Open source LLM tool primed to sniff out Python zero-days

#### [Security](/security/)**2** Open source LLM tool primed to sniff out Python zero-days=========================================================**2** The static analyzer uses Claude AI to identify vulns and suggest exploit code—————————————————————————–[Thomas Claburn](/Author/Thomas-Claburn ‘Read more by this author’) Sun 20 Oct 2024 // 09:00 UTC [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days) [](https://twitter.com/intent/tweet?text=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days&url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days&summary=The%20static%20analyzer%20uses%20Claude%20AI%20to%20identify%20vulns%20and%20suggest%20exploit%20code) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic’s Claude AI model.The software, called Vulnhuntr, was announced at the [No Hat security conference](https://www.nohat.it/talks) in Italy on Saturday.’The tool does not simply paste some code from the project and ask for analysis,’ explained Dan McInerney, lead AI threat researcher at Protect AI, who developed the software with colleague Marcello Salvati. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZxTU55-1NUt7qwgSXjGrpAAAAIo&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0)’It automatically finds project files that are likely to handle remote user input, Claude analyzes that for potential vulnerabilities, then for each potential vulnerability Claude is given a vulnerability-specific highly optimized prompt and enters a loop.’ ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZxTU55-1NUt7qwgSXjGrpAAAAIo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0)’In this loop it intelligently requests functions/classes/variables from elsewhere in the code continually until it completes the entire call chain from user input to server output without blowing up its context window. The advantage of this over current static code analyzers is a massive reduction in false positives/negatives since it can read the entire call chain, not just little code snippets one at a time.’This approach, McInerney claims, can reveal complex, multi-step vulnerabilities, as opposed to flagging functions like eval() with known security implications. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZxTU55-1NUt7qwgSXjGrpAAAAIo&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0)’The tool was originally designed using Claude and used Claude’s best practices in prompt engineering so it performs by far the best using Claude,’ said McInerney. ‘We included the option to use -[OpenAI’s-] GPT-4 and we tested it with GPT-4o but got poorer results. Modifying the prompts to better fit GPT-4o is very straightforward and using the GPT-4o model is just a change in 1 line of code. By open sourcing it, we hope to encourage modifications such as these as new models come out.’So far, McInerney says, Vulnhuntr has found more than a dozen zero-day vulnerabilities in large, open source Python projects.’All of these vulnerabilities were not previously known or reported to the project maintainers,’ he said.The tool presently focuses on seven types of remotely exploitable vulnerabilities.* Arbitrary File Overwrite (AFO)* Local File Inclusion (LFI)* Server-Side Request Forgery (SSRF)* Cross-Site Scripting (XSS)* Insecure Direct Object References (IDOR)* SQL Injection (SQLi)* Remote Code Execution (RCE)Affected projects include:* gpt_academic, 64k stars on GitHub, LFI, XSS* ComfyUI, 50K stars, XSS* FastChat, 35K stars, SSRF* Ragflow, 16K stars, RCEOther projects with vulnerable code spotted less than 90 days ago have not been identified to give maintainers time to fix things.Ragflow, said McInerney, is the only project he’s aware of that has [fixed its identified bug](https://github.com/infiniflow/ragflow/commit/12975cf128c07091b2031eaf4ecad01b1fa6731f).Vulnhuntr has some limitations. It only works on Python code at the moment and it depends on access to a Python static analyzer. As a result, the tool is more likely to generate false positives when scanning Python projects that incorporate code in other languages (e.g. TypeScript).When generating a proof-of-concept (PoC) exploit, the software generates a confidence score ranging from 1 to 10. A score of 7 means it’s probably a valid vulnerability, though the PoC code may need some refinement. A score of 8 or more is highly likely to be valid. Scores of 6 or less are unlikely to be valid.The output looks something like this:“`scratchpad: 1. Analyzing the add_llm function in llm_app.py.2. Identified user input used as keys to access dictionaries: EmbeddingModel, ChatModel, RerankModel, CvModel, and TTSModel.3. These dictionaries contain class references, which are instantiated