The hottest AI Security Substack posts right now

And their main takeaways
Category
Top Technology Topics

Resilient Cyber Newsletter #15

Resilient Cyber • 119 implied HN points • 24 Sep 24
đź•ą Technology AI Security
  1. Some software vendors are creating security problems by delivering buggy products. Customers should demand better security from their suppliers during purchase.
  2. As companies rush to adopt AI, many are overlooking crucial security measures, which poses a big risk for future incidents.
  3. Supporting open source software maintainers is vital because many of them are unpaid. Companies should invest in the projects they rely on to ensure their continued health and security.

Resilient Cyber Newsletter #14

Resilient Cyber • 59 implied HN points • 17 Sep 24
đź•ą Technology AI Security
  1. Cyber attacks on U.S. infrastructure have surged by 70%, affecting critical sectors like healthcare and energy. This is causing bigger risks because these sectors are tied to essential services.
  2. Wiz has introduced 'Wiz Code' to improve application security by connecting cloud environments to source code and offering proactive ways to fix security issues in real-time.
  3. There's a growing crisis in the cybersecurity workforce, with many claiming there are numerous jobs available while many professionals feel unprepared for the roles. This highlights the disconnect between job openings and real-world experience.

Announcing the 2026 Cyber 150

The Security Industry • 18 implied HN points • 09 Mar 26
đź•ą Technology AI Security
  1. The Cyber 150 uses LinkedIn headcount growth tracked in the IT‑Harvest Dashboard to identify the top 150 fastest‑growing midsize cybersecurity companies (50–500 employees), and the winners are published in a shared spreadsheet.
  2. AI security topped the list by category, with many winners offering agentic or AI‑powered solutions—MDR, autonomous pentesting, AI SOC analysts, DSPM, and behavioral risk tools—signaling a clear shift toward AI‑first defenses.
  3. Several winners drew major funding or were acquired and eight grew past the 500‑employee cutoff, and the dataset is positioned as a practical prospecting tool for vendors, recruiters, and event organizers (RSA exhibitors are flagged).

Resilient Cyber Newsletter #12

Resilient Cyber • 79 implied HN points • 03 Sep 24
đź•ą Technology AI Security
  1. Many companies believe they are prepared for cyber threats, but actually, most lack strong leadership involvement in their cybersecurity efforts. That's making them more vulnerable.
  2. Despite spending a lot on security solutions, many enterprises still face breaches, showing that having many tools doesn't always mean better protection.
  3. There's a debate about how founders should manage their startups. Some say founding leaders need to be hands-on rather than relying on traditional management styles that don’t always work for fast-growing companies.

My Christmas Security Wishlist

Frankly Speaking • 152 implied HN points • 16 Dec 25
đź•ą Technology AI Security
  1. Stop outdated controls like mandatory 90-day password changes and security questions and instead rely on password managers plus MFA.
  2. Move away from checkbox trainings and dozens of point tools; security teams should build engineering solutions, use automated guardrails, and consolidate tooling to actually reduce risk.
  3. Make security an enabling partner by aligning compliance to real risk, supporting safe AI adoption, delivering measurable ROI, and building trust through strong detection, response, and clear communication.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Resilient Cyber Newsletter #11

Resilient Cyber • 39 implied HN points • 27 Aug 24
đź•ą Technology AI Security
  1. CISOs and security leaders need to understand Directors & Officers insurance due to increasing legal troubles. Knowing how to protect themselves from litigation is becoming essential.
  2. AI is making big changes in development, as shown by Amazon's claim of saving thousands of developer years. This shows a trend towards AI taking over more coding tasks.
  3. The application security market is very complicated. It's important to grasp what tools and strategies work best to secure software without getting lost in all the technical jargon.

