… Enterprise security’s remit is defensive in nature: to protect and defend the company’s systems, data, reputation, customers, and employees. But CISOs like [Sara] Madden have been increasingly adding offensive components to their strategies, seeing attack simulations as a way to gain valuable information about their technology environments, defense postures, and the weaknesses hackers would find if they attack.

Now a growing percentage of CISOs see offensive security as a must-have and, as such, are building up offensive capabilities and integrating them into their security processes to ensure the information revealed during offensive exercises leads to improvements in their overall security posture. — Read More

We benchmarked frontier AI models on realistic security operations (SecOps) tasks using Cotool’s agent harness and the Splunk BOTSv3 dataset. GPT-5 achieved the highest accuracy (63%), while Claude Haiku-4.5 completed tasks the fastest with strong accuracy. GPT-5 variants dominated the performance-cost frontier. These results provide practical guidance for model selection in enterprise SecOps automation. — Read More

#cyber

I first heard about the word “ASM” (i.e., Attack Surface Management) probably in late 2018, and I thought it must be some complex infrastructure for tracking assets of an organization. Looking back, I realize I almost had a similar stack for discovering, tracking, and detecting obscure assets of organizations, and I was using it for my bug hunting adventures. I feel my stack was kinda goated, as I was able to find obscure assets of Apple, Facebook, Shopify, Twitter, and many other Fortune 100 companies, and reported hundreds of bugs, all through automation.

… If I search “Guide to ASM” on Internet, almost none of the supposed guides are real resources. They funnel you to their own ASM solution, and the guide is just present there to provide you with some surface-level information, and is mostly a marketing gimmick. This is precisely why I decided to write something.

This guide will provide you with insights into exactly how big your attack surface really is. CISOs can look at it and see if their organizations have all of these covered, security researchers and bug hunters can look at this and maybe find new ideas related to where to look during recon. Devs can look at it and see if they are unintentionally leaving any door open for hackers. If you are into security, it has something to offer you. — Read More

Red-teaming is a popular evaluation methodology for AI systems, but it is still severely lacking in theoretical grounding and technical best practices. This blog introduces the concept of threat modeling for AI red-teaming and explores the ways that software tools can support or hinder red teams. To do effective evaluations, red-team designers should ensure their tools fit with their threat model and their testers.

AI red-teaming is an evaluation methodology to discover flaws and vulnerabilities in AI systems. Although this type of evaluation has been adopted across the AI industry (as seen in Anthropic’s Responsible Scaling Policy, Google Deepmind’s Frontier Safety Framework, and OpenAI’s Safety & Responsibility documents), red-teaming practices vary widely, and there are few established standards or best practices. This is due in part to the versatility and flexibility of the methodology, such that red-team designers and testers have to make many decisions in the red-teaming process. While this blog post is primarily aimed at AI red-teamers, it may also be useful for policymakers and other readers interested in the design of AI evaluation. 

This post will discuss two key factors in designing an AI red-teaming exercise: the red team’s threat model, and the selection of the software tools that testers use to engage with the target system. The threat model is the key concept around which the red-teaming exercise is constructed, while the design features of various tools shape which testers can use them and which threat models they can address. Appropriate tools can empower testers, but inappropriate ones can obscure evaluation results and lead to false conclusions.  — Read More

We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for cybersecurity operations, both for good and for ill. This was based on systematic evaluations showing cyber capabilities doubling in six months; we’d also been tracking real-world cyberattacks, observing how malicious actors were using AI capabilities. While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale.

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves. — Read More

Read the Report

The way we interact with the Internet is changing. Not long ago, ordering a pizza meant visiting a website, clicking through menus, and entering your payment details. Soon, you might just ask your phone to order a pizza that matches your preferences. A program on your device or on a remote server, which we call an AI agent, would visit the website and orchestrate the necessary steps on your behalf.

Of course, agents can do much more than order pizza. Soon we might use them to buy concert tickets, plan vacations, or even write, review, and merge pull requests. While some of these tasks will eventually run locally, for now, most are powered by massive AI models running in the biggest datacenters in the world. As agentic AI increases in popularity, we expect to see a large increase in traffic from these AI platforms and a corresponding drop in traffic from more conventional sources (like your phone).

This shift in traffic patterns has prompted us to assess how to keep our customers online and secure in the AI era. — Read More

This multi-part series explores how machine learning can enhance eavesdropping on cellular audio using gyroscopes and accelerometers — inertial sensors commonly built into mobile devices to measure motion through Micro-Electro-Mechanical Systems (MEMS) technology. The research was conducted over the summer by one of our interns, Alec K., and a newly hired full-time engineer, August H.

Introduction

Acoustic eavesdropping attacks are a potentially devastating threat to the confidentiality of user information, especially if these attacks are implemented on smartphones, which are now ubiquitous. However, conventional microphone-based attacks are limited on smartphone devices by the fact that the user must consent to the collection of microphone information by applications. Recently, researchers on eavesdropping have taken to performing side-channel attacks that leverage information leaks from a piece of hardware to reconstruct some kind of secret (i.e. the audio we want to listen in on).

Unlike the microphone, which requires explicit user permission to access, sensors like the gyroscope and accelerometer do not require explicit user consent for an application to access their readings on Android. These devices are sensitive to the vibrations caused by sound, and since some Android devices allow sampling these sensors at frequencies up to 500 Hz, it is possible to reconstruct sound using these devices. — Read More

You’ve probably seen it in analytics dashboards, server logs, or privacy documentation: IP addresses with their last octet zeroed out. 192.168.1.42 becomes 192.168.1.0. For IPv6, maybe the last 64 or 80 bits are stripped. This practice is widespread, often promoted as “GDPR-compliant pseudonymization,” and implemented by major analytics platforms, log aggregation services, and web servers worldwide.

There’s just one problem: truncated IP addresses are still personal data under GDPR.

If you’re using IP address truncation thinking it makes data “anonymous” or “non-personal,” you’re creating a false sense of security. European data protection authorities, including the French CNIL, Italian Garante, and Austrian DPA, have repeatedly ruled that truncated IPs remain personal data, especially when combined with other information.

This is a fundamental misunderstanding of what constitutes effective anonymization. — Read More

Have we become so focused on TTPs that we’ve dismissed the value at the bottom of the pyramid? This post explores what role IOC’s have in a modern detection program if any, and what the future may look like for them.

You’d be hard-pressed to find a detection engineer who doesn’t know the Pyramid of Pain^[1]. It, along with MITRE ATT&CK^[2], really solidified the argument for prioritizing behavioral detections. I know I’ve used it to make that exact point many times.

Lately, though, I’ve wondered if we’ve pushed its lesson too far. Have we become so focused on TTPs that we’ve dismissed the value at the bottom of the pyramid? The firehose of indicators is a daily reality, and it’s time our detection strategies caught up by exploring a more pragmatic approach to their effectiveness, their nuances, and how to get the most value out of the time we are required to spend on them. — Read More