惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cloudbric
Cloudbric
有赞技术团队
有赞技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Threat Research - Cisco Blogs
L
LangChain Blog
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
Latest news
Latest news
S
Schneier on Security
Cisco Talos Blog
Cisco Talos Blog
MyScale Blog
MyScale Blog
C
Check Point Blog
IT之家
IT之家
P
Palo Alto Networks Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CERT Recently Published Vulnerability Notes
Scott Helme
Scott Helme
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
G
Google Developers Blog
T
Tor Project blog
T
Threatpost
D
DataBreaches.Net
博客园 - 【当耐特】
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Troy Hunt's Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
P
Privacy & Cybersecurity Law Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
博客园_首页
S
Securelist
T
The Exploit Database - CXSecurity.com
Last Week in AI
Last Week in AI
量子位
U
Unit 42
Know Your Adversary
Know Your Adversary
Hugging Face - Blog
Hugging Face - Blog
S
Security Affairs
Google Online Security Blog
Google Online Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
S
SegmentFault 最新的问题
Engineering at Meta
Engineering at Meta
N
News and Events Feed by Topic
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
AI Cyber Tools Move Into A New Phase As Governments Tighten Control - Freedom For All Americans
Dwight Decker · 2026-06-17 · via Hacker News - Newest: "AI"

AI cyber tools have moved from helpful assistants into operational systems that can scan code, triage alerts, write detections, support patch planning, and, in some cases, act through connected tools.

Nowadays, governments are reacting with faster patch deadlines, AI model testing, cybersecurity codes, export controls, and stricter rules for critical infrastructure. The core issue is control: who can use advanced AI cyber capability, under which safeguards, and with what audit trail.

CISA’s June 2026 BOD 26-04 pushed the highest-risk federal vulnerability remediation window down to as little as three calendar days, while the White House ordered new federal work on AI-enabled cyber defense and frontier model testing.

What Changed In 2026

AI Cybersecurity Tools
AI agents now navigate systems with reduced human oversight

The old AI cyber story was mostly about phishing emails and faster malware coding. The 2026 story is broader. AI systems now sit inside security operations centers, vulnerability programs, and critical infrastructure defense planning.

Google Cloud’s Mandiant report says adversaries moved in 2025 from experimental AI use to full operationalization, including adaptive tools and AI agents that can move through systems with less human steering, according to its AI risk report.

Microsoft says Security Copilot is generally available and now supports security agents for high-volume tasks, including phishing response, data security, identity management, and vulnerability remediation, based on its Security Copilot product page.

Japan gives a current market example. On June 16, 2026, SoftBank Group, SoftBank Corp., and SB OAI Japan announced Patching as a Service, using OpenAI cyber capabilities for vulnerability assessment and remediation planning for Japanese critical infrastructure companies.

The New Control Map For AI Cyber Tools

Control Area Key 2026 Signal Who It Affects Practical Meaning
Federal patch deadlines CISA allows three-day remediation for highest-risk flaws U.S. federal civilian agencies, plus private firms using CISA as a benchmark Patch priority now depends on exposure, exploitation, automation, and impact.
Frontier model testing White House order calls for classified benchmarking and secure early access for trusted partners Major AI developers and federal agencies Cyber capability testing becomes part of national AI policy.
Agentic AI adoption CISA and partners published guidance on careful agentic AI use in May 2026 Developers, vendors, operators, critical infrastructure Start with low-risk tasks, limit privileges, log actions, and keep human oversight.
EU AI regulation EU AI Act GPAI rules applied from August 2025, broader rules phase in during 2026 and later AI model providers and deployers in or serving the EU Safety, transparency, and systemic-risk obligations now apply to major model providers.
Product security EU Cyber Resilience Act reporting starts September 11, 2026 Makers of digital products sold in the EU Exploited vulnerability reporting becomes a product-market obligation.
UK AI security baseline UK AI Cyber Security Code of Practice published January 31, 2025 AI developers and deployers A baseline set of cyber principles is moving toward ETSI standardization.

Why Governments Are Moving From Guidance To Control

Government AI Regulations
AI is also reducing the cost of attacks while improving the defence

Government pressure is rising because AI cyber tools change the economics of attack and defense. A small team can test more targets, rewrite exploit attempts, generate phishing variants, or analyze stolen data faster. A defensive team can also review logs, prioritize flaws, and create detections faster.

At the individual device level, security still starts with basic controls, including encrypted connections through tools such as an iphone vpn when staff use mobile devices on public or shared networks.