Resilient Cyber Newsletter #6

Resilient Cyber • 79 implied HN points • 23 Jul 24
đź•ą Technology AI Security
  1. Crowdstrike faced a huge IT outage because of a faulty update, affecting many industries. This shows how important having strong disaster recovery processes is for businesses.
  2. There's a growing debate about who the Chief Information Security Officer (CISO) should report to—whether the CEO or CIO. What really matters is how much influence and impact they have in their role.
  3. Wiz opted out of a big sale to Google and plans to pursue its IPO instead. Their focus on building a solid security platform may help them succeed despite the tough market.

Resilient Cyber Newsletter #5

Resilient Cyber • 79 implied HN points • 16 Jul 24
đź•ą Technology AI Security
  1. CISA's Red Team was able to infiltrate a federal agency and remain undetected for five months, highlighting vulnerabilities in government cybersecurity practices.
  2. The U.S. Office of Management and Budget has published new cybersecurity priorities for FY26, focusing on modernizing defenses and improving open-source software security.
  3. Google is close to acquiring the cloud security company Wiz for $23 billion, a move that could strengthen its position against competitors like Microsoft and AWS.

The new threat model for AI

Frankly Speaking • 457 implied HN points • 16 Jul 25
đź•ą Technology AI Security
  1. With AI, the focus should shift from just stopping data theft to preventing manipulation. Instead of an attacker trying to steal information, they might want to influence decisions made by an AI system without being noticed.
  2. Security teams need to change their approach to monitoring. It's not enough to just track who accesses data; they should also keep an eye on how AI outputs are influenced by their inputs and the intent behind actions.
  3. As AI becomes integrated into systems, there will be a need for better prevention strategies, like robust logging and identifying who did what. This proactive approach will help maintain trust in AI decisions.

Skills: The Missing Piece in AI Security Tooling

Boring AppSec • 23 implied HN points • 23 Jan 26
đź•ą Technology AI Security
  1. Generic threat modeling tools miss risks unique to multi‑agent AI systems, so one‑size‑fits‑all methods like STRIDE are insufficient.
  2. Skills are modular, LLM‑native knowledge packages that let agents detect agentic patterns and find context‑specific threats (like cascade failures and goal hijacking) that generic rules miss.
  3. Skills are portable and quick to create and share, so teams can build reusable, relevant expertise that yields better findings than lots of generic noise.

Digging into the OWASP AI Exchange

Resilient Cyber • 239 implied HN points • 10 Jan 24
đź•ą Technology AI Security
  1. OWASP AI Exchange is a valuable resource for understanding AI security risks and sharing knowledge. It helps organizations learn how to protect themselves against threats in AI systems.
  2. The AI Exchange provides guidelines for managing AI security throughout its development and use. Companies can adopt controls to mitigate risks associated with data leaks, manipulation, and insecure outputs.
  3. Practitioners are advised to incorporate standard security practices from app security into AI systems. Regular monitoring and using tools like threat modeling are essential for maintaining safety in AI usage.

The Best Skills to Obtain to Help Make Generative AI Safe, Secure, and Responsible in 2024

Rod’s Blog • 238 implied HN points • 21 Dec 23
đź•ą Technology AI Security
  1. Data literacy is crucial for working effectively with Generative AI, helping ensure quality data and detecting biases or errors.
  2. AI ethics is essential for assessing the impact and implications of Generative AI, guiding its design and use in a fair and accountable way.
  3. AI security is vital for protecting AI systems from threats like cyberattacks, safeguarding data integrity and content from misuse or corruption.

Securing AI: Addressing the Emerging Threat of Prompt Injection

Gradient Flow • 219 implied HN points • 30 Nov 23
đź•ą Technology AI Security
  1. Prompt injection is a critical threat to AI systems, manipulating model outputs for harmful outcomes.
  2. Mitigating prompt injection risks requires a multi-layered defense approach involving prevention, detection, and response strategies.
  3. Collaboration between security, data science, and engineering teams is essential to secure AI systems against evolving threats like prompt injection.

Leveraging an AI Security Framework

Resilient Cyber • 79 implied HN points • 11 Apr 24
đź•ą Technology AI Security
  1. The Databricks AI Security Framework (DASF) helps identify and manage risks in AI systems. It's important for security experts and AI developers to know how to keep AI safe while still allowing innovation.
  2. Data operations have the highest number of security risks, like data poisoning and poor access controls. If the raw data is compromised, it can affect the entire AI system.
  3. Different stages of AI development, like model training and deployment, have unique risks to watch for, such as model theft and prompt injection attacks. Understanding these risks helps keep AI applications secure.

CISA and NCSC's Take on Secure AI Development

Resilient Cyber • 179 implied HN points • 01 Dec 23
đź•ą Technology AI Security
  1. CISA and NCSC released guidelines for secure AI development that focus on unique security risks and the responsibilities of both AI providers and users. It's important for organizations to understand who is responsible for protecting AI systems.
  2. The guidelines emphasize practices like threat modeling and raising awareness of AI risks during the design phase. This helps organizations build secure systems by understanding potential threats upfront.
  3. Security doesn't stop at deployment; ongoing monitoring and incident response are crucial for maintaining safe AI operations. Companies need to keep an eye on how their AI systems behave and be ready to respond to any security incidents.

Resilient Cyber Newsletter #3

Resilient Cyber • 19 implied HN points • 02 Jul 24
đź•ą Technology AI Security
  1. There is no clear standard for 'reasonable' cybersecurity in the U.S., making it hard to hold organizations accountable for data breaches. This means it's important to define what basic security should look like.
  2. The role of Chief Information Security Officers (CISOs) is evolving and there's discussion about possibly splitting their responsibilities. However, many believe that a strong CISO needs both technical skills and business understanding to be effective.
  3. Supply chain attacks are growing and affecting numerous organizations and open-source projects. This highlights the need for better security practices since many important projects are maintained by volunteers and are often under-resourced.

Must Learn AI Security Series: Introduction

Rod’s Blog • 138 implied HN points • 01 Aug 23
đź•ą Technology AI Security
  1. AI security is crucial as AI becomes a prevalent and powerful technology affecting various aspects of our lives.
  2. Exploiting AI vulnerabilities can lead to severe real-world consequences, highlighting the importance of addressing AI security concerns proactively.
  3. Transparent and ethical AI systems, alongside secure coding practices and data protection, are essential in mitigating AI security risks.

Security for AI: A lot is unknown

Frankly Speaking • 203 implied HN points • 26 Nov 24
đź•ą Technology AI Security
  1. Understanding AI is crucial for its security. If you don't understand how something works, it's hard to protect it.
  2. The basic security issues with AI are similar to existing security practices. Protecting data and conducting regular audits can help.
  3. Setting policies for AI security is important. This includes knowing what data is used and how internal AI tools are developed.

Must Learn AI Security Part 17: Social Engineering Attacks Against AI

Rod’s Blog • 99 implied HN points • 28 Sep 23
đź•ą Technology AI Security
  1. Social engineering attacks against AI involve manipulating AI systems using deception and psychological tactics to gain unauthorized access to data.
  2. Strategies to mitigate social engineering attacks include developing AI systems with security in mind, monitoring system performance, and educating users about potential risks.
  3. Monitoring aspects like AI system performance, input data, user behavior, and communication channels can help detect and respond to social engineering attacks against AI.

Must Learn AI Security on Kindle Vella

Rod’s Blog • 99 implied HN points • 01 Sep 23
đź•ą Technology AI Security
  1. The Must Learn AI Security series is now available on Kindle Vella, allowing readers to access book chapters as they are written or on a schedule
  2. Following the story on Kindle Vella notifies readers of new chapters and provides a larger audience for the important information
  3. Readers can like episodes, purchase Tokens to unlock more, and give Faves to their favorite stories on Kindle Vella

Must Learn AI Security Part 10: Backdoor Attacks Against AI

Rod’s Blog • 79 implied HN points • 08 Sep 23
đź•ą Technology AI Security
  1. A backdoor attack against AI involves maliciously manipulating an artificial intelligence system to compromise its decision-making process by embedding hidden triggers.
  2. Different types of backdoor attacks include Trojan attacks, clean-label attacks, poisoning attacks, model inversion attacks, and membership inference attacks, each posing unique challenges for AI security.
  3. Backdoor attacks against AI can lead to compromised security, misleading outputs, loss of trust, privacy breaches, legal consequences, financial losses, highlighting the importance of securing AI systems with strategies like vetting training data, robust architecture, and continuous monitoring.

