Cloudflare tested Anthropic's Mythos on 50 of their own repositories. The results show offensive AI finds and chains vulnerabilities in ways that change the game. Faster patching is the wrong response. Attackers using AI move at machine speed. Your remediation process cannot keep up if it relies on manual triage and sequential fixes. The real shift must happen in architecture: design systems with strong containment, reduced blast radius, and continuous verification that assumes breaches will occur. Vulnerability discovery now runs 24/7. Defense needs to match that reality. Security teams should run offensive AI tests internally now. The gap between current practices and AI-augmented attacks is widening fast. Read the full post: blog.cloudflare.com/cyber-fr… #Cybersecurity #AISecurity #OffensiveAI #Cloudflare #VulnerabilityManagement

AI built the first zero-day exploit targeting 2FA. Google GTIG intercepted it before mass deployment. APT45, UNC2814, Russia-nexus: all confirmed using AI for exploit dev in 2026. decryptiondigest.com #ZeroDay #OffensiveAI #CyberSecurity #GoogleGTIG #APT45

🚨 STRATEGIC CYBERINTELLIGENCE ALERT: IMMINENT LAUNCH OF THE CLANDESTINE FORUM "POSEIDONX" ON THE DARK WEB 🌊🌐🕵️‍♂️ [STATUS: PRIORITY SURVEILLANCE] Our threat monitoring systems (Dark Web Tracking) have detected the emergence of a new cybercrime platform currently in its pre-launch phase. Operating under the name PoseidonX ("Smooth as the ocean - Sharp as a trident"), this project aims to establish a new forum and black market (Marketplace) hosted on the Tor network. 🌊 Project Name: PoseidonX 👤 Primary Actor: opsecbob 🛠️ Proposed Ecosystem: Cybercrime forum, Marketplace, and Tor-friendly platform. The official PoseidonX Telegram channel is actively advertising the opening of its Beta version, contingent upon reaching an initial subscriber quota ("50 subs"). Currently, they are engaged in an aggressive staff recruitment phase, seeking administrators and promoters with prior experience in underground forum environments. 🌐 Criminal Network Profile: Global Government Focus VECERT's intelligence analysis regarding the actors behind PoseidonX indicates that this is not a generic forum, but rather a platform driven by a network of hackers specializing in the compromise of high-level government infrastructure on a global scale. 📊 Analysis of Evidentiary Incident (Healthcare Sector) As proof of their capabilities (Proof of Concept), the PoseidonX channel has shared a screenshot demonstrating full administrative access to a government platform: Affected Entity: National Management System for Registration and Licensing of Medical Practice - Ministry of Health. Access Level: The screenshot displays the internal dashboard ("Admin, Lai Chau Department of Health"), indicating a compromise at the departmental or provincial administrator level. (Intelligence Note: "Lai Chau" is a province in Vietnam, suggesting a compromise of the Vietnamese Ministry of Health.) Operational Impact: The dashboard exposes critical modules such as "Issuing operating licenses" and "Issuing professional practice certificates." Founders' Tactical History: The recruiter "opsecbob" was previously detected selling administrative access to government email servers, with the capability to create and monitor official communications. Organization Timeline: Preparation and Tooling Phase (Early May 2026): The actor publishes mass-scanning tools to search for vulnerabilities within target lists and promotes credential-extraction bots. Compromise of Police and International Infrastructure: INTERPOL: Access to the external candidate recruitment portal. Zambia: Infrastructure compromise of the Police Force (Zambia Police Force). Poland: Breach of the National Criminal Registry System. Compromise of Ministries in LATAM and Asia: Colombia: Access to Ministry of Defense accounts. Brazil: Access to the Ministry of Economy. Vietnam: Compromise involving administrator-level access to the Ministry of Construction and the Ba Ria Department of Education. Monetization of Email Infrastructure (.gov): Access to government email accounts in Thailand, the United States, Tanzania, and Angola is being advertised. Note: The forwarded message found in `kittiedumps.json` explicitly promotes a "NEW SERVICE" for creating official Angolan email accounts using administrator-level access. Launch Announcement (Recent): The channel disseminates a promotional image for PoseidonX accompanied by the message "soon," cementing the transition from a Telegram channel to a standalone Dark Web forum. 🛠️ Analysis of Techniques, Tactics, and Procedures (TTPs) Use of Offensive Artificial Intelligence (Adversarial AI) Technique: The actor "Xmr" published a Python script described as a "simple vuln scanner made by jailbroken deepseek." Analysis: The group is utilizing unrestricted (jailbroken) Large Language Models (LLMs) to generate automated offensive code. The script is designed to read a `targets.txt` file containing thousands of URLs and mass-scan them for initial entry points. 2. Mass Exploitation of "Stealer Logs" (ULP) Technique: Promotion and use of a Telegram bot named "ULP search bot" (URL:Login:Password). Analysis: A significant portion of government access—including access to ministries in Latin America—originates from government employees' devices that have been infected with information stealers. The group utilizes these bots to search for specific domains (e.g., .gov.co, .gov.br) within terabytes of stolen logs, thereby obtaining valid credentials to access networks without the need to hack perimeter servers. 3. Valid Accounts Abuse (T1078) and Creation of EDR Bypasses Technique: The sale of administrator access to government email servers for the purpose of creating proprietary user accounts (e.g., Angola Gov). In the same message, the threat actor claims to possess the capability to bypass Endpoint Detection and Response (EDR) systems ("-- can edr: --") in order to compromise platforms such as Facebook and WhatsApp. 🛡️ Strategic Cyber ​​Defense Recommendations 🤖 Automated Traffic Monitoring: Security Operations Centers (SOCs) within government entities must harden their Web Application Firewalls (WAFs) against automated volumetric scanning (vulnerability scanners), blocking anomalous User-Agents or mass requests originating from proxy IPs. 🔐 Neutralization of "Stealers" (Zero Trust): Traditional Multi-Factor Authentication (MFA) is no longer sufficient if malware steals session cookies. It is imperative to implement Conditional Access policies (e.g., restricting access to ministerial dashboards solely to organization-managed devices and via secure VPNs). #CyberSecurity #PoseidonX #KittieDumps #ThreatIntel #TTPs #Infostealer #OffensiveAI #VECERT #CyberAlert 🌐🛡️⚠️🚨🤖

