Curated topic

security

Posts tagged with security

GitHub EngineeringJan 14, 2026

Community-powered security with AI: an open source framework for security research

Why it matters: This framework lowers the barrier for security research by using AI to automate complex workflows like variant analysis. By integrating with CodeQL via MCP, it allows engineers to scale vulnerability detection using natural language, fostering a collaborative, community-driven security model.

GitHub Security Lab released the Taskflow Agent, an open-source agentic framework designed for security research and automation.
The framework leverages the Model Context Protocol (MCP) to interface with existing security tools such as CodeQL.
It allows researchers to encode and scale security knowledge using natural language to perform complex tasks like variant analysis.
The agent is experimental but ready for community use, supporting various AI backends including GitHub Models API.
A provided demo illustrates how to set up the environment in GitHub Codespaces to automate vulnerability detection workflows.

#security #mlp

Read original

Microsoft Azure BlogJan 14, 2026

Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms

Why it matters: As AI adoption scales, engineers need unified tools to manage model lifecycles, security, and compliance. Microsoft’s integrated approach reduces operational risk and simplifies the deployment of responsible, agentic AI systems across complex multicloud environments.

Microsoft recognized as a Leader in the 2025-2026 IDC MarketScape for Unified AI Governance Platforms.
Microsoft Foundry serves as the developer control plane for model development, evaluation, deployment, and monitoring.
Microsoft Agent 365 provides a centralized IT control plane for managing and securing agentic AI across the enterprise.
Integrated security features include real-time jailbreak detection, agent identity management via Entra, and AI-specific threat protection in Defender.
Automated compliance tools in Microsoft Purview support over 100 regulatory frameworks for hybrid and multicloud environments.

#mlp #security #data

Read original

Cloudflare BlogJan 13, 2026

What we know about Iran’s Internet shutdown

Why it matters: Understanding how nation-states manipulate BGP and IP announcements to enforce shutdowns is crucial for engineers building resilient, global systems. It highlights the vulnerability of centralized network infrastructure and the importance of monitoring tools like Cloudflare Radar.

Iran implemented a near-total internet shutdown starting January 8, 2026, following widespread civil protests.
Cloudflare Radar observed a 98.5% drop in announced IPv6 address space, signaling a deliberate disruption of routing paths.
Overall traffic volume plummeted by 90% within a 30-minute window as major ISPs like MCCI, IranCell, and TCI went offline.
By 18:45 UTC on January 8, internet traffic from the country reached effectively zero, indicating a complete disconnection from the global web.
Brief spikes in DNS traffic (1.1.1.1) and university network connectivity were observed on January 9 before being shut down again.

#data #security #dist

Read original

GitHub EngineeringJan 12, 2026

Want better AI outputs? Try context engineering.

Why it matters: Context engineering integrates organizational standards into AI workflows. By providing structured context, engineers ensure AI-generated code adheres to specific architectures, reducing manual corrections and maintaining high-quality standards across the codebase.

Context engineering focuses on providing the right information and format to LLMs rather than just clever phrasing.
Custom instructions allow teams to define global or task-specific rules for coding conventions and naming standards.
Reusable prompt files (.prompts.md) standardize common workflows like code reviews, scaffolding, and test generation.
Custom agents enable specialized AI personas with defined responsibilities, such as security analysis or API design.
Implementing these techniques improves code accuracy and consistency while reducing repetitive manual prompting.

#mlp #culture #security

Read original

Microsoft Azure BlogJan 11, 2026

Bridging the gap between AI and medicine: Claude in Microsoft Foundry advances capabilities for healthcare and life sciences customers

Why it matters: This integration enables engineers to build specialized AI agents for highly regulated sectors. By combining Claude's reasoning with domain-specific MCPs and Azure's secure infrastructure, teams can automate complex medical reasoning and R&D tasks while maintaining strict compliance.

Anthropic and Microsoft launched Claude for Healthcare and Life Sciences on Microsoft Foundry, offering domain-specific AI agents for complex medical workflows.
The platform utilizes Model Context Protocols (MCPs) and specialized connectors to integrate Claude with scientific databases and clinical systems.
Healthcare features automate administrative tasks like prior authorization and claims appeals using advanced reasoning and evidence synthesis.
Life sciences capabilities support bioinformatics, experimental protocol design, and molecular design via code interpreter workflows.
The solution is built on Azure’s HIPAA-ready infrastructure, ensuring enterprise-grade security and biosafety guardrails for regulated environments.

#mlp #security #data

Read original

Cloudflare BlogJan 6, 2026

A closer look at a BGP anomaly in Venezuela

Why it matters: BGP route leaks can cause traffic delays or interception. Distinguishing between configuration errors and malicious intent is vital for network security. This analysis demonstrates how technical data can debunk theories of malfeasance by identifying systemic ISP policy failures.

