Welcome to another_secpro!

As AI rapidly reshapes the cybersecurity landscape, security professionals are being pushed into unfamiliar territory—where models, data pipelines, and adversarial machine learning become part of the threat surface. This week’s edition is designed to help you navigate that shift.

We’re kicking things off with AI Security 101 (from our sister publication, cyber_ai), a structured series covering everything from the fundamentals of machine learning in security to emerging risks like adversarial attacks, AI-driven offensive techniques, and governance challenges. Whether you're just getting started or looking to operationalize AI securely, this provides a practical foundation.

Beyond that, we’re expanding The Library with curated tools, frameworks, and resources to accelerate your workflow, alongside News Bytes tracking a sharp rise in global cyber activity—from AI-driven threats to geopolitical escalation. Finally, we highlight key perspectives from across the blogosphere, including frameworks for AI risk scoring, chatbot security controls, and insights into the evolving cybersecurity market.

If you’re building, defending, or evaluating AI systems, this edition will give you both the context and the tools to stay ahead.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

AI Security is the new frontier that stands before many of us in this industry. It's hardly a surprise that cybersecurity has undergone a substantial change in light

1. What “Cybersecurity AI” Actually Means

2. Machine Learning 101 for Security Professionals

3. Threat Detection with AI: From Rules to Models

4. Adversarial Machine Learning Basics

5. What LLMs Can Do in Cybersecurity

6. Securing AI Models and Pipelines

7. AI-Enhanced Offensive Techniques

8. Privacy and Data Protection in AI Systems

9. AI Governance, Ethics, and Risk Management

10. Building a Security-Aware AI Workflow

You asked for tools and tutorials, so here are some tools and tutorials.

Each week, we’ll look at a selection of tools concerning AI and cybersecurity. Cast your vote for your favourite tool and we’ll share a quick tutorial on how to get started and how to get the most out of it the next week.

fr0gger/Awesome-GPT-Agents: A curated list of GPT agents for cybersecurity.

awesome-cybersecurity-blueteam: A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Anthropic-Cybersecurity-Skills: More than 730 structured cybersecurity skills for AI agents, covering MITRE ATT&CK, agentskills.io open standard, and works with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI & over 20 other platforms.

Lilith: A foundational reverse engineering resource for cybersecurity entrepreneurs in C++.

flowsint: A modern platform for visual, flexible, and extensible graph-based investigations. Forcybersecurityanalysts and investigators.

Dojo-101: "An offline cybersecurity knowledge base."

Iran-Linked Cyber Activity Escalates with Wiper Risk (Unit 42): Analysis shows a surge in destructive cyber operations tied to Middle East conflict, including thousands of phishing URLs, mobile malware delivery via fake alert apps, and increased likelihood of wiper attacks targeting high-value infrastructure.

Intelligence Report Highlights Raton RAT & INC Ransomware (CYFIRMA): Threat intel identifies active malware families leveraging phishing and social engineering for initial access, alongside espionage campaigns by Mustang Panda using DLL sideloading, credential dumping, and USB propagation.

Cyberattacks Spike 245% Following Iran Conflict (Black Arrow Cyber): Technical briefing notes a sharp rise in attacks targeting financial services and e-commerce, with adversaries increasingly using legitimate admin tools and stolen credentials to evade detection and enable large-scale disruption.

Teams Vishing & Cisco Exploitation (Kaseya): Incident roundup details ransomware causing municipal emergency declarations, active exploitation of Cisco firewall vulnerabilities, and a rise in Microsoft Teams vishing campaigns abusing enterprise collaboration platforms.

Email Threat Evasion Techniques (Hornetsecurity Security Lab): Analysis of M365 threats highlights adversaries bypassing detection via fuzzing and evasion, emphasizing email as a primary initial access vector in enterprise environments.

Law Enforcement Takedowns Are Training Cybercriminals (WSJ): Criminal groups are adapting rapidly to past disruptions, improving operational security and malware resilience after observing law enforcement techniques used in takedowns.

AI Expected to Drive Surge in Zero-Day Exploits (ITPro / RSAC Panel): Experts warn that AI could industrialize vulnerability discovery, potentially generating hundreds of zero-days weekly while also enhancing defensive capabilities.

Human Behavior Identified as Primary Security Weakness (TechRadar Pro): Security failures increasingly stem from user behavior, with attackers exploiting MFA fatigue and cognitive biases via social engineering and AI-assisted phishing.

Cyberattack on Polish Energy Sector Signals Escalation (AP News): A destructive attack linked to suspected Russian actors used wiper malware against energy infrastructure, marking a shift beyond financially motivated ransomware toward disruptive operations.

The Artificial Intelligence Risk Scoring System (AIRSS) – Part 1: Setting the Scope (Walter Haydock): This article introduces a structured methodology for quantifying AI-related cybersecurity risk. Haydock proposes a scoring system to evaluate exposure across data sensitivity, model behavior, and operational context. The piece is widely referenced within the newsletter’s series and generated strong engagement due to its practical framework for security teams adopting AI.

Chatbot Checklist: 5 Ways to Avoid AI-Powered Fails (Walter Haydock): A tactical guide focused on securing AI chatbots against misuse, data leakage, and reputational risk. It outlines five concrete controls—ranging from prompt constraints to monitoring pipelines—making it highly shareable among practitioners implementing LLM systems. Its actionable nature led to strong reader interaction and discussion.

Declaring a Truce on SaaS Security: This piece challenges the adversarial dynamic between vendors and enterprise security teams. Haydock argues for a cooperative model that reduces duplicated controls and improves overall risk posture. The contrarian framing sparked debate in comments and shares among SaaS security professionals.

How Cybersecurity Startups Win (and Why Most Don’t) (Ross Haleliuk): A strategic deep dive into the cybersecurity market, focusing on why many startups fail despite strong technology. It examines go-to-market misalignment, buyer psychology, and product-market fit in security.