AI-powered development platforms are making software creation accessible to a broader audience, but this democratization has triggered a scalability crisis in security auditing. With studies showing that up to 40% of AI-generated code contains vulnerabilities, the pace of development now vastly outstrips the capacity for thorough security assessment. We present MAPTA, a multi-agent system for autonomous web application security assessment that combines large language model orchestration with tool-grounded execution and end-to-end exploit validation. On the 104-challenge XBOW benchmark, MAPTA achieves 76.9% overall success with perfect performance on SSRF and misconfiguration vulnerabilities, 83% success on broken authorization, and strong results on injection attacks including server-side template injection (85%) and SQL injection (83%). Cross-site scripting (57%) and blind SQL injection (0%) remain challenging. Our comprehensive cost analysis across all challenges totals $21.38 with a median cost of $0.073 for successful attempts versus $0.357 for failures. Success correlates strongly with resource efficiency, enabling practical early-stopping thresholds at approximately 40 tool calls or $0.30 per challenge. MAPTA's real-world findings are impactful given both the popularity of the respective scanned GitHub repositories (8K-70K stars) and MAPTA's low average operating cost of $3.67 per open-source assessment: MAPTA discovered critical vulnerabilities including RCEs, command injections, secret exposure, and arbitrary file write vulnerabilities. Findings are responsibly disclosed, 10 findings are under CVE review.

The increasingly challenging task of maintaining power grid security requires innovative solutions. Novel approaches using reinforcement learning (RL) agents have been proposed to help grid operators navigate the massive decision space and nonlinear behavior of these complex networks. However, applying RL to power grid security assessment, specifically for combinatorially troublesome contingency analysis problems, has proven difficult to scale. The integration of quantum computing into these RL frameworks helps scale by improving computational efficiency and boosting agent proficiency by leveraging quantum advantages in action exploration and model-based interdependence. To demonstrate a proof-of-concept use of quantum computing for RL agent training and simulation, we propose a hybrid agent that runs on quantum hardware using IBM's Qiskit Runtime. We also provide detailed insight into the construction of parameterized quantum circuits (PQCs) for generating relevant quantum output. This agent's proficiency at maintaining grid stability is demonstrated relative to a benchmark model without quantum enhancement using N-k contingency analysis. Additionally, we offer a comparative assessment of the training procedures for RL models integrated with a quantum backend.

--This paper introduces a novel approach to the power system security assessment using Multi-T ask Learning (MTL), and reformulating the problem as a multi-label classification task. The proposed MTL framework simultaneously assesses static, voltage, transient, and small-signal stability, improving both accuracy and interpretability with respect to the most state of the art machine learning methods. It consists of a shared encoder and multiple decoders, enabling knowledge transfer between stability tasks. Experiments on the IEEE 68-bus system demonstrate a measurable superior performance of the proposed method compared to the extant state-of-the-art approaches. The power system security assessment (PSSA) is essential power application in energy management systems [1] apparatus that ensures the reliability and stability of energy delivery [2]. Power system operators routinely perform security assessments to ensure the system can withstand disturbances, typically involving steady-state and dynamic simulations every 15 minutes to prepare contingency plans for critical scenarios [3]. In recent years, mainly due to the ongoing changing landscape in the energy mix of electricity grids around the globe, conducting real-time PSSA has become more complex to the point that many power utilities may abandon this critical function. Instead, they rely solely on static security assessment, risking blackout as a result of dynamic instabilities.

Reinforcement learning (RL) agents are powerful tools for managing power grids. They use large amounts of data to inform their actions and receive rewards or penalties as feedback to learn favorable responses for the system. Once trained, these agents can efficiently make decisions that would be too computationally complex for a human operator. This ability is especially valuable in decarbonizing power networks, where the demand for RL agents is increasing. These agents are well suited to control grid actions since the action space is constantly growing due to uncertainties in renewable generation, microgrid integration, and cybersecurity threats. To assess the efficacy of RL agents in response to an adverse grid event, we use the Grid2Op platform for agent training. We employ a proximal policy optimization (PPO) algorithm in conjunction with graph neural networks (GNNs). By simulating agents' responses to grid events, we assess their performance in avoiding grid failure for as long as possible. The performance of an agent is expressed concisely through its reward function, which helps the agent learn the most optimal ways to reconfigure a grid's topology amidst certain events. To model multi-actor scenarios that threaten modern power networks, particularly those resulting from cyberattacks, we integrate an opponent that acts iteratively against a given agent. This interplay between the RL agent and opponent is utilized in N-k contingency screening, providing a novel alternative to the traditional security assessment.

