An AIBOM lists everything that went into producing an AI model — base model, training data, fine-tuning corpora, dependencies, evaluation results. The concept is borrowed from software supply-chain security and increasingly required by regulators. Here is what an AIBOM actually contains and why it matters.
Browsing: Uncategorized
Pre-LLM phishing was constrained by language. Post-LLM phishing is not. The result is a measurable upgrade in lure quality, a wider reach into non-English-speaking markets, and an emerging class of personalised attacks that were previously economically unviable.
Deepfake video and AI voice cloning have moved from research demos to operational tools used in fraud, fraud-driven CEO scams, election interference, and harassment. Here is the actual state of the technology, the real incidents, and what defences exist.
AI is now in nearly every security product’s marketing copy. Some of it has changed the game; some of it has not changed anything. Here is a category-by-category honest assessment of where machine learning has actually moved the security needle and where the marketing has run ahead of the technology.
Prompt injection is the SQL injection of the LLM era — easy to demonstrate, hard to fully defend against, and present in essentially every commercial LLM application. Here is what it is, why it persists, and the realistic mitigation playbook.
Differential privacy is the mathematical technique that lets a company compute aggregate statistics over its users while provably bounding what can be learned about any individual. Apple, Google, and the US Census Bureau use it. Here is how it actually works, where the guarantee holds, and where it fails.
The two mobile operating systems have arrived at recognisably different privacy postures over the past five years. Apple’s App Tracking Transparency, Google’s Privacy Sandbox, and the steady accretion of features in both have produced a comparison that is still close — but no longer symmetric.
Every connection on the internet starts with a DNS lookup, and for most of the internet’s history those lookups have been completely unencrypted. The shift to encrypted DNS — DoH, DoT, ECH — is one of the quieter but most consequential privacy upgrades of the decade.
Virtual Private Networks are aggressively marketed as solving privacy and security problems they often do not solve. Here is what a VPN actually does, the realistic threat model where it helps, and how to evaluate which providers are credible in 2026.
Even with all cookies blocked and all trackers disabled, the browser leaks enough information to be uniquely identified across the web. Browser fingerprinting is the surveillance technology that makes “private browsing” much less private than the name suggests.