Security Boulevard

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Chessboard Alignment’ appeared first on Security Boulevard.

Session 6D: Software Security: Vulnerability Detection

Authors, Creators & Presenters: Qi Ling (Purdue University), Yujun Liang (Tsinghua University), Yi Ren (Tsinghua University), Baris Kasikci (University of Washington and Google), Shuwen Deng (Tsinghua University)

PAPER
GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets

Since their emergence in 2018, speculative execution attacks have proven difficult to fully prevent without substantial performance overhead. This is because most mitigations hurt modern processors' speculative nature, which is essential to many optimization techniques. To address this, numerous scanners have been developed to identify vulnerable code snippets (speculative gadgets) within software applications, allowing mitigations to be applied selectively and thereby minimizing performance degradation. In this paper, we show that existing speculative gadget scanners lack accuracy, often misclassifying gadgets due to limited modeling of timing properties. Instead, we identify another fundamental condition intrinsic to all speculative attacks--the timing requirement as a race condition inside the gadget. Specifically, the attacker must optimize the race condition between speculated authorization and secret leakage to successfully exploit the gadget. Therefore, we introduce GadgetMeter, a framework designed to quantitatively gauge the exploitability of speculative gadgets based on their timing property. We systematically explore the attacker's power to optimize the race condition inside gadgets (windowing power). A Directed Acyclic Instruction Graph is used to model timing conditions and static analysis and runtime testing are combined to optimize attack patterns and quantify gadget vulnerability. We use GadgetMeter to evaluate gadgets in a wide range of software, including six real-world applications and the Linux kernel. Our result shows that GadgetMeter can accurately identify exploitable speculative gadgets and quantify their vulnerability level, identifying 471 gadgets reported by GadgetMeter works as unexploitable.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets appeared first on Security Boulevard.

An analysis of holiday bot attack behavior during Cyber 5, including scraping, ATO, and automation trends that persist beyond peak sales.

The post 2025 Holiday Bot Attack Trends appeared first on Security Boulevard.

(written jointly with Tim Peacock)

Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or — if you’re a very large enterprise — just start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google.

We finally got around to writing the annual “reflections blog.” And, honestly, looking back at Season 5, the state of the industry feels a lot like a chaotic Cybersecurity Garage Sale.

We’re all standing knee-deep in a pile of dusty, obsolete junk — the mid-2000s SIEMs, the 1990s unauthenticated vulnerability scans — while clutching shiny, still-in-the-box AI Agent gadgets we don’t quite know where to put. It’s a mess. But within this mess, a few essential, high-value items have emerged.

So, to all our listeners — the veterans and the newcomers — thank you for sorting through the chaos with us. For Season 6, we’re going all video, by default (opening January 5, 2026). Find us on our new YouTube home: Cloud Security Podcast by Google on YouTube.

Below you will find 3 fun sections: Anton’s faves, Tim’s faves and top 10 by listens (“data’s faves” of sorts, or perhaps listener faves)

Enjoy!

Anton: My selections are, perhaps, a bit predictable — but they were immense fun to record and, I believe, are absolutely essential listening! But, hey, I am biased a bit!

