Aggregator

7 min readInstead of just trusting the token's signature, attestation-based identity adds an extra layer of security. It cryptographically verifies that the workload is running exactly where and how it's supposed to. It's proof of location and configuration, not just a signature.

The post ​​Attestation-Based Identity: How It Works and Why It Matters appeared first on Aembit.

The post ​​Attestation-Based Identity: How It Works and Why It Matters appeared first on Security Boulevard.

Fortra announced the launch of its new Data Security Posture Management (DSPM) solution to enable organizations to discover, classify, and protect sensitive data across their hybrid cloud. Fortra DSPM strengthens the company’s security portfolio by helping enterprises maintain visibility and control over their data. As organizations embrace hybrid cloud architectures, sensitive data continues to proliferate across countless shadow repositories, applications, and environments. The threat landscape demands that businesses not only know where their critical data … More →

The post Fortra DSPM helps organizations protect sensitive data across hybrid cloud appeared first on Help Net Security.

《LLM与代码安全》由北京大学博士生王滨撰写，聚焦大模型在代码生成中的安全挑战与防护实践。文章指出，尽管LLM极大提升了开发效率，但其生成的代码存在漏洞密度高、供应链投毒、武器化滥用等风险。作者团队提出A.S.E项目级评测基准、REFLEXGEN自修正框架、RA-Gen多智能体方案等实践路径，并开源AI-Infra-Guard平台，推动生成代码的安全性评估与加固，呼吁行业重视AI代码生成的第一战场安全。

Commvault introduced Data Rooms, a secure environment that enables enterprises to safely connect their trusted backup data to the AI platforms they rely on, or to their own AI initiatives, such as internal data lakes. By combining governed, self-service access with built-in classification and compliance controls, Data Rooms bridges the gap between data protection and data activation, helping organizations transform backup data into AI-ready assets without adding new risk or complexity. As enterprises accelerate AI … More →

The post Commvault introduces Data Rooms to securely connect backup data with AI platforms appeared first on Help Net Security.

《SCPGA：自认同CoT渐进式泛化攻击》由萨塞克斯大学何润培提出，揭示了一种新型大模型越狱技术。该方法利用模型间思维链（CoT）的兼容性，通过“种子诱导—强CoT生成—恶意嵌套”流程，实现跨模型、跨主题的自动化攻击。实验显示，SCPGA对Gemini 2.5 Pro、Qwen3等主流模型越狱成功率高达94%–97%，并可引发内容安全、工具滥用、系统泄露等多类风险。文章进一步提出基于微调审核模型的轻量防御方案，为LLM安全防护提供了新思路。

You must login to view this content

《ReCopilot：基于大模型的二进制逆向工程助手》由奇安信技术研究院陈国强提出，旨在构建专用于二进制代码分析的领域大模型。ReCopilot通过预训练、指令微调与偏好对齐，显著提升函数名恢复、变量识别、结构体推断等任务效果，在多项评测中超越通用大模型。其进一步发展的ReCopilot-Agent具备代码检索、路径分析与漏洞链重构能力，展示了在真实固件漏洞挖掘中的自动化潜力，推动二进制分析向智能化、低门槛方向发展。