リソース

Tensor Steganography and AI Cybersecurity

Tensor steganography exploits two key characteristics of deep learning models: the massive number of parameters (weights) in neural networks and the inherent imprecision of floating-point numbers. Learn about this novel technique that combines traditional steganography principles with deep-learning model structures.

Malware in LLM Python Package Supply Chains

The gptplus and claudeai-eng supply chain attack represents a sophisticated malware campaign that remained active and undetected on PyPI for an extended period. These malicious packages posed as legitimate tools for interacting with popular AI language models (ChatGPT and Claude) while secretly executing data exfiltration and system compromise operations.

How to Secure Your GitHub Actions Workflows with Snyk to Enhance JavaScript Security

Snyk provides a pre-built custom Snyk GitHub Actions workflow that you can add to your CI and saves you the trouble of managing the vulnerability scans using the Snyk CLI directly.

Path Traversal Vulnerability in Deep Java Library (DJL) and Its Impact on Java AI Development

A newly discovered path traversal vulnerability (CVE-2025-0851) in Deep Java Library (DJL) could allow attackers to manipulate file paths, exposing Java AI applications to security risks. Learn how this flaw impacts DJL users and how updating to version 0.31.1 mitigates the threat.

Security Risks with Python Package Naming Convention: Typosquatting and Beyond

Beware of typosquatting and misleading Python package names—one small mistake in pip install can expose your system to backdoors, trojans, and malicious code. Learn how attackers exploit package naming conventions and discover best practices to secure your open-source supply chain.

Simple Doesn't Always Mean Secure: Avoid this Golang XSS Pattern

Cross-site scripting (XSS) attacks are a web vulnerability that allows attackers to inject malicious scripts into web pages. Learn how to prevent and fix XSS scripting in Golang.

Preventing Broken Access Control in Python Flask Applications

If you code your Python Flask applications for modern SaaS-like business applications, it is surely a vulnerability. Learn how to prevent broken access control in Python Flask Applications.

Is TypeScript All We Need for Application Security?

What are the security controls and fallacies in TypeScript security? Securing TypeScript applications involves a multi-layered approach.

Understanding Server-Side Template Injection in Golang

SSTI can open the door to escalating security risks such as file inclusion, Cross-Site Scripting (XSS), or even Code Injection Attacks.

Can Machine Learning Find Path Traversal Vulnerabilities in Go? Snyk Code Can!

Explore how Snyk’s machine learning-powered security tools tackle path traversal vulnerabilities in Golang code. Learn how to secure your Go applications and challenge yourself to detect and exploit vulnerabilities like a pro!

DevSecOps の概要

DevSecOps とは、セキュリティの手法を DevOps ソフトウェアデリバリーモデルに統合することをいいます。その基盤は、プロセスとツールを通じて、開発者と運用者が安全なソフトウェアを提供する責任を共有する文化です。

AI Data Security: Risks, Frameworks, and Best Practices

Learn about the top data security risks of AI, along with frameworks for understanding protection and best practices for choosing AI tools.