OpenAI’s February 2026 threat report said malicious actors often combine AI models with websites, social platforms, and other traditional tools rather than relying on a single AI platform.

Anthropic’s 2025 misuse report described cases involving Claude misuse for extortion, North Korean employment fraud, and AI-generated ransomware sales, showing how lower-skill actors can gain technical leverage.

Agentic AI Creates A Permission Problem

Agentic AI is the biggest reason regulators are paying closer attention. A chatbot answers. An agent can plan, call tools, query systems, create tickets, run scripts, and take sequential actions. In cybersecurity, that difference matters.

A low-risk agent might summarize alerts from a SIEM. A higher-risk agent might trigger firewall changes, disable accounts, open cloud consoles, or draft patches. CISA’s agentic AI guidance tells organizations to treat such systems as connected services with real privileges, not as harmless text generators.

The practical risk is not science fiction. Poor scoping can let an AI tool read data it should not access. Weak logging can leave no clear record of why an action happened. Tool chaining can turn a prompt injection into a workflow problem, especially where agents read emails, support tickets, web pages, or code comments from untrusted sources.

What Counts As An AI Cyber Tool?

Digital Security Policies
Tools often integrate threat analysis and behavior tracking

An AI cyber tool is any AI system used to support cybersecurity work, offensive security testing, vulnerability management, incident response, fraud detection, or security automation.

Common examples include:

  • Alert triage assistants inside SOC platforms
  • AI vulnerability scanners and patch planners
  • Detection engineering agents that write SIEM rules
  • Code security assistants that review pull requests
  • Phishing analysis and takedown tools
  • Red-team agents used for authorized testing
  • Cloud security copilots connected to IAM, logs, and asset inventories

The line between defensive and offensive use depends on permission, scope, and environment. A tool that finds a vulnerable VPN appliance inside a company’s own asset inventory is defensive. The same method used against random internet targets becomes hostile reconnaissance, which is why you should learn more about online safety.

Who Gains From The New Phase?

Large enterprises may benefit first because they already have logs, identity controls, asset inventories, and compliance teams. AI can turn that raw material into faster triage and better prioritization. Google said in April 2026 that new Security Operations agents can support threat hunting and detection engineering.

Smaller organizations face a harder bargain. AI cyber products can help a thin security team, but tools connected to email, cloud consoles, code repositories, or ticketing systems create new failure points. Vendor promises need proof: audit logs, role-based access, rollback controls, testing records, and incident support.

Governments gain faster visibility, but they also face procurement risk. A frontier model can become part of national cyber defense, yet access, updates, data retention, and model behavior may remain controlled by a private vendor. A June 2026 White House fact sheet focused on secure early access, benchmarking, and trusted partners rather than blind adoption.

What Security Teams Should Do Now

Security leaders should treat AI cyber tools as privileged systems. Buying an AI scanner or SOC copilot without governance can create another unmanaged attack surface.

A practical 2026 checklist:

  1. Map every AI cyber tool to systems it can read, write, or change.
  2. Restrict agents to low-risk tasks before granting remediation authority.
  3. Require human approval for patch deployment, account disabling, firewall changes, and data deletion.
  4. Keep full logs of prompts, tool calls, data sources, outputs, and human approvals.
  5. Test prompt injection against connected workflows, not just chat windows.
  6. Check vendor support for EU AI Act, CRA, NIS2, UK code, and sector rules where relevant.
  7. Build patch prioritization around exposure, exploitation, automatability, and business impact.

OWASP’s 2025 LLM risk list puts prompt injection first and also flags insecure output handling, training data poisoning, model denial of service, and supply-chain weaknesses. Any AI cyber tool connected to live systems should be evaluated against those risk categories.

What Comes Next

The next phase will likely bring two tracks. One track will make AI cyber defense more common: managed patching, alert agents, cloud copilots, and automated detection engineering.

Another track will tighten controls around high-end capabilities, especially vulnerability discovery, exploit generation, autonomous scanning, and cyber use by foreign or untrusted actors.

The EU will keep layering AI Act obligations with the Cyber Resilience Act and NIS2. Separate Cyber Resilience Act rules make digital product security part of the market access picture. The U.S. will keep using CISA directives, federal procurement rules, model testing, and export-control tools. The UK code may gain more weight if ETSI standardization advances as planned.

Bottom Line

AI cyber tools are entering a regulated operational era. The winning tools will not be the flashiest demos.

They will be systems that prove who used them, what data they touched, what action they took, how humans approved risky steps, and how quickly fixes reached exposed assets. In 2026, speed matters, but controlled speed matters more.