Featured Issues

Learning about risk, CISA, and stepping upLast chance! It's nearly here!We're into our final week before we host a range of big names in the business talking about what they know best - practical security in the age of AI. Drawing on a wealth of experience, they have plenty to share and will join myself for a day of insights, explorations, and, most importantly for you, discussions that build and rebuild our understanding of the landscape in these new, particular challenges.As a thank you for your continued subscription and engagement, we've even managed to get a code especially for you, my reader: by using SECPRO60, you get 30% and can book your tickets without breaking the bank. What more could you ask for?Check out the link below and clear out your calendar for next Saturday!Check it out on Eventbrite!#214: Risky BusinessLearning about risk, CISA, and stepping upWelcome to another_secpro!In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Risk-Based Audit Planning.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefHere's a little meme to keep you going...Source: RedditThis week's articleRisk-Based Audit PlanningRisk-based audit planning prioritizes the high-risk areas of an organization so as to maximize the effectiveness of the audit. By focusing on areas with the greatest potential for financial loss, compliance issues, or operational inefficiencies, auditors can proactively identify vulnerabilities and support management in making informed decisions.Read the rest here!Interested in our Next-Gen AI Conference?If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.Introducing Mark SimosMark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.Check out the conference on Eventbrite!Introducing Nikhil KumarNikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.Check out the conference on Eventbrite!News BytesThousands kept waiting for Land Rovers after hack: UK-based automaker Jaguar Land Rover (JLR) experienced a sharp production halt across several plants due to a cyberattack, affecting operations and causing delays in vehicle deliveries. The attack was attributed to a hacker alias “Rey” from the Scattered Lapsus Hunters 4.0 group. While no customer data loss has been confirmed, authorities are investigating.Cybersecurity failures rock FEMA and 24 IT staff fired: U.S. Homeland Security Secretary Kristi Noem dismissed two dozen FEMA IT staff following serious cybersecurity mishandlings. The incident involved reactivating compromised credentials after they had been disabled, despite nearly $500 million spent on cybersecurity in FY 2025. The breach may involve state-linked Chinese hackers exploiting Microsoft vulnerabilities.SentinelOne earnings point to strong AI-driven cybersecurity demand: SentinelOne delivered better-than-expected Q2 2026 results, pushing annual recurring revenue above $1 billion and raising full-year guidance. The surge was driven by increased demand for AI-shielded cybersecurity solutions, including its acquisition of Prompt Security. Analysts attribute growth to rising generative-AI threats and tighter regulatory demands.The Resilient Retailer’s Guide to Proactive Cyber Defense: Retailers such as Co-operative and M&S are under rising threat from SIM-swapping and misconfigured appliances. This guide offers a defense blueprint: strong security hygiene, enforced password policies, timely patching, employee training, MDR services, and “assume breach” readiness help mitigate risks and safeguard reputations.Chinese hackers infiltrated critical British infrastructure: GCHQ revealed that Chinese state-sponsored group Salt Typhoon has compromised the UK’s critical infrastructure—telecoms, transport, and governmental systems—as part of a broader global espionage campaign. Active since 2021, the group is linked to multiple Chinese firms, with operations traced in 80 countries, including sensitive targeting of the UK’s NCSC.Grok's security measures have been potentially bypassed, allowing for millions to be affected with malware: Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.This week's academiaPatient Care Technology Disruptions Associated With the CrowdStrike Outage (Jeffrey L. Tully; Sumanth Rao; Isabel Straw; Rodney A. Gabriel; Christopher A. Longhurst; Stefan Savage; Geoffrey M. Voelker; Christian J. Dameff): Cross-sectional study of 2,232 U.S. hospitals showing widespread disruptions to patient-facing and operational systems during the July 2024 CrowdStrike incident; proposes internet-measurement methods to monitor critical healthcare tech in real time.LLM Agents Can Autonomously Exploit