Mastodon.world admins @mwadmin

9 posts9 participants0 posts today

**TechnoTenshi** @technotenshi@infosec.exchange · 4h

TechnoTenshi @technotenshi@infosec.exchange

Signal Desktop now blocks screenshots on Windows 11 by default to protect against Microsoft Recall, which periodically captures screen content. The move uses DRM flags to prevent sensitive messages from being recorded without consent.

https://signal.org/blog/signal-doesnt-recall/

Signal MessengerBy Default, Signal Doesn't RecallSignal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows. This setting is automatically enabled by default in Signal Desktop on Windows 11. If you’re wondering why we’re on...

#privacy #infosec #windows11

**Bryce Kunz** @TweekFawkes@infosec.exchange · 7h

Bryce Kunz @TweekFawkes@infosec.exchange

Mind-bending AI fact: Your innocent-looking translation tool could be tricked into opening malicious files or leaking private docs from your system. #AISecurity #Tech
https://archive.is/gFr9J

**cassandroid אַנטיפֿאַ** @cassandroid.substack.com@bsky.brid.gy · 21h

21h

cassandroid אַנטיפֿאַ @cassandroid.substack.com@bsky.brid.gy

Hadn't seen this, from early April #aisecurity #ai

Reasoning models don't always ...

Bluesky SocialBluesky

**Winbuzzer** @winbuzzer@mastodon.social · 1d

Winbuzzer @winbuzzer@mastodon.social

Microsoft Launches Entra Agent ID for Secure Enterprise AI Agents

#AI #MicrosoftBuild #Build2025 #AIsecurity #EntraAgentID #AIagents #IdentityManagement #ZeroTrust #EnterpriseAI #Microsoft #AICopilot #DevOps #AIgovernance

https://winbuzzer.com/2025/05/20/microsoft-launches-entra-agent-id-for-secure-enterprise-ai-agents-xcxwbn/

**Petrus Vasenius** @pvasenius@infosec.exchange · 1d

Petrus Vasenius @pvasenius@infosec.exchange

I wrote a brief Playbook, how to get started with securing the Azure AI Service's in your environment. Azure AI services provides multiple layers of security that you should consider when implementing a solution, which I present in this blog post:

https://vasenius.fi/example-playbook-to-secure-your-azure-ai-services/

#AISecurity #AzureAIServices #AzureSecurity

**Beth Pariseau @ #RHSummit** @BPariseau@hachyderm.io · 2d

Beth Pariseau @ #RHSummit @BPariseau@hachyderm.io

A new GitHub #Copilot coding agent takes on tasks asynchronously in #GitHubActions. Microsoft Azure #AI Foundry updates this week hint at future #GitHub #AIsecurity and model management controls. #MSBuild https://www.techtarget.com/searchsoftwarequality/news/366623845/New-GitHub-Copilot-agent-edges-into-DevOps

TechTarget · 2dNew GitHub Copilot agent edges into DevOpsBy Beth Pariseau

**Bryce Kunz** @TweekFawkes@infosec.exchange · 3d

Bryce Kunz @TweekFawkes@infosec.exchange

Think your AI chatbot is harmless? A cybersecurity firm broke into a *candle shop's* AI, finding it could potentially spill company secrets or even give instructions on how to burn a house down! Definitely makes you think. #AISecurity #TechRisk
https://archive.is/CCDEc

**LMG Security** @LMGsecurity@infosec.exchange · 6d

LMG Security @LMGsecurity@infosec.exchange

At the recent #RSAC2025 conference, LMG Security's @sherridavidoff and @MDurrin drew packed crowds with their sessions on how hackers use AI to exploit stolen source code and a hands-on tabletop lab exploring deepfake cyber extortion.

We’ve received a lot of inquiries about these sessions! If you couldn’t attend RSA and you're interested in these topics, we also offer custom training and tabletop exercises to help your team prepare for the next generation of AI-powered cyber threats.