Cloudflare Radar detected a BGP route leak on January 2 involving Venezuelan ISP CANTV (AS8048).
The event violated valley-free routing by redistributing routes from a provider to an external network.
Data shows 11 similar leaks since December, suggesting systemic configuration issues rather than malfeasance.
The leak impacted prefixes from Dayco Telecom (AS21980), a customer of the leaking ISP.
Such anomalies highlight the critical need for ISPs to implement strict routing export and import policies.

#security #dist

Read original

GitHub EngineeringDec 30, 2025

Agentic AI, MCP, and spec-driven development: Top blog posts of 2025

Why it matters: The shift from AI as autocomplete to autonomous agents marks a major evolution in productivity. Understanding agentic workflows, MCP integration, and spec-driven development is essential for engineers to leverage the next generation of AI-native software engineering.

GitHub Copilot introduced Agent Mode, enabling real-time code iteration and autonomous error correction directly within the IDE.
The new Coding Agent automates the full development lifecycle from issue assignment and repository exploration to pull request creation.
Agent HQ provides a unified ecosystem allowing developers to integrate agents from multiple providers like OpenAI and Anthropic into GitHub.
Model Context Protocol (MCP) support and the GitHub MCP Registry simplify how AI agents interact with external tools and data sources.
Spec-driven development emerged as a key methodology, using the Spec Kit to make structured specifications the center of agentic workflows.
The year featured critical industry reflections, including Git's 20th anniversary and security lessons learned from the Log4Shell breach.

#mlp #security #culture

Read original

GitHub EngineeringDec 29, 2025

Bugs that survive the heat of continuous fuzzing

Why it matters: Continuous fuzzing isn't a 'set and forget' solution. Engineers must actively monitor coverage, instrument dependencies, and supplement automated testing with manual audits to catch logic-based vulnerabilities that automated tools often miss.

Continuous fuzzing through OSS-Fuzz is not a silver bullet and requires active human oversight to maintain coverage and create new fuzzers.
Low fuzzer counts and poor code coverage, such as GStreamer's 19%, leave significant portions of codebases vulnerable to undetected bugs.
External dependencies often lack instrumentation, creating blind spots where fuzzers cannot receive feedback or explore deep execution paths.
Standard fuzzing techniques excel at finding memory corruption but frequently miss complex logic bugs, such as sandbox escapes in Ghostscript.
Enrollment in automated security tools can create a false sense of security if developers stop performing manual audits and monitoring build health.

#security

Read original

GitHub EngineeringDec 23, 2025

Strengthening supply chain security: Preparing for the next malware campaign

Why it matters: Supply chain attacks like Shai-Hulud exploit trust in package managers to automate credential theft and malware propagation. Understanding these evolving tactics and adopting OIDC-based trusted publishing is critical for protecting organizational secrets and downstream users.

The Shai-Hulud campaign evolved from simple credential theft to sophisticated multi-stage attacks targeting CI/CD environments and self-hosted runners.
Attackers utilize malicious post-install scripts to exfiltrate secrets, including npm tokens and cloud credentials, to enable automated self-replication.
The malware employs environment-aware payloads that change behavior when detecting CI contexts to escalate privileges and bypass detection.
npm is introducing 'staged publishing,' which requires MFA-verified approval before packages go live to prevent unauthorized releases.
Security roadmaps include bulk OIDC onboarding and expanded support for CI providers to replace long-lived secrets with short-lived tokens.
Engineers are advised to use the --ignore-scripts flag during installation and adopt phishing-resistant MFA to mitigate credential-adjacent compromises.

#security #dist

Read original

GitHub EngineeringDec 23, 2025

5 podcast episodes to help you build with confidence in 2026

Why it matters: These insights help engineers navigate the 2026 landscape by focusing on AI standards, sustainable open-source practices, and privacy-centric design. Understanding these trends is crucial for building resilient, future-proof software in an era of rapid technological shifts.

The Model Context Protocol (MCP) provides an open standard for AI systems to interact with tools consistently, improving interoperability and trust.
Modern AI and open-source tools have lowered the barrier for DIY development, enabling engineers to build purpose-built personal tools with less overhead.
Open source sustainability requires more than just funding; it depends on community health, communication, and institutional support like the Sovereign Tech Fund.
Data from the 2025 Octoverse report highlights the dominance of TypeScript and the rapid adoption of AI-assisted workflows across millions of developers.
The Home Assistant project demonstrates the viability of privacy-first, local-control architectures in a cloud-dominated IoT landscape to avoid vendor lock-in.

#culture #security #mlp

Read original

Page 7 of 12

Prev 1...5 6 7 8 9...12 Next