Features – Help Net Security

In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure infrastructure. He outlines how EU regulations, including the Cyber Resilience Act and NIS2, are creating stronger accountability for vendors and organizations. ENISA is building out European vulnerability services to support member states. Carvalho also addresses how practitioners navigate conflicting … More → The post Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time appeared first on Help Net Security.

In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an attack surface. Habler walks through MemoryTrap, a disclosed and remediated method to compromise Claude Code’s memory, showing how a single poisoned memory object can spread across sessions, users, and subagents. He explains why AI memory needs the same governance as secrets and identities, and what organizations must rebuild … More → The post Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready appeared first on Help Net Security.

In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce the idea of Minimum Viable Vulnerability Enumeration (MVVE), a minimum set of assertions needed to confirm two systems describe the same vulnerability, and find no true minimum exists. Assertions vary by case and change over … More → The post Fixing vulnerability data quality requires fixing the architecture first appeared first on Help Net Security.

In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a single problem. Drawing on his experience across IBM and CyberArk, he describes the shift from human-driven systems to autonomous machines. Lohokare also shares how AppViewX, together with Eos, is building a unified approach that combines CLM, PKI, and agentic governance to secure these identities. … More → The post Bringing governance and visibility to machine and AI identities appeared first on Help Net Security.

In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts traditional hypothesis-driven methods. Instead of analysts defining attack vectors upfront, the AI scans datasets for anomalous patterns and surfaces potential threats. Taylor draws a firm line on responsibility: analysts must be able to explain their reasoning. When they cannot, the AI is steering the hunt. She also addresses enrichment, junior analyst development, … More → The post What vibe hunting gets right about AI threat hunting, and where it breaks down appeared first on Help Net Security.