with user-supplied parameters.4. The factory variable is directly used from user input (req[‘llm_factory’]) without proper validation. […]—————————————- analysis: The add_llm function in llm_app.py contains a critical Remote Code Execution (RCE) vulnerability. The function uses user-supplied input (req[‘llm_factory’] and req[‘llm_name’]) to dynamically instantiate classes from the EmbeddingModel, ChatModel, RerankModel, CvModel, and TTSModel dictionaries. This pattern of using user input as a key to access and instantiate classes is inherently dangerous, as it allows an attacker to potentially execute arbitrary code. The vulnerability is exacerbated by the lack of comprehensive input validation or sanitization on these user-supplied values. […]—————————————- poc: POST /add_llm HTTP/1.1 Host: target.com Content-Type: application/json Authorization: Bearer { ‘llm_factory’: ‘__import__(‘os’).system’, ‘llm_name’: ‘id’, ‘model_type’: ‘EMBEDDING’, ‘api_key’: ‘dummy_key’}—————————————- confidence_score: 8 —————————————- vulnerability_types: – RCE —————————————-“`Another issue is that LLMs aren’t deterministic — they may provide different results for the same prompt at different times — so multiple runs may be required. Nonetheless, McInerney says that Vulnhuntr is a significant improvement over the current generation of static analyzers.There’s also some cost involved since the Claude API isn’t free.’My average use of it is to identify the one or two files in a project that handle remote user input and tell the tool to do analysis on just those couple files,’ said McInerney. ‘When used this way, it averages less than $0.50 of token usage. It will automatically find these network-related files as well, but it’s a broad search that often sees it scanning 10-20 files instead of the 1-2 that give the best results usually. Depending on project size, scanning all the network-related files will still only cost -~$1-$3.’> As far as our research can tell, the release of Vulnhuntr will be the first time LLMs have actually found zero-days in the wild.McInerney says he believes Vulnhuntr’s discoveries represent the first time actual zero-day vulnerabilities have been identified in public projects by an AI-assisted tool.’There are multiple papers purporting this and all are misleading because their AI did not discover zero-days, it was merely fed known vulnerable targets or code that it wasn’t trained on and then said this was evidence their AI can find zero-days,’ he said. ‘As far as our research can tell, the release of Vulnhuntr will be the first time LLMs have actually found zero-days in the wild.’As an example, he pointed to [a paper](https://arxiv.org/abs/2406.01637) by academic researchers whose work we’ve [covered previously](https://www.theregister.com/2024/04/17/gpt4_can_exploit_real_vulnerabilities/).Daniel Kang, assistant professor of computer science at the University of Illinois Urbana-Champaign, and a co-author on the cited paper and similar ones, told *The Register* that relying on simulated data is a common practice in security research.’It is widely accepted that simulations of real-world environments are acceptable proxies for the real world,’ he said. ‘I can link to hundreds of security papers and press releases where security tools are used in simulated environments or on past real-world vulnerabilities and no one disputes these findings. The correct thing to say is that we simulate the zero-day setting, but again, this is widely accepted as common practice.’Kang’s paper describes using teams of LLM agents to exploit zero-day vulnerabilities, noted that Vulnhuntr doesn’t handle exploitation. He also said that in the absence of an analysis of false positives or a comparison to tools like ZAP, Metasploit, or BurpSuite, it’s difficult to say how the tool compares to existing open source or proprietary alternatives.According to McInerney, the vulnerabilities identified by Vulnhuntr are very easy to exploit once identified.’The tool gives you a proof-of-concept exploit once it finds a vulnerability,’ he said. ‘It’s not uncommon to need to make some kind of minor adjustment to the PoC to make it work, but it’s obvious what adjustments to make after reading the analysis the LLM gives you as to why it’s vulnerable.’We’re told Vulnhuntr will be released on GitHub, presumably through a repo associated with [Protect AI](https://github.com/protectai). The biz is also encouraging budding bug hunters to try the tool on open source projects listed on its bug bounty website, [huntr.com](https://huntr.com). ® [Sponsored: How HPC is cooler, literally](https://go.theregister.com/tl/3094/shttps://www.theregister.com/2024/10/11/how_hpc_is_cooler_literally/) Share [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days) [](https://twitter.com/intent/tweet?text=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days&url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days&summary=The%20static%20analyzer%20uses%20Claude%20AI%20to%20identify%20vulns%20and%20suggest%20exploit%20code) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) #### More about* [AI](/Tag/AI/)* [Python](/Tag/Python/)* [Security](/Tag/Security/) More like these × ### More about* [AI](/Tag/AI/)* [Python](/Tag/Python/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) ### Narrower topics* [2FA](/Tag/2FA/)* [AdBlock Plus](/Tag/AdBlock%20Plus/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [App](/Tag/App/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Audacity](/Tag/Audacity/Audio%20Editor/ ‘Disambiguation: Audio Editor’)* [Authentication](/Tag/Authentication/)* [BEC](/Tag/BEC/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Confluence](/Tag/Confluence/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Database](/Tag/Database/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [FOSDEM](/Tag/FOSDEM/)* [FOSS](/Tag/FOSS/)* [Gemini](/Tag/Gemini/)* [Google AI](/Tag/Google%20AI/)* [GPT-3](/Tag/GPT-3/)* [GPT-4](/Tag/GPT-4/)* [Grab](/Tag/Grab/)* [Graphics Interchange Format](/Tag/Graphics%20Interchange%20Format/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [IDE](/Tag/IDE/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Jenkins](/Tag/Jenkins/)* [Kenna Security](/Tag/Kenna%20Security/)* [Large Language Model](/Tag/Large%20Language%20Model/)* [Legacy Technology](/Tag/Legacy%20Technology/)* [LibreOffice](/Tag/LibreOffice/)* [Machine Learning](/Tag/Machine%20Learning/)* [Map](/Tag/Map/)* [MCubed](/Tag/MCubed/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [Mobile Device Management](/Tag/Mobile%20Device%20Management/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [Neural Networks](/Tag/Neural%20Networks/)* [NLP](/Tag/NLP/)* [OpenOffice](/Tag/OpenOffice/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Phishing](/Tag/Phishing/)* [QR code](/Tag/QR%20code/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [Retro computing](/Tag/Retro%20computing/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Search Engine](/Tag/Search%20Engine/)* [Software bug](/Tag/Software%20bug/)* [Software License](/Tag/Software%20License/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [Star Wars](/Tag/Star%20Wars/)* [Surveillance](/Tag/Surveillance/)* [Tensor Processing Unit](/Tag/Tensor%20Processing%20Unit/)* [Text Editor](/Tag/Text%20Editor/)* [TLS](/Tag/TLS/)* [TOPS](/Tag/TOPS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [User interface](/Tag/User%20interface/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [WebAssembly](/Tag/WebAssembly/)* [Web Browser](/Tag/Web%20Browser/)* [WordPress](/Tag/WordPress/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [Programming Language](/Tag/Programming%20Language/)* [Self-driving Car](/Tag/Self-driving%20Car/) #### More aboutShare [](https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days) [](https://twitter.com/intent/tweet?text=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days&url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Open%20source%20LLM%20tool%20primed%20to%20sniff%20out%20Python%20zero-days&summary=The%20static%20analyzer%20uses%20Claude%20AI%20to%20identify%20vulns%20and%20suggest%20exploit%20code) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/20/python_zero_day_tool/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) **2** COMMENTS #### More about* [AI](/Tag/AI/)* [Python](/Tag/Python/)* [Security](/Tag/Security/) More like these × ### More about* [AI](/Tag/AI/)* [Python](/Tag/Python/)* [Security](/Tag/Security/)* [Software](/Tag/Software/) ### Narrower topics* [2FA](/Tag/2FA/)* [AdBlock Plus](/Tag/AdBlock%20Plus/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [App](/Tag/App/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Audacity](/Tag/Audacity/Audio%20Editor/ ‘Disambiguation: Audio Editor’)* [Authentication](/Tag/Authentication/)* [BEC](/Tag/BEC/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Confluence](/Tag/Confluence/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Database](/Tag/Database/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [FOSDEM](/Tag/FOSDEM/)* [FOSS](/Tag/FOSS/)* [Gemini](/Tag/Gemini/)* [Google AI](/Tag/Google%20AI/)* [GPT-3](/Tag/GPT-3/)* [GPT-4](/Tag/GPT-4/)* [Grab](/Tag/Grab/)* [Graphics Interchange Format](/Tag/Graphics%20Interchange%20Format/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [IDE](/Tag/IDE/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Jenkins](/Tag/Jenkins/)* [Kenna Security](/Tag/Kenna%20Security/)* [Large