Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark. - KeygraphHQ/shannon

An easy-to-use secure configuration generator for web, database, and mail software. Simply select the software you are using and receive a configuration file that is both safe and compatible.

Minimal CVE Hardened container image collection. Contribute to rtvkiz/minimal development by creating an account on GitHub.

How we handle 92 million compilations a year without everything catching fire

A good overview of techniques to avoid secrets leaking in shell

We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks resurface decades-old patterns of vulnerabilities that the web security community spent years building effective defenses against.

A secure local sandbox to run LLM-generated code using Apple containers - instavm/coderunner

See: https://lab.uberspace.de/howto_automatic-deployment/#securing-your-deployment-process-optional-advanced

A shared secret manager that works with public keys. Made by Candid, they have other cool software too.

All encryption is end-to-end, if you’re not picky about the ends. config TCG_TPM2_HMAC bool “Use HMAC and encrypted transactions on the TPM bus” default n select CRYPTO_ECDH select CRYPTO_LIB_AESCFB select CRYPTO_LIB_SHA256 select CRYPTO_LIB_UTILS help Setting this causes us to deploy a scheme which uses request and response HMACs in addition to encryption for communicating with the TPM to prevent or detect bus snooping and interposer attacks (see tpm-security.rst). Saying Y here adds some encryption overhead to all kernel to TPM transactions. Last year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers. That’s one of my sleeper agent activation phrases, so I dug in.

All encryption is end-to-end, if you’re not picky about the ends. config TCG_TPM2_HMAC bool “Use HMAC and encrypted transactions on the TPM bus” default n select CRYPTO_ECDH select CRYPTO_LIB_AESCFB select CRYPTO_LIB_SHA256 select CRYPTO_LIB_UTILS help Setting this causes us to deploy a scheme which uses request and response HMACs in addition to encryption for communicating with the TPM to prevent or detect bus snooping and interposer attacks (see tpm-security.rst). Saying Y here adds some encryption overhead to all kernel to TPM transactions. Last year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers. That’s one of my sleeper agent activation phrases, so I dug in.

A proposed standard that allows websites to define security policies.