Unified Threat Detection and Mitigation Framework (UTDMF): Combating Prompt Injection, Deception, and Bias in Enterprise-Scale Transformers

arXiv:2510.04528v1 Announce Type: new Abstract: The rapid adoption of large language models (LLMs) in enterprise systems exposes vulnerabilities to prompt injection attacks, strategic deception, and biased outputs, threatening security, trust, and fairness. Extending our adversarial activation patching framework (arXiv:2507.09406), which induced deception in toy networks at a 23.9% rate, we introduce the Unified Threat Detection and Mitigation Framework (UTDMF), a scalable, real-time pipeline...

How to Close Threat Detection Gaps: Your SOC's Action Plan

Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren't the alerts that can be dismissed quickly, but the ones that hide

Memory-Augmented Log Analysis with Phi-4-mini: Enhancing Threat Detection in Structured Security Logs

arXiv:2510.00529v1 Announce Type: new Abstract: Structured security logs are critical for detecting advanced persistent threats (APTs). Large language models (LLMs) struggle in this domain due to limited context and domain mismatch. We propose \textbf{DM-RAG}, a dual-memory retrieval-augmented generation framework for structured log analysis. It integrates a short-term memory buffer for recent summaries and a long-term FAISS-indexed memory for historical patterns. An instruction-tuned...

SoK: Systematic analysis of adversarial threats against deep learning approaches for autonomous anomaly detection systems in SDN-IoT networks

arXiv:2509.26350v1 Announce Type: new Abstract: Integrating SDN and the IoT enhances network control and flexibility. DL-based AAD systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses, significantly degrading detection accuracy. Existing research lacks a systematic analysis of adversarial vulnerabilities specific to DL-based AAD systems in...

Open-sourced a new way to secure Copilot Studio AI Agents

Hey everyone, I just open-sourced a small project you can use as a security team. It is a security layer for your Copilot Studio Agents - you can catch risky inputs, control outputs, and add your own rules without breaking the flow. Microsoft recently launched Threat Detection and Protection for Copilot Studio , and this repo is my open-source spin on experimenting with this new preview feature. Would love for you to try it out, share feedback, or even jump in to contribute! 👉...

Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation

arXiv:2509.20411v1 Announce Type: new Abstract: Machine learning-based cybersecurity systems are highly vulnerable to adversarial attacks, while Generative Adversarial Networks (GANs) act as both powerful attack enablers and promising defenses. This survey systematically reviews GAN-based adversarial defenses in cybersecurity (2021--August 31, 2025), consolidating recent progress, identifying gaps, and outlining future directions. Using a PRISMA-compliant systematic literature review protocol,...

Sigma Rules Decoded: Building Effective Threat Detection at Scale

I put together a practical guide to implementing Sigma rules for vendor-agnostic threat detection that actually works, with strategies to overcome common challenges and build a mature detection engineering practice. Please take the time to read and looking forward for your feedback here, thank you! submitted by /u/samerfarida [link] [comments]

AQUA-LLM: Evaluating Accuracy, Quantization, and Adversarial Robustness Trade-offs in LLMs for Cybersecurity Question Answering

arXiv:2509.13514v1 Announce Type: new Abstract: Large Language Models (LLMs) have recently demonstrated strong potential for cybersecurity question answering (QA), supporting decision-making in real-time threat detection and response workflows. However, their substantial computational demands pose significant challenges for deployment on resource-constrained edge devices. Quantization, a widely adopted model compression technique, can alleviate these constraints. Nevertheless, quantization may...

Stamus and SentinelOne Expand Partnership for AI-Powered Security

Enhanced Collaboration Positions Clear NDR(R) as Essential Network Intelligence Foundation for AI Security Investments Stamus(R), a global innovator of network-based threat detection and response (NDR) systems, and SentinelOne(R), the leader in AI-native security, today announced the next phase of their partnership focused on delivering comprehensive go-to-market initiatives that will better address network...

Bridging Threat Models and Detections: Formal Verification via CADP

arXiv:2509.13035v1 Announce Type: new Abstract: Threat detection systems rely on rule-based logic to identify adversarial behaviors, yet the conformance of these rules to high-level threat models is rarely verified formally. We present a formal verification framework that models both detection logic and attack trees as labeled transition systems (LTSs), enabling automated conformance checking via bisimulation and weak trace inclusion. Detection rules specified in the Generic Threat Detection...