1. EP236 Accelerated SIEM Journey: A SOC Leader’s Playbook for Modernization and AI This fun episode provides a playbook for SOC leaders on accelerating their SIEM modernization journey. We go into the steps the bank took for moving beyond legacy systems, focusing on how to integrate AI for transformative results and build a truly modern Security Operations Center.
2. EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation This essential episode with Caleb Hoch tackles the “fractions of a century” time lag in vulnerability management, moving beyond endless unauthenticated scans. We discuss how to establish a Gold Standard prioritization model and why running VM Tabletop Exercises is the vital, transformative practice needed for true modernization.
3. EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 The single most important lesson from RSA 2025 was captured in this episode: AI is merely “Addressable, Not Solvable.” We cut through the hype to discuss where AI can deliver real, practical security value, and where we still need our smart human colleagues to lead the way. This is essential listening for anyone trying to navigate the flood of vendor claims.
4. EP242 The AI SOC: Is This The Automation We’ve Been Waiting For? This epic episode tackles the most pressing question for security operations: Can “AI SOC” deliver the transformative automation we’ve been waiting for? We discuss — with Anton’s former colleague — the real-world applications of AI in the SOC, focusing on practical gains (and how to know you “gained” anything) and what it means for the future role of the human analyst.
5. EP238 Google Lessons for Using AI Agents for Securing Our Enterprise This fun episode brings you practical lessons from Google’s own experience using AI agents to secure our enterprise at scale (see this blog also). We dive (not “delve”, mind you!) deep into the real-world application of this technology, focusing on the wins, the challenges, and what it took to adopt. This is essential listening for any leader looking to leverage AI agents effectively without falling into the hype cesspool.
6. BONUS: EP237 Making Security Personal at the Speed and Scale of TikTok This unique episode goes into what it takes to secure a hyper-scale, global platform like TikTok. We discuss how to move beyond legacy compliance while living in a modern microservices architecture, balance a consistent global security posture with localized regulatory demands, and, most importantly, empower every user with practical tips (like 2FA and strong passphrases) to make security personal.

Tim: My picks are almost entirely not overlapping with Anton, we started our lists separately, but then realized that we scooped each other on two episodes. We both liked our episode with Manija Poulatova enough to keep her on both of our lists!

1. EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance This episode is a total delight for both of us. For me, I got to not only meet one of my security heroes, I got to see Anton do the same! We named Bruce in our early planning docs as somebody we’d like to have on the show someday when we’re all grown up. Not a bad way to wrap up five years of weekly podcasting!
2. EP236 Accelerated SIEM Journey: A SOC Leader’s Playbook for Modernization and AI Manija and I were on a panel together in Las Vegas during Google Cloud Next 2025. A few themes from that panel came through in our episode together that I love and think are vital for anyone. First, aim for transformation not migration. As an industry we are not doing so well compared to air transport safety. We cannot cling to our old ways and hope for a better set of outcomes. Second, AI is here to enable our human colleagues, not replace them. We can find greater meaning, joy, and productivity in our work, even as SOC analysts, once we embrace what AI can automate for us.
3. EP239 Linux Security: The Detection and Response Disconnect and Where Is My Agentless EDR Craig was introduced to me by Friend Of The Show (and friend of mine!) Vijay Ganti (EP196) as someone building an innovative approach to EDR security. Scheduling this episode ended up a little tricky, and I got to do an episode without Anton. That ended up ok, because in Craig I found a totally kindred spirit. We’ve both built systems to secure Linux without agents, though from two different approaches. His stories of finding badness in places we couldn’t previously look, and doing so scalably even for phone towers up the hill behind his house, really resonated with the part of me that spent four years building out Virtual Machine Threat Detection here at Google Cloud. This is definitely an episode for listeners who like to question conventional security thinking.
4. EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success Another fun origin story: this episode was conceived in a karaoke booth in Singapore. Alex and Lars are two of our early design partners for the SecOps Triage Agent and their feedback to the team and on this episode is super valuable. Alex gets bonus points on this episode for using the word squelch which I’ve been pushing internally as a metaphor for our noise control systems. This is a must-listen for anyone interested in real AI adoption in their SOC. If Alex and Lars can do it across an unbelievable number of regulatory jurisdictions, you can too!
5. EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking Bringing Heather back to the show has been a goal of ours for ages. When I read her article, coauthored with Gadi Evron and Bruce Schneier, I knew I’d found our topic. As I said on the show, if I’d seen this article written by anybody else I’d laugh, but with this trio of authors I knew it was something to take seriously. Read the article, listen to the episode, let us know in the comments if you’re as scared as I was!
6. BONUS: EP232 The Human Element of Privacy: Protecting High-Risk Targets and Designing Systems I get one bonus episode for our top ten, so I’m going to include my classmate Sarah Aoun. She is an amazing Googler and on this episode she offers advice that’s useful almost universally, but especially if you believe that you’re a person who is at risk of being targeted online. This is firmly outside of our “cloud security” wheelhouse, but well worth a listen to understand threat modeling and security response for individuals.