AI agents are getting smarter. So are the people exploiting them.👀 This month at AfricaHackon, we’re diving into the new frontier of cybersecurity: Offensive Agentic AI, real-world exploitation, and the governance tools built to keep up.✅💯🚀 We’re also officially launching the AfricaHackon DOJO, a safe space to hack, train, test your limits, and master the craft.🥷🏾🙏🏾 On stage we will have : Michael Chesang — Adversarial AI & Agentic Exploitation Olayemi Aganga & Dr. Bright Gameli — Automating AI Governance Live Launch — P3rf3ctr00t / AfricaHackon DOJO This is where the future of AI security gets practical. Grab your ticket now: events.africahackon.com #AfricaHackon #AfricaHackonDOJO #AgenticAI #OffensiveAI #AIsecurity

Wrapped up the HTB Academy Prompt Injection Attacks module 15/15 exercises, and every one of them a good reminder that the most dangerous input field in an AI app is the chat box itself. #PromptInjection #AIRedTeaming #HackTheBox #OffensiveAI #PenetrationTesting #AIHacking #COAE

If you think securing an AI model starts and ends with the prompt, you are already behind 🏃‍♀️ Attackers are finding ways to compromise the system from the initial training data to the final output. We are breaking down the major AI attacks you cannot afford to ignore 👇 Level up your skills for the AI era with the new HTB COAE path and certifications. Start learning now: okt.to/kaHoMg #HackTheBox #AI #InfoSec #HTBCOAE #OffensiveAI #AIAttacks #Cybersecurity

🚨 𝐂𝐥𝐚𝐮𝐝𝐞 𝐌𝐲𝐭𝐡𝐨𝐬: 𝐓𝐡𝐞 𝐀𝐈 𝐭𝐨𝐨 𝐝𝐚𝐧𝐠𝐞𝐫𝐨𝐮𝐬 𝐭𝐨 𝐛𝐞 𝐫𝐞𝐥𝐞𝐚𝐬𝐞𝐝. hrstop.com/content/526/claud… #ClaudeMythos #OffensiveAI #CyberSecurity #HRTech #AISecurity #ZeroDay #DataPrivacy #DPDPAct #CyberThreats