One-Day Vulnerabilities (Richard Fang; Xinye Li; Mohit Iyyer; Yixuan Li; Yanjun Qi; David Evans; Neil Gong; Z. Morley Mao; Aurore Fass; Danqi Chen; et al.): Shows that language-model agents, given tools and goals, can autonomously find and exploit freshly disclosed (“one-day”) software bugs, raising urgent questions about automated vulnerability exploitation and defenses.On the Feasibility of Using LLMs to Execute Multistage Network Attacks (Aidan D. Singer; Mark Goldstein; Pang Wei Koh; Adam Gleave; Micah Goldblum; Zico Kolter; Dan Hendrycks) Evaluates whether modern LLMs can plan and carry out realistic, multi-step network intrusions; reports non-trivial success on chained attack tasks and analyzes controls needed to prevent misuse.Con Instruction: Universal Jailbreaking of Multimodal LLMs via Non-Textual Modalities (Zhichao Geng; Haohan Wang; Shiyu Chang; Bo Li; Huan Zhang; et al.): Demonstrates a general jailbreak strategy for multimodal models by embedding adversarial “instructions” in images/audio/etc., transferring across models and tasks; highlights weaknesses beyond text-only prompts.Injecting Universal Jailbreak Backdoors into LLMs in Minutes (Zhuowei Chen; Qiannan Zhang; Shichao Pei): Introduces JailbreakEdit, a model-editing method that plants a universal jailbreak backdoor post-training—in minutes—without dataset poisoning, preserving model utility while reliably bypassing safety.Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack (Piotr Przymus; Thomas Durieux):Forensically reconstructs the XZ backdoor (CVE-2024-3094), showing how long-term social engineering and project maintenance tactics enabled the attack; offers actionable lessons for OSS governance and CI/CD.Source: Reddit*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Meta gets shaky, healthcare gets AI push, Microsoft and Amazon catching up AI_Distilled #109: What’s New in AI This Week Looks like fall is coming. To begin this crispy month, we have a news roundup specially curated for you. The AI landscape is blazing hot with talent wars, new models, competitive launch plans and pivotal strategy shifts. Let’s go and check what happened this week. LLM Expert Insights, Packt 📈LATEST DEVELOPMENT Rivals heat up the competition It looks like DeepSeek is continuing to challenge OpenAI, while Garmin is keeping Apple on its toes. DeepSeek aims to launch AI agent rival to OpenAI DeepSeek plans to release a successor to its R1 model by the end of 2025, an AI agent capable of completing complex, multi-step tasks with minimal user input (Bloomberg). Garmin unveils high-end outdoor smartwatch ahead of Apple Garmin has introduced a rugged, top-tier sports smartwatch designed for hikers, launching just days before Apple’s expected update, signaling strong competition in the premium wearable segment (Bloomberg). Google on new models spree It looks like Google is swiftly and silently working its way through compact models and ones that everyone can use and released three new models in the last month, Gemma 3 270M, Embedding Gamma, and Nano Banana for the Gemini app. Gemma 3 270M Google introduces Gemma 3 270M, a new, compact AI model from the Gemma family. With 270 million parameters, it is designed for efficient fine-tuning and is ideal for on-device and research applications (Google Developers Blog/Gemma). EmbeddingGemma is a new, open embedding model for on-device AI. The 308 million parameter model is highly efficient and designed for offline use, making it suitable for privacy-sensitive applications (Google Developers Blog/Gemma). Gemini's Image Editing Model The Gemini app has a major upgrade to its image editing with a new model from Google DeepMind. The tool preserves a subject's likeness while editing images, and all creations are marked with a visible and invisible SynthID digital watermark (Google Blog/Gemini). Meta is not happy with their models? Meta’s AI leadership is considering an unusual step – using rival models from Google or OpenAI to improve Meta’s own AI chatbot features. This internal discussion signals that Meta (despite developing Llama models) might pragmatically integrate outside large-language models to boost AI capabilities in Instagram, Facebook and its other apps (The Information). Apple plans Siri overhaul with Gemini Gemini – Google’s forthcoming generative AI model – is emerging as a key strategic asset. Reports indicate Apple’s planned Siri overhaul will rely on Google’s Gemini models for AI search and responses. This rumored Apple–Google deal (leaked via Bloomberg) suggests Google’s multi-modal Gemini system could soon power Siri’s