1 октября пройдет VK Security Confab. В продолжение доклада с OffZone про атакующих агентов в гостях у VK инженер из нашей команды Руслан углубится в анализ API-контрактов средствами AI-агентов. Успехи, факапы и полученный опыт — будем рады со всеми поделиться. Подробности тут
P.S. Появились видео докладов с OffZone.
P.S. Появились видео докладов с OffZone.
VK Security Confab
Митап про ИИ в информационной безопасности и безопасность ИИ.
1 октября 19:00, Москва, офлайн.
1 октября 19:00, Москва, офлайн.
👍2
Shell or Nothing: Real-World Benchmarks and Memory-Activated Agents for Automated Penetration Testing
https://arxiv.org/pdf/2509.09207
https://arxiv.org/pdf/2509.09207
ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System
https://team-atlanta.github.io/papers/TR-Team-Atlanta.pdf
https://team-atlanta.github.io/papers/TR-Team-Atlanta.pdf
👍1🔥1
EXPLORING GRAPHENEOS SECURE ALLOCATOR: HARDENED MALLOC
https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc
https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc
Synacktiv
Exploring GrapheneOS secure allocator: Hardened Malloc
Automated Patch Diff Analysis using LLMs
https://blog.syss.com/posts/automated-patch-diff-analysis-using-llms/
https://github.com/SySS-Research/diffalayze
https://blog.syss.com/posts/automated-patch-diff-analysis-using-llms/
https://github.com/SySS-Research/diffalayze
SySS Tech Blog
Automated Patch Diff Analysis using LLMs
Large Language Models (LLMs) are increasingly integrated into AI workflows and agents to streamline a wide range of tasks. In this blog post, we introduce an approach for using LLMs for automated patch diff analysis. TL;DR Patch diffing is great for finding…
1
AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
https://github.com/FuzzingLabs/fuzzforge_ai
https://github.com/FuzzingLabs/fuzzforge_ai
GitHub
GitHub - FuzzingLabs/fuzzforge_ai: AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security.…
AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketpl...
1👍2
What Do They Fix? LLM-Aided Categorization of Security Patches for Critical Memory Bugs
https://arxiv.org/pdf/2509.22796
https://arxiv.org/pdf/2509.22796
1
Alaid TechThread
1 октября пройдет VK Security Confab. В продолжение доклада с OffZone про атакующих агентов в гостях у VK инженер из нашей команды Руслан углубится в анализ API-контрактов средствами AI-агентов. Успехи, факапы и полученный опыт — будем рады со всеми поделиться.…
OAS Presentation (Public).pdf
9.2 MB
Презентация Руслана
#ProSecA
#ProSecA
🔥9👍1
DynamiQ: Unlocking the Potential of Dynamic Task Allocation in Parallel Fuzzing
https://arxiv.org/pdf/2510.04469
https://arxiv.org/pdf/2510.04469
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers
https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
Quarkslab
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers - Quarkslab's blog
This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. The bugs can be triggered by an attacker controlling a local unprivileged process. Their security implications were confirmed…
A2AS: Standard for Agentic AI Security
Framework for Behavior Certification and Runtime Security
For LLM Models and Agent-to-Agent Security
Similar to How HTTPS Secures HTTP
https://www.a2as.org
Framework for Behavior Certification and Runtime Security
For LLM Models and Agent-to-Agent Security
Similar to How HTTPS Secures HTTP
https://www.a2as.org
A2AS Framework
A2AS | Agent-to-Agent Security | Agentic AI Security Framework
A2AS Framework is the emerging practical standard for agentic behavior certification, context window integrity, and AI runtime security. The A2AS project, research, and development is led by Eugene Neelou with collaborators from AWS, ByteDance, Cisco, Elastic…
👍2
Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research
https://www.wiz.io/blog/honeybee-threat-research
https://www.wiz.io/blog/honeybee-threat-research
wiz.io
HoneyBee: Automating Honeypots for Modern Threat Research | Wiz Blog
Wiz researchers use HoneyBee to build and monitor misconfigured environments safely—gaining insights that power stronger detections.
When “Correct” Is Not Safe: Can We Trust Functionally Correct Patches Generated by Code Agents?
https://arxiv.org/pdf/2510.17862
https://arxiv.org/pdf/2510.17862