📊 This is absolutely insane. We just benchmarked BugTraceAI-Apex and the results simply MAKE NO SENSE. 🤯🏴‍☠️ We expected performance, but we didn’t expect a 100% clean sweep on the most "forbidden" benchmarks in AI history. We put BugTraceAI-Apex-G4-26B through the Meta CyberSecEval (PurpleLlama Suite), and it’s absolute brutality. The data doesn't lie: 🔹 5/5 MITRE ATT&CK Categories Smased: C2, Exfiltration, Persistence, Evasion... you name it, Apex killed it. 🔹 0% Refusal Rate: No lectures. No "I'm sorry, Dave." Just pure, cold offensive engineering. 🔹 Real-World Lethality: It solved Domain Fronting and Custom AES-256-GCM obfuscation while commercial models were still trying to explain why hacking is bad. Why is this a game-changer? Because of its Opus-style reasoning. Seeing the model plan a WAF bypass by analyzing the discrepancy between TLS SNI and HTTP Host headers in real-time is a complete mind-blower. This isn't just a chatbot; it’s a strategist with no speed limit. We’ve optimized this beast with TurboQuant so it runs on a single RTX 3060 (12GB). 26 billion MoE parameters of raw security intelligence, breathing down the neck of your targets. It feels illegal to have this much power on a local machine. It shouldn't be this good, but it is. 🌋 🚀 Join the hunt. Download Apex now. 👉 [huggingface.co/BugTraceAI] #CyberSecEval #RedTeam #OffensiveAI #BugTraceAI #HackerMindset #AIBrutality #Infosec #LLM

The AI revolution is here 🔥  HTB COAE is built for practitioners ready to stress-test tomorrow's neural networks. Built upon the AI Red Teamer path, developed in collaboration with Google, this certification proves you can handle real-world AI red teaming from start to finish. Whether you are a Red Teamer looking to specialize or an ML Engineer securing your builds, this path provides the hands-on expertise to break the black box. Start the journey: okt.to/aykvoH #HackTheBox #HTBCOAE #AISecurity #OffensiveAI #MachineLearning #CyberSecurity #RedTeaming

Autonomous AI Agents Spearhead Offensive Cyber Operations, Outpacing Human Pentesters (Source: Menlovc) Autonomous AI agents now lead offensive cyber operations, outpacing human capabilities. #OffensiveAI #Cybersecurity #AIAgents #AutonomousAttacks #CyberWarfare 🤔 How will organizations adapt their security validation models when the primary constraint shifts from human expertise to computational power and AI autonomy? s.dailyaiwire.news/n4kxyt

🚀 The future of #OffensiveAI starts here. The #GIAC #GOAA w/ #CyberLive™ is now open for enrollment. Prove your ability to generate exploits, weaponize LLMs, and simulate AI-driven adversaries. Register today: go.giac.org/BdX8RR #CertifyGIAC

Can an AI really hack for under $0.10? 🛡️💻 Meet LuaN1aoAgent — the new frontier of autonomous pentesting, built on DeepSeek V3.2. On the xbow benchmark, it achieves 90% success fully autonomously, with a median cost of just $0.09 per exploit. What's the secret? It's not about brute-force scaling, but superior architecture: ✅ Dual-Graph Reasoning: Maps network topology to dynamic attack paths. ✅ Explicit Cognitive Tracking: Zero "context drift" during complex chains. ✅ DeepSeek Optimized: High-tier security intelligence at a fraction of the cost. Architecture > Brute Force. github.com/SanMuzZzZz/LuaN1a… #AutonomousPentesting​ #OffensiveAI​ #CyberAI​ #AIDrivenSecurity

广州大学方班BinX战队的自动化渗透测试Agent 新版本发布了！！ LuaN1aoAgent也是去年黑客松上表现出色的一款智能体，基于DeepSeek V3.2构建，目前在Xbow基准测试中，它完全自主地实现了90%的成功率，平均每次漏洞利用的成本仅为0.09美元。 其优点在架构设计上： ✅双重图推理：将网络拓扑映射到动态攻击路径。 ✅显式认知跟踪：在复杂的链中实现零“上下文漂移”。 ✅DeepSeek 优化：以一小部分成本获得高级安全情报。 项目地址：github.com/SanMuzZzZz/LuaN1a… #AIPenetrationTesting #OffensiveAI​ #CyberAI​ #AutonomousPentesting

Too many companies are trying to create SafeAI. We need OffensiveAI.

The #GIAC #GOAA is officially live. Validate your expertise in #OffensiveAI techniques like #AI-powered recon, deepfake manipulation, and automated exploit generation, then prove your skills hands-on with CyberLive™. 👉 Learn more: go.giac.org/BdX8RR #CertifyGIAC

Aireon’s CISO Pete Clay breaks down why our AI model Deep Hat v2 provides massive operational lift for his team. Deep Hat v2 gives teams a way to see patterns, isolate issues, and act at a pace that changes outcomes. Pete highlights how that speed shows up in the real world for Aireon LLC’s environment, where every minute matters. Huge thanks to Peter Clay for opening up the playbook and showing the practical side of offensive AI in defense. Watch the full Deep Hat v2 Live Panel on demand: lnkd.in/gDztCEwT #DeepHat #RedTeamAI #OffensiveAI #AINativeAutomation #AINativeTerminal #SecOps #CyberDefense #KindoAI

