Post reply

The New Wave of Security Threats

  • May 9, 2026 at 12:00 am

    #4818922

    Comments posted to this topic are about the item The New Wave of Security Threats

  • May 10, 2026 at 12:10 am

    #4823829

    Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • May 12, 2026 at 5:59 pm

    #4830158

    There have been supply chain attacks on PyPi that have resulted in popular Python packages being compromised.  Getting the timing right for patching is vital

    • Too quick = Risk exposure to supply chain attacks
    • Too slow = Risk exposure due to ever more widely known vulnerabilities

    There was a recent compromise on a GitHub action that exposed credentials used in GitHub workflows.  That was discovered quickly  (in human terms) and dealt with.  I recommend having a playbook to hand that walks people through the process of rotating secrets and public/private keys.  That playbook needs to be easy to follow, regularly rehearsed,  and have a tick list of all the places you need to enact it.

    I was disappointed by the reaction to the Anthropic Mythos findings.  One comment was that a human could have found the majority of vulnerabilities.  That rather misses the point.  In hindsight, they were human findable, but no one had found them.

    I know of commercial software that has CVEs that have been widely known for years.  In that case, Mythos would be adding to the voices that have been ignored.

    What was interesting about the Mythos findings was the comment that earlier models could be prompted to achieve similar results.  I'm finding that I am a limitation for AI.  I'm not imaginative enough to ask the questions that produce such results.

    LinkedIn Profile

  • May 19, 2026 at 2:54 pm

    #4840855

    Time is the most valuable resource we have.

    It's also easy to dismiss. "I could do that" is likely, but "would you do that given your other constraints, primarily time?" For many, no, and that's one of the amazing things AI can do. Give you time back.

    It can also steal time, but in tedious tasks, like code scanning, it's likely to have an ROI.

  • May 26, 2026 at 9:55 am

    #4849790

    I think the primary advantage of AI at the moment is reducing the time required for tedious tasks. It's not going to get bored scanning a new set of repositories or checking the 15th pull request of the day and it won't skim-read the code because it's nearly lunch time and the team is heading out for pizza.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply