#secureai — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #secureai, aggregated by home.social.
-
🚀 Connect4Cyber 2026 – Info & Brokerage Day
• aktuelle #EU-Fördermöglichkeiten kennenzulernen.
• länderübergreifende Konsortien aufzubauen.
• sich zu Themen wie #SecureAI, #Kryptographie und Software-/Hardware-Security auszutauschen.Datum: 23. April 2026
Ort: World Trade Center, StockholmDie Teilnahme ist kostenlos – die Plätze sind begrenzt. Jetzt registrieren bis zum 13. April!
👉 https://ncc-se.msb.se/en/events/connect4cyber--info-and-brokerage-day-23-april-2026/ -
Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.
I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡
So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -
Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?
Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.
This work explores:
⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teamsThe core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.
I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.
P.S.
- Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
- ... and GoogleLM. These slides would have taken me forever to make otherwise.
Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security
https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240
-
via #Microsoft : Accelerating AI adoption for the US government
https://ift.tt/D4LyZEu
#AIAdoption #USGovernment #Microsoft #GSA #CloudServices #Productivity #Innovation #SecureAI #FederalAgencies #Automation #Microsoft365 #Azure #CostSavings #DigitalTransformation #PublicSer… -
🎙️ When AI writes code, builds models, and simulates threats… who checks the checker?
In this last On Location Conversation from #RSAC2025, Alex Kreilein and John Sapp Jr. join Sean Martin, CISSP to explore what trust actually means in the age of AI-generated security tooling — and how modern #AppSec teams must rethink validation, #resiliency, and #risk.
This episode cuts deep into:
Why “trust the output” is not enough in AI-driven workflows
How #AI security debt is becoming the new tech debt
Why we need #zerotrust thinking applied to models and agents
The real shift: from patching CVEs to building resilient architecture
The role of traceability, governance, and context-driven decision-makingIf you’re serious about secure AI, application security, and shifting AppSec left (the right way), this conversation will challenge what you think you know — and help reframe what secure development actually looks like.
🎥 Watch the full video:
👉 https://youtu.be/kJdQz9LmT6s🎧 Listen to the audio podcast:
👉 https://eventcoveragepodcast.com/episodes/why-we-cant-completely-trust-the-intern-even-if-its-ai-an-rsac-conference-2025-conversation-with-alex-kreilein-and-john-sapp-jr-on-location-coverage-with-sean-martin-and-marco-ciappelli✨ Thank you to our Full Coverage Sponsors:
ThreatLocker 👉 https://itspm.ag/threatlocker-r974
Akamai Technologies 👉 https://itspm.ag/akamailbwc
BLACKCLOAK 👉 https://itspm.ag/itspbcweb
SandboxAQ 👉 https://itspm.ag/sandboxaq-j2en
Archer Integrated Risk Management 👉 https://itspm.ag/rsaarchweb
ISACA 👉 https://itspm.ag/isaca-96808
Object First 👉 https://itspm.ag/object-first-2gjl
Edera 👉 https://itspm.ag/edera-434868🎙️ Explore more RSAC 2025 coverage:
👉 https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage🎧 Catch all of our event conversations:
👉 https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage🎤 Want to tell your Brand Story Briefing as part of our coverage?
👉 https://itspm.ag/evtcovbrf📆 Want Sean Martin, CISSP and Marco Ciappelli to cover your event or moderate your panel?
👉 https://www.itspmagazine.com/contact-us#RSAC2025 #cybersecurity #AppSec #AIsecurity #zerotrust #infosec #securityleadership #riskmanagement #technology #eventcoverage #secureAI #shiftleft #CISO