Top 10 episodes by listens (excluding the oldest 3)

1. EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
2. EP47 “Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security”
3. EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All
4. EP8 Zero Trust: Fast Forward from 2010 to 2021
5. EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
6. EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw
7. EP17 Modern Threat Detection at Google
8. EP103 Security Incident Response and Public Cloud — Exploring with Mandiant
9. EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive
10. EP12 Threat Models and Cloud Security

Related blogs:

• 250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC

2025 Year in Review at Cloud Security Podcast by Google was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post 2025 Year in Review at Cloud Security Podcast by Google appeared first on Security Boulevard.

DataDome recognized in The Bot And Agent Trust Management Software Landscape, Q4 2025 from Forrester

Forrester has just released The Bot And Agent Trust Management Software Landscape, Q4 2025 report. It marks a fundamental shift to reflect the rapid rise of agentic AI traffic—moving beyond traditional bot management to a new paradigm that establishes trusted relationships with both human users and the AI agents acting on their behalf.

The timing couldn’t be more critical. DataDome’s 2025 Global Bot Security Report analyzed nearly 17,000 websites and revealed that only 2.8% were fully protected against bot attacks—while 61.2% failed every single test. Meanwhile, LLM crawler traffic surged 3.9x between January and August 2025, with DataDome detecting 1.7 billion requests from OpenAI crawlers in a single month alone.

Organizations are no longer facing a simple “bot vs. human” challenge—they’re navigating a complex ecosystem where AI agents act on behalf of customers, creating both opportunities and risks.

In response to this evolution, Forrester has released The Bot And Agent Trust Management Software Landscape, Q4 2025, marking a fundamental shift in how the industry addresses agentic traffic.

This report moves beyond traditional bot management to embrace a new paradigm: Bot and agent trust management—focused on establishing trusted relationships with both human users and the AI agents acting on their behalf. Forrester defines it as:

“Software that identifies and analyzes the intent of automated traffic directed at an application, establishing ongoing trusted relationships with good bots and AI agents and rejecting and misdirecting malicious bots and AI agents, to protect legitimate customer business while also increasing attacker costs.”

And we’re proud that DataDome has been recognized in this report, an overview of 19 vendors in this new space.

DataDome has a clear commitement: to help organizations not only protect against malicious agentic traffic but also enable frictionless experiences for legitimate customers and AI agents.

The Forrester report highlights a fundamental shift: the rise of AI agents is moving the market from security-first to trust-first.

Organizations can no longer simply identify traffic as “bot or human.” They must establish trusted relationships with AI agents while deterring malicious automation—because blocking AI agents wholesale means blocking paying customers.

Success requires accurately identifying agent intent and connecting agents back to their human users, all while maintaining frictionless experiences.

As the market evolved, we evolved with it. What we shipped in 2025:

Visibility & detection

• AI agent dashboard with intent-based filtering

• Detecting AI agent spoofing & identity masquerading

• Genetic algorithm-powered detection evolving in real-time
• AI email scoring catching synthetic accounts

Control & monetization

• MCP Protection securing Model Context Protocol infrastructure

• TollBit and Skyfire integrations to monetize AI traffic
• Granular policies per agent: allow, block, rate-limit, or charge

With thousands of adaptive AI models, DataDome blocks every fraudulent click, signup, and login in under 2 milliseconds without compromising performance, protecting some of the world’s largest enterprises and stopping 20k+ attacks every second.

