惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
量子位
M
MIT News - Artificial intelligence
Y
Y Combinator Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
雷峰网
雷峰网
I
InfoQ
罗磊的独立博客
博客园 - 聂微东
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
博客园 - 三生石上(FineUI控件)
The GitHub Blog
The GitHub Blog
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
H
Help Net Security
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
WordPress大学
WordPress大学
T
Tenable Blog
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - Franky
A
Arctic Wolf
T
Threatpost
Scott Helme
Scott Helme
C
Cybersecurity and Infrastructure Security Agency CISA
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
Security Latest
Security Latest
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
S
Schneier on Security
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com

Help Net Security

ChatGPT advanced account security adds passkeys and hardware keys Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months Automating Pentest Delivery: A Step-by-Step Guide - PlexTrac Open-source privacy proxy masks PII before prompts reach external AI services Shadow AI risks deepen as 31% of users get no employer training Identity is the control plane for distributed infrastructure AI traffic is getting bigger, louder, and less predictable New infosec products of the month: April 2026 cPanel zero-day exploited for months before patch release (CVE-2026-41940) Cisco releases open-source toolkit for verifying AI model lineage Met Police face criticism for using AI to spy on their own officers Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Hacker with a special interest in breaching sports institutions ends behind bars - Help Net Security IP Fabric MCP server adds governance and control to enterprise AIOps workflows - Help Net Security Aqua Compass MCP server enables real-time investigation and containment of runtime threats - Help Net Security Google brings instant email verification to Android, no OTP needed - Help Net Security If cyber espionage via HDMI worries you, NCSC built a device to stop it - Help Net Security Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) - Help Net Security GopherWhisper APT group hides command and control traffic in Slack and Discord - Help Net Security OpenAI tackles a bad habit people have when interacting with AI - Help Net Security A year in, Zoom's CISO reflects on balancing security and business - Help Net Security Scenario: Open-source framework for automated AI app red-teaming - Help Net Security GDPR works, but only where someone enforces it - Help Net Security Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security Google’s Workspace Intelligence promises privacy while running on your data - Help Net Security Cyberattack on French government agency triggers phishing alert - Help Net Security Claude Mythos finds 271 Firefox flaws, Mozilla believes zero-days are numbered - Help Net Security Prove Identity Platform connects verification, authentication, and fraud prevention - Help Net Security New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security Acronis GenAI Protection gives MSPs control over AI usage and data risks - Help Net Security Elastic MCP Apps bring security and observability workflows into AI tools - Help Net Security Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) - Help Net Security Tencent's QClaw AI agent app arrives on Windows and macOS - Help Net Security Phishing reclaims the top initial access spot, attackers experiment with AI tools - Help Net Security OneDrive updates focus on AI, access control, and compliance - Help Net Security PentAGI: Open-source autonomous AI penetration testing system - Help Net Security Apple Intelligence flaw kept stolen tokens reusable on another device - Help Net Security Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook - Help Net Security Thunderbird 150 arrives with encrypted message search and OpenPGP improvements - Help Net Security VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes - Help Net Security Ransomware negotiator admits role in attacks he was hired to resolve - Help Net Security Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency Ivanti Neurons AI automates IT operations, reducing manual work and security risk Silobreaker Mimir adds agentic AI to intelligence workflows with governance and transparency - Help Net Security OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) A single platform powers SIM farm proxy networks across 17 countries - Help Net Security NGate NFC malware targets Android users through trojanized payment app - Help Net Security Meta and PortSwigger drive offensive security further to find what others miss - Help Net Security EU pushes for stronger cloud sovereignty, awards €180 million to four providers - Help Net Security SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines - Help Net Security How to spot a North Korean fake in a job interview - Help Net Security Product showcase: Syncthing for secure, private file synchronization - Help Net Security Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits Google wipes out 602 million scam ads with Gemini on duty Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild GitLab 18.11 brings agentic AI to security fixes, CI pipelines, and delivery analytics Liongard upgrades LiongardIQ with AI access, live asset data, and deeper discovery Mozilla challenges enterprise AI providers with Thunderbolt, open-source AI client under your control Codex can now operate between apps. Where are the boundaries? Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits Apple AirTag tracking can be misled by replayed Bluetooth signals Social media bans might steer kids into riskier corners of the internet Workplace stress in 2026 is still worse than before the pandemic New infosec products of the week: April 17, 2026 - Help Net Security ImmuniWeb brings AI upgrades, post-quantum detection and more in Q1 2026 NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards - Help Net Security Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) - Help Net Security Google Play is changing how Android apps access your contacts and location Tails 7.6.2 patches vulnerability that could expose saved files Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug Two US nationals jailed over scheme that generated $5 million for the North Korean regime Product showcase: Ente Auth encrypts, backs up, and syncs 2FA Wi-Fi roaming security practices for access network providers and identity providers European AI spending set to hit $290 billion by 2029 Windows is getting stronger RDP file protections to fight phishing attacks Capsule Security debuts with $7 million funding to secure AI agent behavior Hackers hijacked CPUID downloads, served STX RAT to victims $12 million frozen, 20,000 victims identified in crypto scam crackdown Rockstar Games receives “pay or leak” warning after cyberattack Google makes it harder to exploit Pixel 10 modem firmware Siemens expands Industrial Automation DataCenter with edge AI and cybersecurity Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) Seized VerifTools servers expose 915,655 fake IDs, 8 arrested Fixing vulnerability data quality requires fixing the architecture first ZeroID: Open-source identity platform for autonomous AI agents MITRE releases a shared fraud-cyber framework built from real attack data The fully free Linux OS Trisquel gets a major update with version 12.0 Ecne Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast ClickFix campaign delivers Mac malware via fake Apple page Poisoned “Office 365” search results lead to stolen paychecks Gmail’s end-to-end encryption comes to mobile, no extra apps required To counter cookie theft, Chrome ships device-bound session credentials Product showcase: Session, a messenger without phone numbers or metadata Little Snitch for Linux shows what your apps are connecting to - Help Net Security Apiiro CLI turns AI coding assistants into full-stack security engineers - Help Net Security April 2026 Patch Tuesday forecast: Spring-cleaning of a preview - Help Net Security What vibe hunting gets right about AI threat hunting, and where it breaks down - Help Net Security Health insurance lead sites sell personal data within seconds of form submission - Help Net Security
The SOC's visibility gap comes down to staffing - Help Net Security
Mirko Zorz · 2026-06-17 · via Help Net Security

AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third of those same teams have built these tools into a defined workflow with structure, governance, and consistent validation. The rest pick up AI on their own, case by case, with no shared playbook for how it gets used or checked.

AI in the SOC

That splits the AI story in the latest SANS SOC Survey into two parts. Adoption is widespread. Integration trails behind it. The survey, now in its tenth year, draws on 444 responses from people working in monitoring and security operations roles, with a separate set of questions answered by senior executives.

AI tools can produce confident, well-formatted answers, and an analyst who trusts that output without the skill to question it becomes the weak point. Several SANS instructors land on the same observation. The danger sits with the person who accepts the result, and with a tool that looks authoritative even when it is wrong.

Leaders and their teams describe different organizations

The survey includes a section answered by CISOs and VP-level leaders, and their answers complicate the main findings. Executives and practitioners describe the same organization and reach different conclusions about how well it works.

The sharpest example sits in staffing. A majority of cyber leaders say management pays close attention to SOC hiring and retention needs. About a third of practitioners agree. That 27-point spread has held across every year the question has been asked. Executives describe their intent. Practitioners describe their experience. Both accounts are accurate, and the distance between them is where retention problems begin.

The effect reaches past morale. When the people who run the SOC feel that leadership overlooks their staffing needs, the team loses the ability to build institutional knowledge and grow junior analysts into senior ones. That continuity is what a serious threat environment demands.

What keeps analysts around

The survey has tracked retention drivers for a decade, and the answer stays steady. Meaningful work ranks first for the third year running, followed by career progression and training. Compensation sits in fourth place.

The point lands for organizations that cannot win a bidding war on salary. They can still offer challenging assignments, a visible career path, and investment in development. Teams that lead with raises and skimp on those three are solving for the wrong thing.

Visibility sits underneath every other decision

Cyber leaders point to one barrier above the rest: a shortage of enterprise-wide visibility. Practitioners name a lack of skilled staff first. These describe one problem from two angles. Leadership cannot see the whole environment. The team cannot get the headcount to instrument it.

The two feed each other. Thin staffing leaves parts of the environment uninstrumented, so leaders cannot see the scope of what they are missing, which makes the case for more headcount harder to win. Closing one side alone leaves both open. One SANS instructor traces much of the visibility problem to identity, a part of the environment many teams assume they cover and rarely engineer with the same care they give endpoints.

Intelligence guides the day more than the budget

Threat intelligence has become standard in the SOC. Most teams apply it to incident response, threat hunting, and daily defense. A smaller share lets it inform what the organization funds for the year ahead.

Intelligence tells an organization which threats are active and which assets attackers target. That information belongs in a budget conversation. Most teams keep it on the analyst’s desk and set annual spending from vendor proposals and past patterns. Over time, intelligence that never touches investment loses standing with leadership and slides toward being a cost center that gets tolerated.

The wider message across ten years of this data is steady. The SOC absorbs change at a deliberate speed, on its own terms. AI arrives quicker than that rhythm allows, and the next few years will test whether the structures that govern security operations can keep up with the tools they are asked to manage.

Download: Secure Foundations for AI Workloads on AWS