As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
">Friday Squid Blogging: Giant Squid in the Star Trek Universe">AIs are Getting Better at Finding and Exploiting Internet VulnerabilitiesIn a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.
[…]
A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breach—one of the costliest cyber attacks in history—using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches. ...
Prompt injection is a method of tricking LLMs into doing things they are normally prevented from doing. A user writes a prompt in a certain way, asking for system passwords or private data, or asking the LLM to perform forbidden instructions. The precise phrasing overrides the LLM’s ...
">Why AI Keeps Falling for Prompt Injection AttacksYour proprietary code is flowing into Frontier AI models in the Cloud undetected. Husn Canaries allow you to receive instant alerts when Claude, ChatGPT, Copilot, Gemini, or any AI coding assistant analyzes your code. Know exactly when your intellectual property is exposed, whether by your team, contractors, or attackers.
submitted by /u/0xRaindropHey everyone,
I’m an independent developer and for the past few months I’ve been working on a tool called Syd. Before I invest more time and money into it, I’m trying to get honest feedback from people who actually work in security.
Syd is a fully local, offline AI assistant for penetration testing and security analysis. The easiest way to explain it is “ChatGPT for pentesting”, but with some important differences. All data stays on your machine, there are no cloud calls or APIs involved, and it’s built specifically around security tooling and workflows rather than being a general-purpose chatbot. The whole point is being able to analyse client data that simply cannot leave the network.
Right now Syd works with BloodHound, Nmap, and I’m close to finishing Volatility 3 support.
With BloodHound, you upload the JSON export and Syd parses it into a large set of structured facts automatically. You can then ask questions in plain English like what the shortest path to Domain Admin is, which users have DCSync rights, or which computers have unconstrained delegation. The answers are based directly on the data and include actual paths, users, and attack chains rather than generic explanations.
With Nmap, you upload the XML output and Syd analyses services, versions, exposed attack surface and misconfigurations. You can ask things like what the most critical issues are, which Windows servers expose SMB, or which hosts are running outdated SSH. The output is prioritised and includes CVE context and realistic next steps.
I’m currently finishing off Volatility 3 integration. The idea here is one-click memory analysis using a fixed set of plugins depending on the OS. You can then ask practical questions such as whether there are signs of malware, what processes look suspicious, or what network connections existed. It’s not trying to replace DFIR tooling, just make memory analysis more approachable and faster to reason about.
The value, as I see it, differs slightly depending on who you are. For consultants, it means analysing client data without uploading anything to third-party AI services, speeding up report writing, and giving junior testers a way to ask “why is this vulnerable?” without constantly interrupting seniors. For red teams, it helps quickly identify attack paths during engagements and works in restricted or air-gapped environments with no concerns about data being reused for training. For blue teams, it helps with triage and investigation by allowing natural language questions over logs and memory without needing to be an expert in every tool.
One thing I’ve been careful about is hallucination. Syd has a validation layer that blocks answers if they reference data that doesn’t exist in the input. If it tries to invent IPs, PIDs, users, or hosts, the response is rejected with an explanation. I’m trying to avoid the confident-but-wrong problem as much as possible.
I’m also considering adding support for other tools, but only if there’s real demand. Things like Burp Suite exports, Nuclei scans, Nessus or OpenVAS reports, WPScan, SQLMap, Metasploit workspaces, and possibly C2 logs. I don’t want to bolt everything on just for the sake of it.
The reason I’m posting here is that I genuinely need validation. I’ve been working on this solo for months with no sales and very little interest, and I’m at a crossroads. I need to know whether people would actually use something like this in real workflows, which tools would matter most to integrate next, and whether anyone would realistically pay for it. I’m also unsure what pricing model would even make sense, whether that’s one-time, subscription, or free for personal use with paid commercial licensing.
Technically, it runs on Windows, macOS and Linux. It uses a local Qwen 2.5 14B model, runs as a Python desktop app, has zero telemetry and no network dependencies. Sixteen gigabytes of RAM is recommended and a GPU helps but isn’t required.
I can share screenshots or record a walkthrough showing real BloodHound and Nmap workflows if there’s interest.
I’ll be honest, this has been a grind. I believe in the idea of a privacy-first, local assistant for security work, but I need to know if there’s actually a market for it or if the industry is happy using cloud AI tools despite the data risks, sticking to fully manual analysis, or relying on scripts and frameworks without LLMs.
Syd is not an automated scanner, not a cloud SaaS, not a ChatGPT wrapper, and not an attempt to replace pentesters. It’s meant to be an assistant, nothing more.
If this sounds useful, I’m happy to share a demo or collaborate with others. I’d really appreciate any honest feedback, positive or negative.
Thanks for reading.
https://www.youtube.com/@SydSecurity
[info@sydsec.co.uk](mailto:info@sydsec.co.uk)
submitted by /u/Glass-Ant-6041 
I’ve been seeing a lot of talk about how Software Bill of Materials (SBOMs) are moving from "nice to have" to "regulatory requirement" this year.
This write-up covers why the industry is pushing for automated provenance tracking and real-time dependency intelligence: https://cybernews-node.blogspot.com/2026/01/software-supply-chain-security-another.htm
The part that gets me is the move toward "continuous verification"—the idea that a scan during the build process isn't enough anymore because dependencies can drift or get compromised after deployment.
Is anyone here actually seeing better security from this, or is it just creating a mountain of "compliance paperwork" for the dev teams to deal with?
submitted by /u/No_Fisherman1212