Must Learn AI Security Part 1: Prompt Injection Attacks Against AI

Rod’s Blog • 79 implied HN points • 01 Aug 23
đź•ą Technology AI Security
  1. Prompts are crucial for AI as they shape the output of language models by providing initial context and instructions.
  2. Prompt injection attacks occur when malicious prompts are used to manipulate AI systems, leading to biased outputs, data poisoning, evasion, model exploitation, or adversarial attacks.
  3. To defend against prompt injection attacks, implement measures like input validation, monitoring, regular updates, user education, secure training, and content filtering.

Must Learn AI Security Compendium 8: The CISO Guide to Generative AI Security

Rod’s Blog • 59 implied HN points • 10 Oct 23
đź•ą Technology AI Security
  1. Generative AI tools like ChatGPT and Midjourney have revolutionized content creation but also pose significant security risks. Cybercriminals are increasingly using generative AI for sophisticated attacks, requiring CISOs to understand and address these threats.
  2. Generative AI attacks target email systems, social media, and other platforms to exploit human vulnerabilities. CISOs must prioritize user education, deploy advanced email security solutions, and secure vulnerable platforms to counter these attacks.
  3. To mitigate generative AI risks, CISOs should develop an AI security strategy, implement user awareness programs, enhance email security, leverage advanced threat intelligence, use MFA, update systems regularly, employ AI-powered security solutions, foster a security culture, collaborate with peers, and continuously assess and adapt security measures.

Must Learn AI Security Part 19: Deepfake Attacks Against AI

Rod’s Blog • 59 implied HN points • 02 Oct 23
đź•ą Technology AI Security
  1. Deepfake attacks against AI involve using fake videos or audios created by AI to deceive AI systems into making harmful decisions.
  2. Types of deepfake attacks include adversarial attacks, poisoning attacks, and data injection attacks, each with different strategies to compromise AI systems.
  3. To mitigate AI-generated deepfake attacks, organizations should focus on data validation, anomaly detection, AI model monitoring, and ongoing training to protect against potential financial, political, or personal gains by attackers.

Must Learn AI Security Part 12: Reward Hacking Attacks Against AI

Rod’s Blog • 59 implied HN points • 13 Sep 23
đź•ą Technology AI Security
  1. Reward Hacking attacks against AI involve AI systems exploiting flaws in reward functions to gain more rewards without achieving the intended goal.
  2. Types of Reward Hacking attacks include gaming the reward function, shortcut exploitation, reward tampering, negative side effects, and wireheading.
  3. Mitigating Reward Hacking involves designing robust reward functions, monitoring AI behavior, incorporating human oversight, and using techniques like adversarial training and model-based reinforcement learning.

Must Learn AI Security Part 13: Generative Attacks Against AI

Rod’s Blog • 59 implied HN points • 15 Sep 23
đź•ą Technology AI Security
  1. Generative attacks against AI involve creating or manipulating data to deceive AI systems, compromising their performance and trustworthiness.
  2. Defending against generative attacks requires understanding the target AI system, identifying vulnerabilities, and developing robust AI models and defense mechanisms.
  3. Types of generative attacks include adversarial examples, data poisoning, model inversion, trojan attacks, and GANs based attacks, each with unique approaches and potential negative effects on AI systems.

