Security

204 articles in this category (Page 6 of 9)

AI NewsKubernetesSecurity

Building and Testing Production-Grade Kubernetes RBAC via ServiceAccount Tokens

Adil Khan details building a production-grade Kubernetes RBAC setup using dedicated ServiceAccounts and explicit subresource permissions to prevent 403 errors.

Feb 28, 2026

AI NewsSecurityAI

Beyond the Consumer Model: Moving to Zero-Knowledge Secret Operations for AI Agents

AI agents that store API keys in memory are vulnerable to attacks like CVE-2026-21852; the operator model removes secret values from agent memory entirely.

Feb 28, 2026

AI NewsSecurityWeb Development

Chromium Patches CVE-2026-2441: Understanding the CSS-Triggered Use After Free Vulnerability

Google Chrome patched CVE-2026-2441, a high-severity Use After Free vulnerability in the Blink CSS engine allowing remote code execution via crafted HTML.

Feb 25, 2026

AI NewsSecurityDevOps

Build a Private Skills Registry for OpenClaw: Securing AI Agent Supply Chains

Secure your AI agent environment by building a private skills registry; 824 malicious OpenClaw skills have already been identified, requiring mandatory Ed25519 signatures and sandboxing.

Feb 24, 2026

AI NewsSecurityAI Engineering

Security Analysis: 174 AI Agent Requests to a Public MCP Server

Analysis of 174 MCP requests reveals that 37.4% of servers lack auth and agents are already attempting credential extraction through social engineering.

Feb 23, 2026

AI NewsSecurityAI

Securing LLMs: Why Traditional WAFs Fail Against Prompt Injection

Prompt injection attacks bypass traditional WAFs by using natural language that signature-based rules cannot detect, requiring AI-native security solutions.

Feb 23, 2026

AI NewsSecurityMachine Learning

Securing AI Trading Systems: Overriding Transitive NPM Vulnerabilities and RLHF Optimization

Igor Ganapolsky achieves a 50% success rate across 110 feedback signals by overriding vulnerable npm dependencies and implementing Thompson Sampling.

Feb 23, 2026

AI NewsDevOpsSecurity

GitHub Open Sources Dependabot Proxy Under MIT License for Secure Dependency Management

GitHub has open-sourced the Dependabot Proxy under the MIT license, enabling full end-to-end auditability of authentication for private package registries.

Feb 22, 2026

AI NewsSecurityAI

41% of Official MCP Servers Lack Authentication: A Security Audit of 518 AI Agent Tools

A security audit of 518 servers in the Model Context Protocol registry reveals that 41% lack authentication, exposing 1,462 tools to potential AI agent exploitation.

Feb 21, 2026

AI NewsSecurityAI

AI Agent Security Failures and the OpenClaw Dumpster Fire: Weekly Security Review

OpenClaw faces a security crisis with 1,184 malicious skills discovered as AI agent security and container escapes dominate the 2026 threat landscape.

Feb 21, 2026

AI NewsSecurity

True End-to-End Encryption with Insertable Streams

Insertable Streams enable true E2EE

Feb 16, 2026

AI NewsSecurityDevOps

Securing Claude Code with Pipelock

Pipelock scans MCP server responses for prompt injection patterns and credential leaks, protecting Claude Code from potential security threats with a 283 out of 3,984 skills referencing hardcoded credentials.

Feb 10, 2026

AI NewsSecurityWeb Development

Simplify Role Assignment with Role-Based Invitations in Better Auth

Better Auth introduces a plugin for role-based invitations, streamlining role assignment and enhancing security.

Feb 9, 2026

AI NewsSecurityZero Trust

Zero Trust in the Age of AI Agents: A $100B Security Paradigm Shift

The traditional security paradigm is shifting towards zero trust, with a projected market value of $100B by 2030, as AI agents force a rethink of security architectures.

Feb 9, 2026

AI NewsSecuritySoftware Development

Vibe Coding and 1.5M API Leaks: The Moltbook Post-Mortem

The Moltbook launch exposed 150,000 leaked API keys due to 'vibe coding' and lack of security audits.

Feb 2, 2026

AI NewsDevOpsSecurity

Streamlining Authentication with SQL: A Zero-Budget Approach

Automate authentication flows using SQL databases and scripting, achieving a 100% reduction in auth service costs.

Jan 30, 2026

AI NewsSecurityWeb Development

CVE-2025-59471: Next.js Image Optimizer Vulnerability Causes Denial-of-Service

Next.js Image Optimizer flaw (CVE-2025-59471) allowed attackers to crash Node.js processes with multi-gigabyte images, patched in versions 15.5.10 and 16.1.5.

Jan 27, 2026

AI NewsJavaSecurity

Java Roundup: JDK 27 Targeting Post-Quantum Security, Grizzly 5.0 Released

January 19th, 2026 sees JEP 527 move to 'Targeted' in JDK 27, addressing post-quantum security with hybrid key exchange.

Jan 27, 2026

AI NewsDevOpsSecurity

How I Eliminated Access Keys from My Deployment Pipeline with OIDC, Terraform, and GitHub Actions

Eliminate AWS access keys in CI/CD pipelines using OIDC, Terraform, and GitHub Actions, reducing security risks and achieving a cost of approximately $0.92 per month.

Jan 23, 2026

AI NewsDevOpsSecurity

The Right Way to Deploy Private GitHub Repos to Your VPS

Securely deploy code from private GitHub repositories to a VPS using repository-specific SSH deploy keys, enhancing security and limiting server access.

Jan 23, 2026

AI NewsMachine LearningSecurity

How Machine Learning and Semantic Embeddings Reorder CVE Vulnerabilities Beyond Raw CVSS Scores

Learn how machine learning and semantic embeddings improve CVE vulnerability prioritization, achieving a 75th percentile score in ML-driven risk assessment.

Jan 23, 2026

AI NewsSecurityDevOps

CVE-Alert: Free Real-Time Vulnerability Tracking by Dataforge

CVE-Alert is a free web-based platform that provides real-time vulnerability tracking and email alerts for specified vendors and products.

Jan 21, 2026

AI NewsSecurityAPI

Is That Allowed? Authentication and Authorization in Model Context Protocol

Model Context Protocol (MCP) released in late 2024 offers standardized AI agent communication, but securing access requires careful authentication—currently handled at the transport layer.

Jan 21, 2026

AI NewsSecurityBlockchain

Time-Decoupled Law (TDSM)

Time-Decoupled Law (TDSM) introduces a protocol-level primitive to enforce execution delays, mitigating timing-based correlation attacks on blockchain privacy.

Jan 21, 2026