#Cybersecurity #AIsecurity #AI

**Chloé Messdaghi** @ChloeMessdaghi@infosec.exchange · 6d

Chloé Messdaghi @ChloeMessdaghi@infosec.exchange

Stress-testing AI systems through red teaming is crucial for uncovering weaknesses before they are exploited. AVID's recent blog post emphasizes the value of involving diverse expertise to develop AI models that are robust, secure, and ethical. Read more here: https://avidml.org/blog/red-teaming-1/

#RedTeaming #AIsecurity #EthicalAI

**Marco Ciappelli** @Marcociappelli@infosec.exchange · 6d

Marco Ciappelli @Marcociappelli@infosec.exchange

This is about to happen! Join us!

How To Detect And Mitigate Non-Human Identity And Crytographic Vulnerabilities — An ITSPmagazine Webinar With SandboxAQ
Thursday, May 15, 2025 | 1:00 PM 2:00 PM EST

Unmanaged cryptographic assets and non-human identities have left security teams blind to critical risks. These gaps have fueled vulnerabilities, breaches, compliance challenges, and operational drag across enterprise environments.

Join us to see how #AQtiveGuard transforms this landscape.

https://www.crowdcast.io/c/how-to-detect-and-mitigate-non-human-identity-and-crytographic-vulnerabilities-an-itspmagazine-webinar-with-sandboxaq

More than just visibility, AQtive Guard unifies your non-human identities and cryptographic assets into a single inventory to deliver end-to-end visibility, deeper risk analysis, and streamlined compliance in a single pane of glass—with automated discovery, real-time threat detection, and root cause analysis powered by their unique LQM.

Seamlessly integrated into your existing stack, it’s the AI-driven SaaS platform built to secure today’s systems—and tomorrow’s.

By attending, you will get to:
Discover how to gain unified visibility into cryptographic assets and non-human identities —including API keys, certificates and service accounts—in cloud environments

Explore how AQtive Guard empowers security teams with automated discovery, threat detection, and root cause analysis—enabling faster remediation, reduced risk, and stronger compliance without disrupting existing workflows.

Learn how to future-proof your security posture, with a platform designed for AI Security Operations, Post-Quantum Cryptography readiness, and seamless integration into your existing security stack.

PANELISTS
Marc Manzano
General Manager of Cybersecurity, SandboxAQ
MODERATORS
Sean Martin, CISSP Co-Founder, ITSPmagazine
Marco Ciappelli Co-Founder, ITSPmagazine

Can’t attend the live webinar? All registrants get exclusive access with a link to rewatch the recording.

Register To Attend: https://www.crowdcast.io/c/how-to-detect-and-mitigate-non-human-identity-and-crytographic-vulnerabilities-an-itspmagazine-webinar-with-sandboxaq

#cybersecurity, #cryptography, #AIsecurity, #infosec, #webinar, #securitytools, #threatdetection, #cloudsecurity, #sandboxAQ, #ITSPmagazine #tech #technology #quantum

crowdcastHow To Detect And Mitigate Non-Human Identity And Crytographic Vulnerabilities — An ITSPmagazine Webinar with SandboxAQRegister now for How To Detect And Mitigate Non-Human Identity And Crytographic Vulnerabilities — An ITSPmagazine Webinar with SandboxAQ on crowdcast, scheduled to go live on May 15, 2025, 01:00 PM EDT.

**LMG Security** @LMGsecurity@infosec.exchange · 6d

LMG Security @LMGsecurity@infosec.exchange

AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney @baybedoll shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.

From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.

Read now: https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/

Web app security prompt injection testing iage

LMG SecurityAre Your AI-Backed Web Apps Secure? Why Prompt Injection Testing Belongs in Every Web App Pen Test | LMG SecurityDiscover how prompt injection testing reveals hidden vulnerabilities in AI-enabled web apps. Learn real-world attack examples, risks, and why your pen test must include LLM-specific assessments.

