Researchers at the University of Toronto have demonstrated a working proof-of-concept: an AI worm that autonomously reasons about its environment, generates attack strategies, and replicates itself without human intervention. It operates entirely on open-weight local models. This is no longer theoretical.
Anthropic released an open-source framework for automated vulnerability discovery powered by AI. This represents a fundamental shift in how security analysis can scale — from manual expert review to AI-assisted code hardening at development time.
A massive npm supply chain attack compromised TanStack, Mistral AI’s client library, and over 170 packages. Here’s what happened, how the attack worked, and the practical steps you should take today to protect your projects.
A Dune-themed malware campaign targeting the PyTorch Lightning library highlights how AI/ML supply chains are becoming prime targets for sophisticated attacks.
Supply chain security frameworks like SLSA and SBOM requirements are moving from recommendations to mandates. Here’s what developers need to know about the shifting landscape.
November’s Patch Tuesday brought critical zero-days being actively exploited, reminding us that patch management is still the unglamorous foundation of security.
CISA’s Secure by Design initiative is moving from voluntary pledges to measurable industry impact, and software vendors are starting to feel the pressure.