Media Alert: DeepTempo at CrowdStrike Fal.Con 2025

DeepTempo, a pioneer in behavioral threat detection powered by deep learning, will join Cribl at CrowdStrike Fal.Con 2025 in Las Vegas. DeepTempo team members will be available onsite to share how their foundation model, LogLM, flips the script on AI-enabled adversaries and integrates with the Cribl platform to help enterprises defend against modern...

Enhancing IoMT Security with Explainable Machine Learning: A Case Study on the CICIOMT2024 Dataset

arXiv:2509.10563v1 Announce Type: new Abstract: Explainable Artificial Intelligence (XAI) enhances the transparency and interpretability of AI models, addressing their inherent opacity. In cybersecurity, particularly within the Internet of Medical Things (IoMT), the black-box nature of AI-driven threat detection poses a significant challenge. Cybersecurity professionals must not only detect attacks but also understand the reasoning behind AI decisions to ensure trust and accountability. The...

Navigating Amazon GuardDuty protection plans and Extended Threat Detection

Organizations are innovating and growing their cloud presence to deliver better customer experiences and drive business value. To support and protect this growth, organizations can use Amazon GuardDuty, a threat detection service that continuously monitors for malicious activity and unauthorized behavior across your AWS environment. GuardDuty uses artificial intelligence (AI), machine learning (ML), and anomaly

Exabeam, Cribl Partner to Boost Threat Detection with AI Data Pipelines

Partnership advances an outcome-driven data strategy, decoupling security outcomes from data volume Exabeam, a global leader in intelligence and automation that powers security operations, and Cribl, the Data Engine for IT and Security, today announced an evolution of their strategic partnership designed to break the trade-off between cost and visibility. Building...

Intelligent threat detection for defence SOCs

Is this a good starting point for my security career?

Hey everyone, I'm 23 and have been working as a Security Consultant for the past year at a major bank. My main responsibilities are: • Overseeing the Microsoft Defender suite (Defender for Endpoint, Identity, Office 365, and Cloud Apps). • Monitoring, investigating, and responding to security incidents. • Handling change requests and resolving tickets through ServiceNow. • Working with a senior consultant who's been mentoring me on threat detection and incident response. I'm currently studying...

SAGE: Sample-Aware Guarding Engine for Robust Intrusion Detection Against Adversarial Attacks

arXiv:2509.08091v1 Announce Type: new Abstract: The rapid proliferation of the Internet of Things (IoT) continues to expose critical security vulnerabilities, necessitating the development of efficient and robust intrusion detection systems (IDS). Machine learning-based intrusion detection systems (ML-IDS) have significantly improved threat detection capabilities; however, they remain highly susceptible to adversarial attacks. While numerous defense mechanisms have been proposed to enhance...

Exabeam Expands Insider Threat Detection to AI Agents on Google Cloud

Exabeam unlocks visibility into AI agent behavior to detect intent, drift, and compromise where legacy tools fail At Google Cloud's pioneering Security Innovation Forum, Exabeam, a global leader in intelligence and automation that powers security operations, today announced the integration of Google Agentspace and Google Cloud's Model Armor telemetry into the...

dope.security Integrates with CrowdStrike Falcon Next-Gen SIEM

Integration ingests dope.swg web security telemetry into Falcon Next-Gen SIEM, boosting threat detection and reducing attacker dwell time dope.security, the fly-direct Secure Web Gateway (SWG), today announced a partnership with CrowdStrike, enabling customers to ingest and action dope.swg security data with CrowdStrike Falcon(R) Next-Gen SIEM. With this new integration, organizations are...

Quantum AI Algorithm Development for Enhanced Cybersecurity: A Hybrid Approach to Malware Detection

arXiv:2509.05370v1 Announce Type: new Abstract: This study explores the application of quantum machine learning (QML) algorithms to enhance cybersecurity threat detection, particularly in the classification of malware and intrusion detection within high-dimensional datasets. Classical machine learning approaches encounter limitations when dealing with intricate, obfuscated malware patterns and extensive network intrusion data. To address these challenges, we implement and evaluate various QML...