Hierarchical federated learning (HFL) is a promising distributed deep learning model training paradigm, but it has crucial security concerns arising from adversarial attacks. This research investigates and assesses the security of HFL using a novel methodology by focusing on its resilience against adversarial attacks inference-time and training-time. Through a series of extensive experiments across diverse datasets and attack scenarios, we uncover that HFL demonstrates robustness against untargeted training-time attacks due to its hierarchical structure. However, targeted attacks, particularly backdoor attacks, exploit this architecture, especially when malicious clients are positioned in the overlapping coverage areas of edge servers. Consequently, HFL shows a dual nature in its resilience, showcasing its capability to recover from attacks thanks to its hierarchical aggregation that strengthens its suitability for adversarial training, thereby reinforcing its resistance against inference-time attacks. These insights underscore the necessity for balanced security strategies in HFL systems, leveraging their inherent strengths while effectively mitigating vulnerabilities.

This paper develops a novel machine learning-based framework using Semi-Supervised Multi-Task Learning (SS-MTL) for power system dynamic security assessment that is accurate, reliable, and aware of topological changes. The learning algorithm underlying the proposed framework integrates conditional masked encoders and employs multi-task learning for classification-aware feature representation, which improves the accuracy and scalability to larger systems. Additionally, this framework incorporates a confidence measure for its predictions, enhancing its reliability and interpretability. A topological similarity index has also been incorporated to add topological awareness to the framework. Various experiments on the IEEE 68-bus system were conducted to validate the proposed method, employing two distinct database generation techniques to generate the required data to train the machine learning algorithm. The results demonstrate that our algorithm outperforms existing state-of-the-art machine learning based techniques for security assessment in terms of accuracy and robustness. Finally, our work underscores the value of employing auto-encoders for security assessment, highlighting improvements in accuracy, reliability, and robustness. All datasets and codes used have been made publicly available to ensure reproducibility and transparency.

"Before providing services to the public that use generative AI products, a security assessment shall be applied for through national internet regulatory departments," the draft law, released by the Cyberspace Administration of China, reads. The draft law -- dubbed "Administrative Measures for Generative Artificial Intelligence Services" -- aims to ensure "the healthy development and standardised application of generative AI technology", it read. AI generated content, it continued, must "reflect core socialist values, and must not contain content on subversion of state power". It must also not contain, among other things, "terrorist or extremist propaganda", "ethnic hatred" or "other content that may disrupt economic and social order." The Cyberspace Administration of China said it was seeking public input on the contents of the new regulations, which under Beijing's highly centralised political system are almost certain to become law. The fresh regulations come as a flurry of Chinese companies including Alibaba, JD.com, Netease and TikTok-parent Bytedance rush to develop services that can mimic human speech since San Francisco-based OpenAI launched ChatGPT in November, sparking a gold rush in the market.

Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and potential vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

A multivariate density forecast model based on deep learning is designed in this paper to forecast the joint cumulative distribution functions (JCDFs) of multiple security margins in power systems. Differing from existing multivariate density forecast models, the proposed method requires no a priori hypotheses on the distribution of forecasting targets. In addition, based on the universal approximation capability of neural networks, the value domain of the proposed approach has been proven to include all continuous JCDFs. The forecasted JCDF is further employed to calculate the deterministic security assessment index evaluating the security level of future power system operations. Numerical tests verify the superiority of the proposed method over current multivariate density forecast models. The deterministic security assessment index is demonstrated to be more informative for operators than security margins as well.

Trail of Bits has manually curated a wealth of data--years of security assessment reports--and now we're exploring how to use this data to make the smart contract auditing process more efficient with Slither-simil. Based on accumulated knowledge embedded in previous audits, we set out to detect similar vulnerable code snippets in new clients' codebases. Specifically, we explored machine learning (ML) approaches to automatically improve on the performance of Slither, our static analyzer for Solidity, and make life a bit easier for both auditors and clients. Currently, human auditors with expert knowledge of Solidity and its security nuances scan and assess Solidity source code to discover vulnerabilities and potential threats at different granularity levels. Slither-simil, the statistical addition to Slither, is a code similarity measurement tool that uses state-of-the-art machine learning to detect similar Solidity functions.