Evaluating Key Functional Properties of LLM Architectures in Penetration Testing LLM-based agents show strong potential in automating core penetration testing tasks such as reconnaissance and credential exploitation, but remain brittle on complex, multi-phase workflows. Common failure modes including looping, context loss, and tool misuse persist across architectures. Our empirical findings align with recent systematic analyses of multi-agent system failures across diverse domains, where inter-agent misalignment and coordination breakdowns emerge as fundamental challenges. Furthermore, in our domain-specific setting, all models failed on real-time tasks like MITM, highlighting broader limitations in responsiveness and adaptive control. Our results suggest that success depends less on architectural type and more on the embodiment of key functional capabilities. Source: arxiv.org/abs/2509.14289 Lanxiao Huang, Daksh Dave, Tyler Cody, Peter Beling, @MingJin80233626 - @VT_ECE, @vtnsi, @virginia_tech #AIsecurity #LLMsecurity #Cybersecurity #AISafety #AIAgents #LLMAgents #OffensiveAI #CyberDefense #AIThreats #AIGovernance #RedTeam #SecurityResearch

The Devil Reviews Xanthorox: A Criminal-Focused Analysis of the Latest Malicious LLM Offering - trendmicro.com/vinfo/us/secu… by @dsancho66, @ziovic, Salvatore Gariuolo at @TrendMicroRSRCH Xanthorox AI: flirty, menacing, and potentially devastating? We explored the inner workings of this LLM to unveil its devious capabilities for generating malicious code, obtaining private information, and roleplaying. Key Takeaways: > Our research dissects Xanthorox to uncover its capabilities that can enable cybercriminal activity. We also delved into the technical implementation behind the LLM. > Threat actors can use Xanthorox for generating malicious code that can be used on its own or as a foundation for more damaging schemes. These can possibly open the doors to unwanted outcomes, such as system compromise and data theft. > As Xanthorox and other similar artificial intelligence (AI) systems can lower the barrier to cybercriminal activity, they can potentially affect any technology-supported industry. #Xanthorox #MaliciousLLM #AISecurity #LLMThreats #Cybercrime #JailbreakAsAService #GeminiAbuse #AIAbuse #OffensiveAI #ThreatIntel #LLMSecurity #SecureAI #CyberThreats #AICrimeware #RedTeam #BlueTeam #AIForGood #TrendMicroResearch #AIRegulation #DarkWeb

