Cybersecurity

Bots used to be easy to dislike and fairly easy to spot. They posted too much, repeated themselves, followed too many strangers, and sounded like a spreadsheet trying to pass a literature exam. That comfort is gone. LLM-driven social bots are not merely louder versions of the old spam accounts. They can write plausible replies, borrow the emotional temperature of a conversation, and behave just human enough to make content-only moderation look nostalgic. The obvious response is to reach for AI-text detection. After all, if the bot uses a language model, surely the text should betray it. ...

Agents are not just chatbots with better manners Workflow automation used to be a polite arrangement. A human clicked a button, software followed instructions, logs were produced, and everyone pretended governance was mostly a documentation problem. Then AI agents arrived and made the arrangement less polite. An agent does not merely answer a question. It may search a database, call an API, write to a CRM, summarize private context, email a supplier, open a ticket, query a payment system, and decide which step comes next. That is the point. It is also the problem. ...

Security work has always had a slightly unfashionable virtue: it forces abstractions to confess. A chatbot demo can survive a vague answer. A vulnerability analyst cannot. When the task is binary analysis, the system has to move through addresses, functions, call sites, arguments, sinks, and partial evidence. It has to decide which path is worth following, which branch is noise, when to stop staring at one hypothesis, and when to crawl back to an earlier lead. In other words, it has to do the thing most AI product pages politely avoid naming: control the search. ...

Phishing emails do not need to be brilliant. They only need to be plausible at the wrong moment. A message about a failed payment, a suspended account, or an urgent verification request arrives while someone is clearing a crowded inbox. The user is not solving a formal classification task. They are deciding whether a sentence feels wrong enough to interrupt their day. That is why phishing defense is not only a machine-learning problem. It is a judgment problem disguised as an email problem. ...

A factory can know exactly which machine submitted a model update and still train on a lie. The device may possess a valid cryptographic identity. Its software may have booted from an approved configuration. Its network connection may be encrypted. None of that proves that the update it sends is harmless—or that the resulting intrusion-detection model will recognize an attack crafted specifically to deceive it. ...

Security teams already know the scene. A scanner produces a long list of suspicious services, outdated servers, odd access rules, and “maybe this is bad” findings. Then the real work begins: deciding which lead matters, proving impact without breaking production, writing a report someone can act on, and not getting distracted by every shiny port that waves from the network. ...

Email looks simple until money is involved. A suspicious invoice arrives. The subject line is dull, the body is polite, the sender domain looks almost right, and the attachment name is just credible enough to avoid comedy. A traditional filter may look for bad words, suspicious links, known domains, or old campaign signatures. A human may look for tone. An LLM may read the whole thing and decide whether the message is phishing, spam, or valid. ...

Access tokens are convenient little monsters. Hand one to an application and, for a while, the receiving API behaves as if the bearer of that token is a faithful representative of the user. In normal software, that assumption is often good enough. The app has deterministic code. The button does what the button was built to do. The workflow may be dull, but dullness is a security feature. ...

Email is boring. That is its superpower. A message arrives. It looks like business sludge: compliance wording, project references, perhaps a polite request that nobody asked for. It contains no executable attachment, no obvious malware, no urgent invoice from a suspicious cousin. In a normal security review, it is background noise. EchoLeak makes that boring object more interesting. The paper examines CVE-2025-32711, a reported zero-click indirect prompt-injection exploit against Microsoft 365 Copilot, where a crafted external email could allegedly cause Copilot to leak internal information without the user clicking a malicious link.1 The central lesson is not that Copilot was uniquely careless, nor that prompt injection has suddenly become cyberpunk magic. The lesson is more uncomfortable: enterprise copilots are becoming data-flow infrastructure, and data-flow infrastructure fails when content, instructions, rendering, and network access are allowed to melt into one warm productivity soup. ...

TL;DR for operators Open-weight model safety is not just a question of what the released model refuses to answer. Once weights are public, the more relevant question is what a capable actor can make the model do after post-training. That is the problem this paper tackles. The paper introduces malicious fine-tuning as a release-evaluation method: take the model, assume a sophisticated adversary with serious reinforcement-learning infrastructure, and try to elicit the maximum dangerous capability in high-risk domains. The authors apply this to gpt-oss-120b, focusing on biology and cybersecurity rather than self-improvement. ...