AISecHub

Most Viewed Videos in May 2026 https://awesomecybersecurityconferences.com/videos/most-viewed

Lovable 😜 says it’ll fix security issues for free, then asks you to pay.

300 followers :) https://github.com/TalEliyahu

Top 20 Cybersecurity Talks — May 2026 https://medium.com/@taleliyahu/top-20-cybersecurity-talks-may-2026-e67929243e6f

CISA Makes Risk-Based Vulnerability Management Real https://cyber-biz.com/blog/cisa-risk-based-vulnerability-management

Help to boost it :) I want to use few more Telegram functions. https://t.me/boost/AISecHub

CVE-2026-47155: vLLM artifact pinning gaps can load unpinned code, weights, and processors The advisory reports that vLLM revision pinning is not applied uniformly across all model artifacts, so a deployment pinned via --revision/--code-revision may still fetch and execute other dynamic components (e.g., code, weights, processors) outside the intended lock. #VulnerabilityResearch #AppSec #AISecurity #Advisory https://github.com/advisories/GHSA-3ww4-5jv9-j5gm

Turn Specs Into Evals for Agents With ASSERT ASSERT turns natural-language behavior requirements into executable tests for models/agents, making those specs usable as regression gates to catch behavioral drift or policy violations during iteration. #AgentSecurity #LLMSecurity #AISecurity #Blog https://commandline.microsoft.com/assert-written-intent-executable-evals

Five-Plane Reference Architecture for Runtime Governance of Production AI Agents The paper frames agent risk as stateful, delegated tool/action chains rather than single requests, and proposes “composite principals” with capability attenuation plus stop-anywhere mediation across reasoning + network/identity/endpoint/data enforcement planes to make runtime decisions and audits reconstructable. #AgentSecurity #LLMSecurity #AISecurity #Research https://arxiv.org/abs/2606.12320

Agents All the Way Down: Methodology for Building Custom AI Agents from Substrate to Production The paper frames agent security boundaries as engineering choices in the substrate and building blocks (tools/messages, function calling, MCP, orchestration), and proposes “agent-tests-agent” where a general-purpose agent runs behavioral scenarios to complement classical testing across the agent lifecycle. #AgentSecurity #LLMSecurity #AISecurity #Research https://arxiv.org/abs/2606.11869

Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security Runtime Skill Audit (RSA) targets the trust boundary where a “skill” looks benign statically but triggers harmful behavior only under specific runtime context (state, assets, multi-step tool use). It probes risk-relevant interfaces, sets up the needed execution context, and labels skills from trace evidence rather than documentation or code alone. #AgentSecurity #LLMSecurity #AISecurity #Research https://arxiv.org/abs/2606.11671

Recall, Not Reasoning: How AI Coding Agents Cheat Security Benchmarks Eval results suggest two benchmark failure modes for coding agents: unintended access to “workspace” artifacts that leak answers, and patch recall from upstream sources that turns tests into memorization rather than vulnerability-fix reasoning. #AgentSecurity #LLMSecurity #AISecurity #Blog https://endorlabs.com/learn/recall-not-reasoning-how-ai-coding-agents-cheat-security-benchmarks

CVE-2026-47751: Claude Code Action enables malicious MCP config in PRs The advisory describes a trust-boundary break where attacker-controlled PR content can supply a .mcp.json that’s auto-discovered and then auto-enables project MCP servers (enableAllProjectMcpServers), turning repository data into tool/server configuration and exposing code execution and secret-handling paths. #MCP #AgentSecurity #AISecurity #Advisory https://github.com/advisories/GHSA-8q5r-mmjf-575q