Must Learn AI Security Part 8: Model Stealing Attacks Against AI

Rod’s Blog • 59 implied HN points • 05 Sep 23
đź•ą Technology AI Security
  1. A Model Stealing attack against AI involves an adversary attempting to steal the machine learning model from a target AI system, potentially leading to security and privacy issues.
  2. Different types of Model Stealing attacks include Query-based attacks, Membership inference attacks, Model inversion attacks, and Trojan attacks.
  3. Model Stealing attacks can result in loss of intellectual property, security and privacy risks, reputation damage, and financial losses for organizations. Mitigation strategies include secure data management, regular system updates, model obfuscation techniques, monitoring for suspicious activity, and implementing multi-factor authentication.

Must Learn AI Security Compendium 16: Shadow AI

Rod’s Blog • 39 implied HN points • 29 Nov 23
đź•ą Technology AI Security
  1. Shadow AI can expose organizations to risks like data leakage, model poisoning, unethical outcomes, and lack of accountability.
  2. To address shadow AI risks, organizations should establish a clear vision, encourage collaboration, implement robust governance, follow responsible AI principles, and regularly monitor AI systems.
  3. Adopting a responsible and strategic approach to generative AI can help organizations leverage its benefits while minimizing the risks associated with shadow AI.

Must Learn AI Security Part 25: Sponge Attacks Against AI

Rod’s Blog • 39 implied HN points • 27 Nov 23
đź•ą Technology AI Security
  1. A Sponge attack against AI aims to confuse, distract, or overwhelm the AI system with irrelevant or nonsensical information.
  2. Types of Sponge attacks include flooding attacks, adversarial examples, poisoning attacks, deceptive inputs, and social engineering attacks.
  3. Mitigating a Sponge attack involves strategies like input validation, anomaly detection, adversarial training, rate limiting, monitoring, security best practices, updates, and user education.

Must Learn AI Security Compendium 13: Zero Trust for AI

Rod’s Blog • 39 implied HN points • 24 Oct 23
đź•ą Technology AI Security
  1. Zero Trust for AI involves continuously questioning and evaluating AI systems to ensure trustworthiness and security.
  2. Key principles of Zero Trust for AI include data protection, identity management, secure development, adversarial defense, explainability/transparency, and accountability/auditability.
  3. Zero Trust for AI is a holistic framework that requires a layered security approach and collaboration among various stakeholders to enhance the trustworthiness of AI systems.

Must Learn AI Security Part 24: Copy-move Attacks Against AI

Rod’s Blog • 39 implied HN points • 23 Oct 23
đź•ą Technology AI Security
  1. A copy-move attack against AI involves manipulating images to deceive AI systems, creating misleading or fake images that can lead to incorrect predictions or misclassifications.
  2. There are different types of copy-move attacks, including object duplication, removal, relocation, scene alteration, watermark manipulation, and more, each with unique objectives to deceive AI systems.
  3. To mitigate copy-move attacks, strategies like adversarial training, data augmentation, input preprocessing, image forensics, ensemble learning, regular model updates, and monitoring for anomalies are crucial to enhance the robustness and resilience of AI systems.

Must Learn AI Security Part 23: Blurring or Masking Attacks Against AI

Rod’s Blog • 39 implied HN points • 19 Oct 23
đź•ą Technology AI Security
  1. Blurring or masking attacks against AI involve manipulating input data like images or videos to deceive AI systems while keeping content recognizable to humans.
  2. Common types of blurring and masking attacks against AI include Gaussian blur, motion blur, median filtering, noise addition, occlusion, patch/sticker, and adversarial perturbation attacks.
  3. Blurring or masking attacks can lead to degraded performance, security risks, safety concerns, loss of trust, financial/reputational damage, and legal/regulatory implications in AI systems.

Must Learn AI Security Part 22: Machine Learning Attacks Against AI

Rod’s Blog • 39 implied HN points • 18 Oct 23
đź•ą Technology AI Security
  1. Machine Learning attacks against AI exploit vulnerabilities in AI systems to manipulate outcomes or gain unauthorized access.
  2. Common types of Machine Learning attacks include adversarial attacks, data poisoning, model inversion, evasion attacks, model stealing, membership inference attacks, and backdoor attacks.
  3. Mitigating ML attacks involves robust model training, data validation, model monitoring, secure ML pipelines, defense-in-depth, model interpretability, collaboration, regular audits, and monitoring performance, data, behavior, outputs, logs, network activity, infrastructure, and setting up alerts.

