惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
T
Threat Research - Cisco Blogs
GbyAI
GbyAI
Y
Y Combinator Blog
美团技术团队
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
S
SegmentFault 最新的问题
IT之家
IT之家
Recent Announcements
Recent Announcements
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
T
The Blog of Author Tim Ferriss
Martin Fowler
Martin Fowler
Microsoft Azure Blog
Microsoft Azure Blog
V
Visual Studio Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
U
Unit 42
WordPress大学
WordPress大学
博客园 - Franky
L
LangChain Blog
人人都是产品经理
人人都是产品经理
小众软件
小众软件
博客园 - 叶小钗
罗磊的独立博客
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
云风的 BLOG
云风的 BLOG
Vercel News
Vercel News
雷峰网
雷峰网
腾讯CDC
Google DeepMind News
Google DeepMind News
博客园 - 三生石上(FineUI控件)
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Help Net Security
Help Net Security
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
N
News and Events Feed by Topic
V2EX - 技术
V2EX - 技术
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
博客园 - 聂微东
A
Arctic Wolf
H
Heimdal Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
The Exploit Database - CXSecurity.com
C
Cyber Attacks, Cyber Crime and Cyber Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Google DeepMind News
Google DeepMind News

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
Vibe Hunting: A New Way Of Threat Hunting With AI
Aqsa Taylor · 2026-05-20 · via Forbes - Innovation

Aqsa Taylor is Chief Security Evangelist at Exaforce, an AI SOC company.

getty

On March 31, 2026, one of the most popular open-source packages, Axios, which is downloaded millions of times per week, was compromised. Malicious versions of the package were briefly distributed through the npm registry after a maintainer account was hijacked. Because Axios is embedded in countless web applications, mobile apps and back-end services, the exposure had a potentially broad reach.

Security researchers believe the malicious packages attempted to steal credentials, cloud keys, API tokens and other secrets before deploying a cross-platform remote access trojan (RAT) for persistent access. The compromised versions remained available for roughly three hours before removal.​

Any security leader who reads that number knows what it means in practice. Three hours is shorter than most companies take even to review an alert. But this is the new reality of modern cybersecurity. The gap between how fast attackers are moving and how fast defenders respond is widening.

Developers got vibe coding. They stopped managing syntax and started expressing intent. The AI handles the mechanics, the developer handles the thinking and suddenly, the best engineers in the room got dramatically more effective. This is because the infrastructure was finally able to support them to the point that they didn’t need to focus on the heavy lifting, and they could spend that energy instead on creativity and execution.

​Security operations teams need a parallel movement: vibe hunting.

What is vibe hunting?

The definition of vibe hunting is using AI agents to assist with the threat hunting process in the security operations center (SOC). So let’s say a security analyst reads a blog post documenting a widespread attack, which includes information about the compromised versions, the malicious dependency, the known bad domains and the credential theft behavior. ​

Instead of opening a legacy tool (like a SIEM) and crafting queries for each threat indicator one by one, they point an AI agent at the blog. The agent reads it, understands all of the indications of a breach and builds a plan to look for these indicators, and then it executes that plan.​

The time it took from reading threat intelligence to having a running detection is minutes. The analyst still read the intelligence, made the judgment call about version pinning and validated the AI agent’s findings and escalations. Vibe hunting is a prime example of how security experts and AI can work together in 2026.

What is vibe hunting not?

The first wave of AI in security operations was real but narrow: a language model in a sidebar helping write search queries faster, or a chatbot explaining what an alert meant. These are genuine improvements at the margin. They did not change the underlying architecture of the problem. Most of what gets demoed at conferences like RSA, where you see "AI-powered," is an LLM with a clean UI sitting on top of the same legacy data architecture.

That LLM agent on your traditional security platform isn’t really vibing, sorry.

Here's why. An LLM agent dropped on top of fragmented data is still working with fragmented data. It can answer questions faster, but it cannot reason across things it doesn't actually understand in context. When identity events live in one system, endpoint telemetry in another, cloud control plane logs somewhere else and SaaS activity in a fourth, and none of these share a schema or a common understanding of what entities mean across systems, adding a chatbot on top doesn't fix that. You've just given your analyst a faster way to do the same manual pivoting.

​The technical reality is that a chatbot answers questions about data that it is fed. What a SOC actually needs is a system that reasons about it. That requires a different foundation entirely. A unified semantic layer. A knowledge graph that gives AI real structured context about your environment. Alerts, events, identities, configurations, relationships—all of it, understood together.​

The moment is now.

Attackers are already "vibing." They’re using AI without hesitation to exploit faster and hit harder. Reconnaissance that used to take days takes minutes. Phishing campaigns that used to require a skilled social engineer now get generated at scale, personalized and launched automatically.

What this means in practice is that attacks have grown faster than most organizations have adjusted for. The Axios window was just three hours. It was fast, targeted and designed to be in and out before a traditional SOC workflow has even fully processed the first alert.

The speed asymmetry is real, and it is getting worse. Every quarter that a security team operates on a manual hunting cycle while adversaries run automated campaigns, the gap widens. You can't hire your way out of it. You can't patch your way out of it. The only answer is meeting AI-powered offense with AI-powered defense, built on a foundation that can actually reason at the speed the threat requires.​

The developers had their moment. The best engineers didn't disappear. They became dramatically more effective because the mechanical layer finally caught up to their capabilities. The skill was always there; the constraint was the tooling. SOC teams have been carrying that same constraint for years while the threat landscape moved in the other direction. The best threat hunters in the world have been spending the majority of their day in query syntax and console pivoting, work that is necessary but not where their value actually lives. Meanwhile, the other side automated that work a long time ago.

​That constraint is lifting.

​The SOC's vibe moment is here, finally giving them the infrastructure that matches the pace of what they're up against. This is where the tools become partners and not a burden to work with.​

But vibe moments come with hype, and hype is where bad decisions get made. The teams that get this right will be the ones who ask harder questions about what's actually underneath the platform. What does the data foundation look like? How does the AI reason, and in what context? Is this a wrapper on the same broken architecture or something genuinely different?​

That's the question worth asking before the next board slide.​


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?