#CyberSecurity #PromptInjection #AIsecurity

Continued thread

**Giskard** @Giskard@fosstodon.org · 6d

Giskard @Giskard@fosstodon.org

At Giskard, we've integrated LMEval into our Phare LLM benchmark (phare.giskard.ai) to independently evaluate popular models' security and safety dimensions - through rigorous testing.

Read the announcement: https://opensource.googleblog.com/2025/05/announcing-lmeval-an-open-ource-framework-cross-model-evaluation.html

Google Open Source BlogAnnouncing LMEval: An Open Source Framework for Cross-Model EvaluationAnnouncing LMEval, an open source framework for cross-model evaluation and simplifying cross-provider model benchmarking.

#LMEval #AISecurity #LLMEvaluation

Continued thread

**Giskard** @Giskard@fosstodon.org · May 13

May 13

Giskard @Giskard@fosstodon.org

Thanks to Kyle Wiggers for this article. We're honored to see our research covered by TechCrunch.

Read the article here: https://techcrunch.com/2025/05/08/asking-chatbots-for-short-answers-can-increase-hallucinations-study-finds/

TechCrunch · May 8Asking chatbots for short answers can increase hallucinations, study finds | TechCrunchTurns out, telling an AI chatbot to be concise could make it hallucinate more than it otherwise would have.

#AISecurity #LLMBenchmark #research

**Marco Ciappelli** @Marcociappelli@infosec.exchange · May 12

May 12

Marco Ciappelli @Marcociappelli@infosec.exchange

Monday news from ITSPmagazine #happymonday!

Join Marc Manzano, Sean Martin, CISSP and me on this week SandboxAQ Webinar!

After an incredible conversation with Marc on the #RSAC floor in San Francisco — where Sean and I used every second of our time and still had more to explore — I knew the #Sandbox Story couldn’t stop there.

If you missed that on-location episode from #RSAC2025, catch it here:

Security at the Edge of Change – A Brand Story with Marc Manzano from SandboxAQ

https://www.itspmagazine.com/their-stories/security-at-the-edge-of-change-preparing-for-the-cryptographic-and-ai-tipping-point-a-brand-story-with-marc-manzano-from-sandboxaq-an-on-location-rsac-conference-2025-brand-story

Now, we’re keeping the momentum going with a live ITSPmagazine webinar you don’t want to miss — and I won’t either.

How To Detect And Mitigate Non-Human Identity And Cryptographic Vulnerabilities | An ITSPmagazine Webinar with SandboxAQ

Join Marc, Sean, and me as we dig deeper into how SandboxAQ is tackling one of today’s most urgent security challenges.

By attending, you’ll:

Gain visibility into cryptographic assets and non-human identities like API keys, certificates, and service accounts

See how #AQtiveGuard enables automated discovery, threat detection, and root cause analysis without disrupting workflows

Learn how to future-proof your security with Post-Quantum Cryptography readiness and AI-powered #SecOps

Learn more:

https://www.itspmagazine.com/itspmagazine-webinar-calendar/how-to-detect-and-mitigate-non-human-identity-and-crytographic-vulnerabilities-an-itspmagazine-webinar-with-sandboxaq

Can’t attend the live webinar? All registrants get exclusive access with a link to rewatch the recording.

https://www.crowdcast.io/c/how-to-detect-and-mitigate-non-human-identity-and-crytographic-vulnerabilities-an-itspmagazine-webinar-with-sandboxaq

Share the news and join us!

See you live on Thursday!

**jpmellojr** @jpmellojr@noc.social · May 9

May 9

jpmellojr @jpmellojr@noc.social

Indirect prompt injection attacks exploit LLMs by embedding malicious instructions in external content. Learn how they work & how to protect AI systems: https://jpmellojr.blogspot.com/2025/05/indirect-prompt-injection-attacks.html #AIsecurity #LLM #PromptInjection

**chribonn** @chribonn@twit.social · May 9

May 9

chribonn @chribonn@twit.social

Ever wondered what really makes those powerful AI language models tick? Andrej Karpathy offers a clear explanation, revealing the secrets behind their training and architecture. Discover how they're evolving and the key security hurdles we need to overcome. A must-read for anyone curious about the behind-the-scene aspects AI! https://www.alanbonnici.com/2025/05/demystifying-llms-with-andrej-karpathy.html #ArtificialIntelligence #NLP #LanguageModels #AISecurity #TechInsights #FutureofAI #TTMO

www.alanbonnici.comDemystifying LLMs with Andrej KarpathyThis blog is about security and computing related topics with occassional hobby activities thrown in.