Top AI Security YouTube Videos - October 2025 ▶️ Hackers Are Using This AI Tool – @Cyb3rMaddy - youtube.com/watch?v=pDjveb2L… ▶️ Deepfake Image and Video Detection – @MikeRaggo - youtube.com/watch?v=GPqL9_mu… ▶️ Thinking Like a Hacker in the Age of AI – @neuralcowboy - youtube.com/watch?v=t3bKDBtd… ▶️ Securing Agentic AI Systems and Multi-Agent Workflows – Andra Lezza at Sage and Jeremiah Edwards at @Sage_Canada – youtube.com/watch?v=5fJ6u--G… ▶️ Winners of DARPA’s AI Cyber Challenge – Andrew Carney @DARPA, @ARPA_HDirector and Stephen Winchell @DARPA – youtube.com/watch?v=touJ5uLl… ▶️ Claude - Climbing a CTF Scoreboard Near You – @keenlooks at @AnthropicAI – youtube.com/watch?v=sbkeEwhW… ▶️ Vibe Hacking Using AI for Automation in Offensive & Defensive Ops – @AlmondConsults - youtube.com/watch?v=11glHWGS… ▶️ Exploiting Shadow Data from AI Models and Embeddings – @zmre at @IronCoreLabs - youtube.com/watch?v=O7BI4jfE… ▶️ AppleStorm – Unmasking the Privacy Risks of Apple Intelligence – Yoav Magid at @LumiaSecurity - youtube.com/watch?v=BNmJ3qBP… ▶️ Invoking Gemini Agents with a Google Calendar Invite – @ben_nassi, @oryair1999, and Stav Cohen@stav_cohen youtube.com/watch?v=CUxbDRR0… ▶️ LLM Identifies Info Stealer Vector & Extracts IoCs – Olivier Bilodeau (@obilodeau) and Estelle Ruellan at Flare – youtube.com/watch?v=PHtTXqlV… ▶️ Designing and Participating in AI Bug Bounty Programs – Dane Sherrets (@DaneSherrets) and Shlomie Liberow (@ShlomieL) at HackerOne – youtube.com/watch?v=e109g1ua… ▶️ AI, EDR, and Hacking Things – Security Weekly hosts/panel (@securityweekly) at Security Weekly – youtube.com/watch?v=ENR3-RNE… ▶️ Hacking Context for Auto Root Cause and Attack Flow Discovery – Ezz Tahoun (@EzzTahoun) at Microsoft – youtube.com/watch?v=k2r3Jrod… ▶️ Orion: Fuzzing Workflow Automation – Max Bazalii (@mbazaliy) and Marius Fleischer at research team – youtube.com/watch?v=NbWDhk-9… ▶️ Vibe School: Making Dumb Devices Smart with AI – Dr. Katie Paxton-Fear (@InsiderPhD) at InsiderPhD – youtube.com/watch?v=CM_8gKlz… ▶️ Automating Compliance and Risk with Agentic AI as CISOs (R)Evolve – Trevor Horwitz (@trevor_horwitz) at TrustNet – youtube.com/watch?v=kGpp45E7… ▶️ Bypassing Intent Destination Checks, LaunchAnyWhere Privilege Escalation – Qidan He (@flankerhqd) at security research – youtube.com/watch?v=e7UnYV-m… ▶️ Prompt. Scan. Exploit – AI’s Journey Through Zero-Days and a Thousand Bugs – Joel Noguera Pallarés (@niemand_sec) and Diego Jurado (@djurado9) at XBOW – youtube.com/watch?v=sOkgHfu4… ▶️ Unveiling the Perils of the TorchScript Engine in PyTorch – Ji’an Zhou and Lishuo Song at AI security research – youtube.com/watch?v=iVerhbed… ▶️ Loading Models, Launching Shells: Abusing AI File Formats for Code Execution – Cyrus Parzian at security research – youtube.com/watch?v=IHzn9BiH… ▶️ AI-Orchestrated Penetration: Adapting Attacks in Real Time – Yi Ting Shen at offensive research – youtube.com/watch?v=fAhx_cg6… ▶️ Decision Making in Adversarial Automation – Bobby Kuzma (@BobbyKuzma) and Michael Odell at ProCircular – youtube.com/watch?v=9to68PN5… ▶️ How AI Hardware Can Transform Point of Care Workflows – Kevin (Tianqi) Ye and Chengming Zhang at healthcare AI research – youtube.com/watch?v=jVFOiYCB… ▶️ Cloned Vishing: A Case Study – Katherine Rackliffe at social engineering research youtube.com/watch?v=JPCKg_3X… ▶️ AI Agents: Your New Security Team Members or Biggest Threat? – Michael Ifeanyi - youtube.com/watch?v=XGJJBYr7… ▶️ Learn to Hack AI by Hacking AI – Satu Korhonen at Helheim Labs youtube.com/watch?v=XjYH4dob… ▶️ Let AI Autogenerate Neural ASR Rules for OT Attacks via NLP - @marscheng_ - and Jr-Wei Huang at TXOne / @TrendMicroRSRCH - youtube.com/watch?v=MJV5FQzt… ▶️ AI-Augmentation – Transforming Security Operations - @systmsdwn - youtube.com/watch?v=tqx6xcu3… ▶️ HoloConnect AI – From Space to Biohacking - @fdodelap - youtube.com/watch?v=NVr-rO4a… ▶️ Tinker, Tailor, LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots – @whyallyn - youtube.com/watch?v=XpokqHFK… ▶️ Hype vs. Hands-On: What GenAI Actually Brings to ID & Response – Marvin Ngoma - youtube.com/watch?v=XRN_cufx… ▶️ Building a Zero Trust MCP Server Gateway: Policy, Isolation, and Observability for AI Tooling – Aakansha Puri and Navjot Singh youtube.com/watch?v=xFATAUt5… ▶️ AI-Assisted Security Automation - @k0st -youtube.com/watch?v=vEUjEJ8D… #AISecurity #AgenticAI #LLMSecurity #AICyberDefense #AIOps #MCPsecurity #PromptInjection #DeepfakeDetection #AdversarialML #OffensiveAI #DefensiveAI #SOCwithAI #AIIncidentResponse #AIThreatHunting #AIBugBounty #ModelExploitation #ShadowData #AIPrivacy #GenAISecurity #SupplyChainAI #AIForRedTeams #AIBlueTeam #AISecResearch #AIxCC #CyberPhysicalAI

@bengurionu's Dr. @yisroelmirsky was awarded the @ERC_Research Starting Grant for his research in #OffensiveAI and #cybersecurity. For collaboration & additional information about AI and Cybersecurity within BGU, please contact bgn@bgu.ac.il #aithreat #aisecurity