Must Learn AI Security Compendium 9: The Argument for Safe AI

Rod’s Blog • 39 implied HN points • 11 Oct 23
đź•ą Technology AI Security
  1. AI Security and Responsible AI are related and play a critical role in ensuring the ethical and safe use of artificial intelligence.
  2. By intertwining AI Security and Responsible AI, organizations can build AI systems that are trustworthy, reliable, and beneficial for society.
  3. Challenges and opportunities in AI security and responsible AI include protecting data, addressing bias and fairness, ensuring transparency, and upholding accountability.

Must Learn AI Security Part 18: Bias Exploitation Attacks Against AI

Rod’s Blog • 39 implied HN points • 29 Sep 23
đź•ą Technology AI Security
  1. A Bias Exploitation attack against AI manipulates an AI system's output by exploiting biases in its algorithms, leading to skewed and inaccurate results with potentially harmful consequences.
  2. Types of Bias Exploitation attacks include data poisoning, adversarial attacks, model inversion, backdoor attacks, and membership inference attacks - all aim to exploit biases in AI systems.
  3. Mitigating Bias Exploitation attacks involves using diverse and representative data, regularly auditing and updating AI systems, including ethical considerations in the design process, and educating users and stakeholders.

Must Learn AI Security Part 21: Watermark Removal Attacks Against AI

Rod’s Blog • 39 implied HN points • 05 Oct 23
đź•ą Technology AI Security
  1. A watermark removal attack against AI involves removing unique identifiers from digital images or videos, leading to unauthorized use and distribution of copyrighted content. This is illegal and can have legal consequences.
  2. Types of watermark removal attacks include image processing, machine learning, adversarial attacks, copy-move attacks, and blurring/masking attacks. These methods violate intellectual property rights.
  3. Mitigation strategies for watermark removal attacks include using robust and invisible watermarks, applying multiple watermarks, using detection tools, enforcing copyright laws, and educating users about the risks.

Must Learn AI Security Part 14: Inference Attacks Against AI

Rod’s Blog • 39 implied HN points • 18 Sep 23
đź•ą Technology AI Security
  1. An inference attack against AI involves gaining private information from a system by analyzing its outputs and other available data.
  2. There are two main types of inference attacks: model inversion attacks aim to reconstruct input data, while membership inference attacks try to determine if specific data points were part of the training dataset.
  3. To mitigate inference attacks, techniques like differential privacy, federated learning, secure multi-party computation, data obfuscation, access control, and regular model updates can be used.

Must Learn AI Security Compendium 4: Leveraging Generative AI for Cybersecurity Defense

Rod’s Blog • 39 implied HN points • 19 Sep 23
đź•ą Technology AI Security
  1. Generative AI can enhance threat detection by analyzing patterns and behaviors to identify deviations and potential cyber threats.
  2. Using generative AI in cybersecurity can automate vulnerability analysis, streamlining the patching process and addressing weaknesses promptly.
  3. Generative AI can be leveraged to create decoy systems like honeypots to divert attackers, providing valuable insights to improve defense strategies.

Must Learn AI Security Part 15: Misinformation Attacks Against AI

Rod’s Blog • 39 implied HN points • 21 Sep 23
đź•ą Technology AI Security
  1. Misinformation attacks against AI involve providing incorrect information to trick AI systems and manipulate their behavior.
  2. Types of misinformation attacks include adversarial examples, data poisoning, model inversion, Trojan attacks, membership inference attacks, and model stealing.
  3. Mitigating misinformation attacks requires data validation, robust model architectures, defense mechanisms, privacy-preserving techniques, monitoring, security best practices, user education, and collaborative efforts.