**Marco Ciappelli** @Marcociappelli@infosec.exchange · May 8

May 8

Marco Ciappelli @Marcociappelli@infosec.exchange

When AI writes code, builds models, and simulates threats… who checks the checker?

In this last On Location Conversation from #RSAC2025, Alex Kreilein and John Sapp Jr. join Sean Martin, CISSP to explore what trust actually means in the age of AI-generated security tooling — and how modern #AppSec teams must rethink validation, #resiliency, and #risk.

This episode cuts deep into:

Why “trust the output” is not enough in AI-driven workflows
How #AI security debt is becoming the new tech debt
Why we need #zerotrust thinking applied to models and agents
The real shift: from patching CVEs to building resilient architecture
The role of traceability, governance, and context-driven decision-making

If you’re serious about secure AI, application security, and shifting AppSec left (the right way), this conversation will challenge what you think you know — and help reframe what secure development actually looks like.

Watch the full video:
https://youtu.be/kJdQz9LmT6s

Listen to the audio podcast:
https://eventcoveragepodcast.com/episodes/why-we-cant-completely-trust-the-intern-even-if-its-ai-an-rsac-conference-2025-conversation-with-alex-kreilein-and-john-sapp-jr-on-location-coverage-with-sean-martin-and-marco-ciappelli

Thank you to our Full Coverage Sponsors:
ThreatLocker https://itspm.ag/threatlocker-r974
Akamai Technologies https://itspm.ag/akamailbwc
BLACKCLOAK https://itspm.ag/itspbcweb
SandboxAQ https://itspm.ag/sandboxaq-j2en
Archer Integrated Risk Management https://itspm.ag/rsaarchweb
ISACA https://itspm.ag/isaca-96808
Object First https://itspm.ag/object-first-2gjl
Edera https://itspm.ag/edera-434868

Explore more RSAC 2025 coverage:
https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Catch all of our event conversations:
https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our coverage?
https://itspm.ag/evtcovbrf

Want Sean Martin, CISSP and Marco Ciappelli to cover your event or moderate your panel?
https://www.itspmagazine.com/contact-us

youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

#cybersecurity #AIsecurity #infosec

**BSidesAugusta** @BSidesAugusta@infosec.exchange · May 8

May 8

BSidesAugusta @BSidesAugusta@infosec.exchange

Thank you @labs_ig for being a Gold sponsor of #BSidesAugusta 2025. Your innovation and insight inspire the entire cyber community!
#ZeroTrust #AIsecurity #InfoSec #CyberAwareness

**Maronno Winchester** @pstrada.bsky.social@bsky.brid.gy · May 8

May 8

Maronno Winchester @pstrada.bsky.social@bsky.brid.gy

Microsoft Copilot for SharePoint just made recon a whole lot easier. Read it here: www.pentestpartners.com/security-blo... #RedTeam #OffSec #AIsecurity #Microsoft365 #SharePoint #MicrosoftCopilot #InfoSec #CloudSecurity

**LavX News** @lavxnews@ioc.exchange · May 8

May 8

LavX News @lavxnews@ioc.exchange

The Dark Side of Multimodal AI: Unveiling New Security Risks

As multimodal AI systems evolve, they bring not only groundbreaking capabilities but also unprecedented safety risks. Recent findings reveal alarming vulnerabilities in these models that can be exploi...

https://news.lavx.hu/article/the-dark-side-of-multimodal-ai-unveiling-new-security-risks

#news #tech #AIsecurity

Recent searches

Search options

Administered by:

Server stats:

#aisecurity