What could go wrong during the ML model development lifecycle? Here is an example threat model based on the talk "Kubernetes MLSec: Securing AI in...
Developers using a poisoned ChatGPT-like tool are more prone to including insecure code than those using an IntelliCode-like tool or no tool. This...
A new type of attack affecting major CI/CD service providers. Attackers can exploit CI/CD cache mechanisms to inject malicious code or steal your...
Implement secret scanning in your pipelines today with the following 5 open-source tools: - Trufflehog https://github.com/trufflesecurity/trufflehog -...
The SHA-2 family of hash functions lies at the core of securing the internet today. A recent paper by Yingxin Li, Fukang Liu, and Gaoli Wang presents...
Passkeys provide passwordless authentication, which guarantees robust defences against phishing and credential stuffing attacks. Nonetheless, recent...