The shift to bot and agent trust management isn’t just about security—it’s about enabling the future of digital commerce. Whether you’re dealing with scraping attacks, account takeover, or need to establish trusted relationships with AI agents, DataDome provides the visibility, control, and trust that you need.

Resources to guide your journey:

• Download our Agentic Commerce Guide to ready your business for AI agents
• Get the 2025 Global Bot Security Report to see where your industry stands
• Check our Agent Trust page
  
• The Bot and Agent Trust Management Software Landscape, Q4 2025 report is available to Forrester clients or for purchase

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .

The post DataDome recognized in The Bot And Agent Trust Management Software Landscape, Q4 2025 from Forrester appeared first on Security Boulevard.

The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and evade detection. The Veriti Research team analyzed these chat logs, revealing our favorite exploits, security measures they bypass, and the defenses they fear most. Veriti Research analyzed these chat communications, exposing: Targeted Exploits:..

The post Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats appeared first on Security Boulevard.

Fresh off a series of recent attacks targeting major retail companies in the United States and the UK, the notorious Scattered Spider cybercrime group is now targeting insurance companies, and earlier this month apparently bagged a high-profile victim in Aflac. The intrusion in Aflac, which was detected June 12 when the insurance company’s security team..

The post Best of 2025: Scattered Spider Targets Aflac, Other Insurance Companies appeared first on Security Boulevard.

The cybersecurity landscape in 2026 presents unprecedented challenges for organizations across all industries. With cybercrime damages projected to exceed $10.5 trillion annually, enterprises face sophisticated threats from attackers leveraging AI-powered tools, advanced persistent threats, and multi-vector attack strategies. Effective threat detection is no longer optional it is a critical business imperative for maintaining operational continuity

The post Threat Detection Software: The Complete Guide to Protecting Your Digital Assets in 2026 appeared first on Seceon Inc.

The post Threat Detection Software: The Complete Guide to Protecting Your Digital Assets in 2026 appeared first on Security Boulevard.

The traditional perimeter-based security model has become obsolete in today’s distributed digital environment. With 82% of organizations now operating in hybrid or multi-cloud infrastructures and remote work becoming the standard, the concept of a secure network boundary no longer exists. Zero Trust AI Security represents the evolution of cybersecurity strategy-combining the principles of zero trust

The post Zero Trust AI Security: The Comprehensive Guide to Next-Generation Cybersecurity in 2026 appeared first on Seceon Inc.

The post Zero Trust AI Security: The Comprehensive Guide to Next-Generation Cybersecurity in 2026 appeared first on Security Boulevard.

Explore the 10 best MFA solutions in 2026. Compare features, pricing, pros, cons, and find the right multi-factor authentication tool for your business.

The post 10 Best Multi-Factor Authentication Solutions in 2026 appeared first on Security Boulevard.

Compare the 15 best passwordless authentication solutions for 2026. Explore features, pricing, use cases, and how to choose the right tool.

The post 15 Best Passwordless Authentication Solutions in 2026 appeared first on Security Boulevard.

Discover the most common MFA mistakes in manufacturing IT and learn practical fixes to improve security, uptime, and authentication on factory floors.

The post 9 MFA Mistakes in Manufacturing IT and Fixes appeared first on Security Boulevard.

In this episode, Tom Eston discusses the unique challenges in the current cybersecurity job market, emphasizing the importance of networking. Tom provides practical tips on how to enhance networking skills, such as attending conferences, volunteering for open source projects, creating a blog, and seeking mentors. He also addresses misconceptions about the job shortage in cybersecurity […]

The post Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting appeared first on Shared Security Podcast.

The post Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting appeared first on Security Boulevard.

Compare leading authentication platforms like Okta, Auth0, and open-source tools. Find the best authentication system for your business needs, balancing security, cost, and scalability.

The post Authentication Platform Comparison: Best Authentication Systems & Tools for Your Business appeared first on Security Boulevard.

Explore handwritten passwords for touchscreen devices: a unique authentication method. Learn about security, usability, implementation, and how it compares to traditional passwords.

The post Handwritten Passwords for Touchscreen Devices appeared first on Security Boulevard.

What Are Non-Human Identities (NHIs) and Why Do They Matter for Enterprise Security? Cybersecurity is continually shifting, with machine identities, or Non-Human Identities (NHIs), emerging as a crucial facet for robust security management. But why should NHIs hold your attention? NHIs are machine-generated identifiers created by combining a secret—such as an encrypted password, token, or […]

The post Future scope of Agentic AI in enhancing enterprise security appeared first on Entro.

The post Future scope of Agentic AI in enhancing enterprise security appeared first on Security Boulevard.

Are Non-Human Identities the Key to Meeting Complex Security Requirements? Is your organization prepared to handle the intricate security challenges posed by the digital transformation? With digital expand, the utilization of Non-Human Identities (NHIs) becomes an imperative strategy for addressing complex security needs. Combining machine learning, tokenization, and access management, NHIs serve as a crucial […]

The post Can NHIs handle complex security requirements appeared first on Entro.

The post Can NHIs handle complex security requirements appeared first on Security Boulevard.

How Are Security Gaps in Cloud Environments Addressed? What methods can be employed to ensure the safety of Non-Human Identities (NHIs) in cloud environments? Managing NHIs forms the cornerstone of a robust security strategy. These machine identities, which are crucial for seamless interactions between software elements, can be susceptible to mismanagement and exploitation. Let’s delve […]

The post What makes Non-Human Identities safe in cloud environments appeared first on Entro.

The post What makes Non-Human Identities safe in cloud environments appeared first on Security Boulevard.

What Role Does Agentic AI Play in Enhancing Operational Security? Are you confident that your organization’s operational security is fortified against the myriad of threats facing us today? With cybersecurity professionals delve deeper into the complexities of protecting digital infrastructures, the concept of Agentic AI has emerged as a pivotal force in enhancing operational security. […]

The post How does Agentic AI enhance operational security appeared first on Entro.

The post How does Agentic AI enhance operational security appeared first on Security Boulevard.

Session 6D: Software Security: Vulnerability Detection

Authors, Creators & Presenters: Jiangyi Deng (Zhejiang University), Xinfeng Li (Zhejiang University), Yanjiao Chen (Zhejiang University), Yijie Bai (Zhejiang University), Haiqin Weng (Ant Group), Yan Liu (Ant Group), Tao Wei (Ant Group), Wenyuan Xu (Zhejiang University)

PAPER
RACONTEUR: A Knowledgeable, Insightful, And Portable LLM-Powered Shell Command Explainer

Malicious shell commands are linchpins to many cyber-attacks, but may not be easy to understand by security analysts due to complicated and often disguised code structures. Advances in large language models (LLMs) have unlocked the possibility of generating understandable explanations for shell commands. However, existing general-purpose LLMs suffer from a lack of expert knowledge and a tendency to hallucinate in the task of shell command explanation. In this paper, we present Raconteur, a knowledgeable, expressive and portable shell command explainer powered by LLM. Raconteur is infused with professional knowledge to provide comprehensive explanations on shell commands, including not only what the command does (i.e., behavior) but also why the command does it (i.e., purpose). To shed light on the high-level intent of the command, we also translate the natural-language-based explanation into standard technique & tactic defined by MITRE ATT&CK, the worldwide knowledge base of cybersecurity. To enable Raconteur to explain unseen private commands, we further develop a documentation retriever to obtain relevant information from complementary documentations to assist the explanation process. We have created a large-scale dataset for training and conducted extensive experiments to evaluate the capability of Raconteur in shell command explanation. The experiments verify that Raconteur is able to provide high-quality explanations and in-depth insight of the intent of the command.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – RACONTEUR: A Knowledgeable, Insightful, And Portable LLM-Powered Shell Command Explainer appeared first on Security Boulevard.