433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (656) 236-3022

Why SBOMs, signing, and provenance still don’t tell you if software is safe

We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises to invest in SBOMs, signing and provenance. All of that matters, but it is not enough. The current software trust model still stops short of the question that determines risk at execution: What is this code capable of doing if … More → The post Why SBOMs, signing, and provenance still don’t tell you if software is safe appeared first on Help Net Security.
http://news.poseidon-us.com/TTVmFT

Cynative: Open-source deep research agent

Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can delete a bucket, flip a permission, or leak a secret on its way to a finding. Cynative, an open-source security research agent, answers that hazard by refusing to write anything by default, and by checking that refusal on every single call it … More → The post Cynative: Open-source deep research agent appeared first on Help Net Security.
http://news.poseidon-us.com/TTVgWl

Microsoft demystifies how Windows updates work

Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year. “Most individuals and organizations regularly deploy monthly security updates, released on the second Tuesday of each month. Windows also provides optional non-security preview updates, which give IT teams and early adopters an opportunity to validate upcoming fixes before they’re included in the … More → The post Microsoft demystifies how Windows updates work appeared first on Help Net Security.
http://news.poseidon-us.com/TTVgWh

A hardware security AI assistant that checks chips for hidden backdoors

Chip designers license blocks of circuitry from outside vendors and drop them into larger products. A single processor can carry components from a range of suppliers, each written by a company the buyer may never deal with directly. A malicious supplier can bury a hidden circuit in a working design, and that circuit can stay quiet until a specific input wakes it up. Researchers at the University of Florida built a tool aimed at this … More → The post A hardware security AI assistant that checks chips for hidden backdoors appeared first on Help Net Security.
http://news.poseidon-us.com/TTVgWW

99.9% of fixable AI vulnerabilities remain unpatched

Organizations build, deploy, and operate AI in the cloud, but basic cybersecurity hygiene is often sacrificed for speed, according to Orca Security’s 2026 State of AI Security Report. Building AI without security Fifty-six percent of AI adopters have deployed agent frameworks into production, and 51.5% use AI to build custom applications. Orca also found that 81.2% of companies running AI packages have at least one known vulnerability, and 99.9% of AI vulnerability alerts with an … More → The post 99.9% of fixable AI vulnerabilities remain unpatched appeared first on Help Net Security.
http://news.poseidon-us.com/TTVgTw

The challenges, opportunities of open source intelligence for cyber defenders

Experts from the State Department, DIA and Leidos say agencies need to build connected intelligence capabilities and AI tools to augment the human analyst.
http://news.poseidon-us.com/TTVbYr

The challenges, opportunities of open source intelligence for cyber defenders

Experts from the State Department, DIA and Leidos say agencies need to build connected intelligence capabilities and AI tools to augment the human analyst.
http://news.poseidon-us.com/TTVbXv

The challenges, opportunities of open source intelligence for cyber defenders

Experts from the State Department, DIA and Leidos say agencies need to build connected intelligence capabilities and AI tools to augment the human analyst.
http://news.poseidon-us.com/TTVbXR

Fighting AI with AI requires enduring, new approaches

Federal and industry experts say continuous monitoring, evaluation and red teaming can help organizations ensure their AI models are safe and secure.
http://news.poseidon-us.com/TTVb91