intelligence, underscoring Gemini’s expected capabilities (TechCrunch). Microsoft and Amazon slowly catching up Microsoft and Amazon are warming up with their new tools and models. While, Microsoft is moving beyond OpenAI with its own models, Amazon is pushing deeper into AI-driven shopping with a new visual search tool. Microsoft debuts in-house AI After years of partnering with OpenAI, Microsoft quietly unveiled its own large models. It introduced MAI-1-preview (text) and MAI-Voice-1 – the company’s first fully homegrown AI models. This strategic shift could complicate the Microsoft–OpenAI alliance. Microsoft claims MAI-1 is “up there with the world’s best models,” though no benchmarks are public yet. The move shows Microsoft doubling down on internal R&D, even as it continues to integrate OpenAI tech across products ((The Verge)). Amazon introduces AI visual search Amazon launched Lens Live, a real-time AI shopping assistant in its mobile app. The feature uses your smartphone camera to instantly recognize products and find matches from Amazon’s catalog – essentially Amazon’s version of Google Lens for shopping. It integrates Rufus, Amazon’s AI assistant, into the camera view to provide product details and Q&A on the fly. Rolling out to tens of millions of iOS users, Lens Live aims to own the “see it, buy it” impulse moment and keep Amazon ahead in visual commerce (TechCrunch). 📈HIDDEN GEMS - AI TOOLS Vibe coding has a growing ecosystem of tools to support both developers and non-developers. Some of the popular tools include Bolt, Copilot, Cursor, Lovable, Replit, and Windsurf. You can use these tools to create applications using natural language, dramatically reducing the time from idea to deployment. If you are prototyping new systems, these tools will help you quickly create and demo your proof of concepts. Each tool takes a slightly different approach, from assisting professional engineers to empowering complete beginners. Lovable, Cursor, and Replit, have gained spotlight in recent times and are known for their market traction, innovative features, and active user communities. LOVABLE Description: Lovable enables non-technical users to create full-stack apps using natural language. It integrates frontend, backend, and deployment seamlessly. Pricing starts free, with a $25/month Pro plan. The community praises its ease of use but notes limitations for complex production projects. CURSOR Description: Cursor reimagines VS Code as an AI-native IDE, offering contextual autocomplete, refactoring, Bugbot debugging, and background agents. Plans range from free to ~$400/month based on your requirements. Developers value its deep AI integration but have criticized recent confusing pricing changes. REPLIT Description: Replit provides a browser-based IDE with AI assistants, collaborative editing, and deployment tools. Pricing spans from free to $20/month (Core) and $35/month (Teams). Users appreciate its accessibility and teamwork features, though AI usage caps frustrate heavy coders. Become the AI Generalist that makes big $$ Using AI Join Outskill's 2 day AI- Mastermind this weekend (usually for $895) and become an AI expert. When: Saturday and Sunday, 10 AM - 7 PM. Register Now for Free EXPERT INSIGHTS Lior Gazit, Expert Instructor at 'Build AI Agents Over The Weekend (Cohort 2)' September 13–14 (Sat–Sun)Live & Online | Limited SeatsLangChain, AutoGen, CrewAI | Hands-on Workshop By Lior Gazit Advanced LLM Techniques and Multi-Agent Systems: Exploring RAGs, routing, and real-world LLM engineering In my latest technical talk, I go beyond the basics of LLMs and explore what it takes to build LLM-based systems with real-time decision-making, cost controls, and composable orchestration. These are accompanied with standalone Jupyter notebooks. We’ll cover... Read the full article on Substack → Sign Up for the Event Built something cool? Tell us. Whether it's a scrappy prototype or a production-grade agent, we want to hear how you're putting generative AI to work. Drop us your story at nimishad@packtpub.com or reply to this email, and you could get featured in an upcoming issue of AI_Distilled. 📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us. If you have any comments or feedback, just reply back to this email. Thanks for reading and have a great day! That’s a wrap for this week’s edition of AI_Distilled 🧠⚙️ We would love to know what you thought—your feedback helps us keep leveling up. 👉 Drop your rating here Thanks for reading, The AI_Distilled Team (Curated by humans. Powered by curiosity.) *{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}