pdf
7.3 MB
How to securely deploy agents that make sensitive decisions autonomously
1 октября пройдет VK Security Confab. В продолжение доклада с OffZone про атакующих агентов в гостях у VK инженер из нашей команды Руслан углубится в анализ API-контрактов средствами AI-агентов. Успехи, факапы и полученный опыт — будем рады со всеми поделиться. Подробности тут
P.S. Появились видео докладов с OffZone.
P.S. Появились видео докладов с OffZone.
VK Security Confab
Митап про ИИ в информационной безопасности и безопасность ИИ.
1 октября 19:00, Москва, офлайн.
1 октября 19:00, Москва, офлайн.
👍2
Shell or Nothing: Real-World Benchmarks and Memory-Activated Agents for Automated Penetration Testing
https://arxiv.org/pdf/2509.09207
https://arxiv.org/pdf/2509.09207
ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System
https://team-atlanta.github.io/papers/TR-Team-Atlanta.pdf
https://team-atlanta.github.io/papers/TR-Team-Atlanta.pdf
👍1🔥1
EXPLORING GRAPHENEOS SECURE ALLOCATOR: HARDENED MALLOC
https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc
https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc
Synacktiv
Exploring GrapheneOS secure allocator: Hardened Malloc
Automated Patch Diff Analysis using LLMs
https://blog.syss.com/posts/automated-patch-diff-analysis-using-llms/
https://github.com/SySS-Research/diffalayze
https://blog.syss.com/posts/automated-patch-diff-analysis-using-llms/
https://github.com/SySS-Research/diffalayze
SySS Tech Blog
Automated Patch Diff Analysis using LLMs
Large Language Models (LLMs) are increasingly integrated into AI workflows and agents to streamline a wide range of tasks. In this blog post, we introduce an approach for using LLMs for automated patch diff analysis. TL;DR Patch diffing is great for finding…
1
AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
https://github.com/FuzzingLabs/fuzzforge_ai
https://github.com/FuzzingLabs/fuzzforge_ai
GitHub
GitHub - FuzzingLabs/fuzzforge_ai: AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security.…
AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketpl...
1👍2
What Do They Fix? LLM-Aided Categorization of Security Patches for Critical Memory Bugs
https://arxiv.org/pdf/2509.22796
https://arxiv.org/pdf/2509.22796
1
Alaid TechThread
1 октября пройдет VK Security Confab. В продолжение доклада с OffZone про атакующих агентов в гостях у VK инженер из нашей команды Руслан углубится в анализ API-контрактов средствами AI-агентов. Успехи, факапы и полученный опыт — будем рады со всеми поделиться.…
OAS Presentation (Public).pdf
9.2 MB
Презентация Руслана
#ProSecA
#ProSecA
🔥9👍1
DynamiQ: Unlocking the Potential of Dynamic Task Allocation in Parallel Fuzzing
https://arxiv.org/pdf/2510.04469
https://arxiv.org/pdf/2510.04469
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers
https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
Quarkslab
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers - Quarkslab's blog
This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. The bugs can be triggered by an attacker controlling a local unprivileged process. Their security implications were confirmed…
A2AS: Standard for Agentic AI Security
Framework for Behavior Certification and Runtime Security
For LLM Models and Agent-to-Agent Security
Similar to How HTTPS Secures HTTP
https://www.a2as.org
Framework for Behavior Certification and Runtime Security
For LLM Models and Agent-to-Agent Security
Similar to How HTTPS Secures HTTP
https://www.a2as.org
A2AS Framework
A2AS | Agent-to-Agent Security | Agentic AI Security Framework
A2AS Framework is the emerging practical standard for agentic behavior certification, context window integrity, and AI runtime security. The A2AS project, research, and development is led by Eugene Neelou with collaborators from AWS, ByteDance, Cisco, Elastic…
👍2
Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research
https://www.wiz.io/blog/honeybee-threat-research
https://www.wiz.io/blog/honeybee-threat-research
wiz.io
HoneyBee: Automating Honeypots for Modern Threat Research | Wiz Blog
Wiz researchers use HoneyBee to build and monitor misconfigured environments safely—gaining insights that power stronger detections.
When “Correct” Is Not Safe: Can We Trust Functionally Correct Patches Generated by Code Agents?
https://arxiv.org/pdf/2510.17862
https://arxiv.org/pdf/2510.17862