Language Model](/Tag/Large%20Language%20Model/)* [Legacy Technology](/Tag/Legacy%20Technology/)* [LibreOffice](/Tag/LibreOffice/)* [Machine Learning](/Tag/Machine%20Learning/)* [Map](/Tag/Map/)* [MCubed](/Tag/MCubed/)* [Microsoft 365](/Tag/Microsoft%20365/)* [Microsoft Office](/Tag/Microsoft%20Office/)* [Microsoft Teams](/Tag/Microsoft%20Teams/)* [Mobile Device Management](/Tag/Mobile%20Device%20Management/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [Neural Networks](/Tag/Neural%20Networks/)* [NLP](/Tag/NLP/)* [OpenOffice](/Tag/OpenOffice/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Phishing](/Tag/Phishing/)* [QR code](/Tag/QR%20code/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [Retro computing](/Tag/Retro%20computing/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Search Engine](/Tag/Search%20Engine/)* [Software bug](/Tag/Software%20bug/)* [Software License](/Tag/Software%20License/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [Star Wars](/Tag/Star%20Wars/)* [Surveillance](/Tag/Surveillance/)* [Tensor Processing Unit](/Tag/Tensor%20Processing%20Unit/)* [Text Editor](/Tag/Text%20Editor/)* [TLS](/Tag/TLS/)* [TOPS](/Tag/TOPS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [User interface](/Tag/User%20interface/)* [Visual Studio](/Tag/Visual%20Studio/)* [Visual Studio Code](/Tag/Visual%20Studio%20Code/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [WebAssembly](/Tag/WebAssembly/)* [Web Browser](/Tag/Web%20Browser/)* [WordPress](/Tag/WordPress/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [Programming Language](/Tag/Programming%20Language/)* [Self-driving Car](/Tag/Self-driving%20Car/) #### TIP US OFF[Send us news](https://www.theregister.com/Profile/contact/)[#### AI-driven e-commerce fraud is surging, but you can fight back with more AIJuniper Research argues the only way to beat them is to join themAI + ML12 days -| 6](/2024/10/08/ecommerce_fraud_ai/?td=keepreading) [#### Anthropic’s Claude vulnerable to ’emotional manipulation’AI model safety only goes so farAI + ML8 days -| 42](/2024/10/12/anthropics_claude_vulnerable_to_emotional/?td=keepreading) [#### LinkedIn: If our AI gets something wrong, that’s your problemArtificial intelligence still no substitute for the real thingAI + ML11 days -| 21](/2024/10/09/linkedin_ai_misinformation_agreement/?td=keepreading) [#### AI-assisted malware resistance, response and recoveryHow visibility into the life of an IO all the way from the storage controller to the flash media aids cyber protectionSponsored Feature](/2024/10/01/aiassisted_malware_resistance_response_and/?td=keepreading) [#### Why send a message when you can get your Zoom digital video clone to read the script?We’re sure colleagues will find your lookalike, soundalike avatar’s missive very warm and humanAI + ML9 days -| 28](/2024/10/11/zoom_clips_avatar_scripted_message/?td=keepreading) [#### AMD aims latest processors at AI whether you need it or notRyzen AI PRO 300 series leans heavily on Microsoft’s Copilot+ PC requirementsAI + ML10 days -| 6](/2024/10/10/amd_ryzen_ai_pro_300_series/?td=keepreading) [#### Microsoft crafts Rust hypervisor to power Azure workloadsOpenVMM touts stronger security, but not ready for prime time just yetSoftware3 days -| 6](/2024/10/17/microsoft_preps_rust_hypervisor_for/?td=keepreading) [#### Google’s memory safety plan includes rehab for unsafe languagesLarge C and C++ codebases will be around for the ‘foreseeable future’Cybersecurity Month4 days -| 30](/2024/10/16/google_legacy_code/?td=keepreading) [#### Smart TVs are spying on everyoneRegulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to changeCybersecurity Month10 days -| 128](/2024/10/09/smart_tv_spy_on_viewers/?td=keepreading) [#### Deno 2.0 looks to backward compatibility to move forwardModern runtime for JavaScript and TypeScript plays nicer with Node.jsDevops10 days -| 4](/2024/10/09/deno_20_now_plays_nicer/?td=keepreading) [#### IBM: Insurance industry bosses keen on AI. Customers, not so muchFewer than 30% of clients happy dealing with a generative AI virtual agentAI + ML4 days -| 15](/2024/10/16/ibm_insurance_industry_bosses_keen/?td=keepreading) [#### The best use for those latest manycore chips? AI, say server vendorsAnalysis PC makers might not be able to sell the idea – big iron has a better chanceOn-Prem6 days -| 1](/2024/10/14/manycore_chips_ai_servers/?td=keepreading)

Related Tags:
NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 516 – Broadcasting And Content Providers

NAICS: 51 – Information

Sodinokibi

REvil

Sodin

WanaCrypt0r

WanaCrypt

Associated Indicators:
null

Threat Intel Solutions

Open source LLM tool primed to sniff out Python zero-days

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us