Abhishek Arya
@infernosec
Followers
5K
Following
315
Media
13
Statuses
1K
Principal Engineer, AI Security at Google
California, USA
Joined May 2009
π¨ Our amazing #FUZZING'24 keynotes are online! "Reasons for the Unreasonable Success of Fuzzing" by Thomas Dullien (@halvarflake) https://t.co/Q0tyqEiqv6 "Is 'AI' useful for fuzzing?" by Brendan Dolan-Gavitt (@moyix) https://t.co/EqdkWNxI8C //@mboehme_, @lszekeres
2
47
109
Sharing slides and video for my keynote at OSS EU'24: "Securing the software commons: Standards, Automation, and AI for a Resilient Open Source Future" Slides: https://t.co/XmMfjeo6QX Video:
1
9
38
Live now at #OSSummit: Securing the Software Commons: Standards, Automation, and AI for a Resilient Open Source Future - Abhishek Arya, Principal Engineer, Google Open Source and Supply Chain Security, Google Keynote Livestream:
2
3
8
π Abhishek Arya from Google delivers a keynote on "Securing the Software Commons: Standards, Automation, & AI for a Resilient Open Source Future." He highlights frameworks like SLSA, OpenSSF Scorecard, and more for building a safe and secure software supply chain. #OSSSummit
0
2
14
Join Abhishek Arya @infernosec at Open Source Summit EU as he discusses how Standards, Automation and AI can transform OSS security, scaling our defenses to meet growing threats. #OSSummit Listen Sept. 16 β https://t.co/FhHQeJ1qew
3
2
7
This week we've added another 8 trophies to OSS-Fuzz-Gen (for a total of 14)! These are vulnerabilities found by LLM-generated harnesses. The interesting bit here is many of these are in well-fuzzed projects with thousands of hours of fuzzing already. https://t.co/sjDnDMyGhG
3
21
100
AI on Java fuzzing!
Second OSS-Fuzz blog post on fuzz harness generation for Java! https://t.co/Mnx2K8EgyU We've been quiet for a while but have a few interesting posts coming in the pipeline about our research.
0
0
5
As we look to the future of open source, we're investing in improving security posture of open source projects and ecosystems. π‘ Learn more about our efforts to secure open source supply chains β¬οΈ
opensource.googleblog.com
This report highlights Alphabet's contributions to open source projects, emphasizing the vital role open source plays in driving industry innovation.
0
3
6
The @DARPA's AI Cyber Challenge is in full swing with its Semifinal Competition. Learn how competitors can take advantage of @Google resources for the challenge and what we're doing at the AIxCC event at @defcon 32 in Las Vegas next week:
blog.google
How Google is supporting DARPAβs AI Cyber Challenge (AIxCC) Semifinal Competition at DEF CON 32.
1
7
27
Are YOU ready?! @infernosec of @Google is taking the stage @ #OSSummit Europe! Dive into the schedule, showcasing a dynamic lineup at the forefront of all things #OpenSource: https://t.co/udQAB9iza8. Register & join us 16-18 September in Vienna, Austria! https://t.co/Ys8Rdbvez2
0
3
7
The Coalition for Secure AI (#CoSAI) officially launched today at the Aspen Security Forum! Hosted by OASIS, CoSAI will provide the guidance and tools needed to create AI systems that are Secure-by-Design. https://t.co/roKUxY6hda
#CoSAI #AI #AIsecurity #OpenSource #OASIS
1
15
22
Excited to see the incubation of "Software Supply Chain Security for AI systems" workstream in CoSAI. This workstream will aim to improve AI security by providing guidance on evaluating provenance, managing third-party model risks, and assessing full AI application provenance by
0
3
11
Exciting news from @AspenSecurity! 1 yr after introducing #SAIF, @Google is forming Coalition for Secure AI CoSAI w/ @OASISopen & partners @Amazon @Anthropic, @Chainguard @Cisco @Cohere @genlabstudio @IBM @Intel @Microsoft @NVIDIA @OpenAI @Paypal & @wiz_io
blog.google
Google announces the Coalition for Secure AI (CoSAI) alongside founding member organizations.
0
4
6
π¨π° Google VRP Reward Update π°π¨ Good news, we are significantly increasing the reward amounts offered by the Google VRP! Look out for up to 5x higher payouts and a maximum reward of $151,515! Details here: https://t.co/gYRql7IRST
bughunters.google.com
The reward amounts on offer by the Google VRP have undergone a major overhaul: We're increasing reward amounts by up to 5x (with maximum rewards of up to $151,515)!
4
65
266
π @chainguard_dev is now publishing its security advisory feed in the Open Source Vulnerabilities (OSV) format. https://t.co/eT7ddxXTfZ
chainguard.dev
Explore Chainguard's new OSV advisory feed, delivering comprehensive and up-to-date vulnerability information to enhance your security posture.
0
5
12
The @DARPA #AIxCC will help design new #AI systems to secure major open source projects that our critical infrastructure relies upon. Learn how @Google's OSS-Fuzz can show opportunities where AI can help find and patch vulnerabilities for the challenge:
security.googleblog.com
Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security Engineering The US Defense Advanced Research Projects Agency, DARPA , rec...
0
22
43
CodeRover++, new version of AutoCodeRover, is here! A pragmatic outlook to autonomous software engineering of the future ! Optimising for multiple objectives (efficacy, cost and time), while automatically solving software engineering tasks. Future Large Language Model (LLM)
The latest version of AutoCodeRover (using GPT-4o) resolves 30.67% of the tasks (pass @1) in SWE-bench Lite. Achieving this efficacy while economical with only 0.12m tokens costing $0.7 per task and completing each task within 7 mins. #AutoCodeRover #AISE #AIDeveloper #SWEBench
1
6
35
I couldn't agree more!
.@sethvargo is a fantastic and incredibly well rounded technologist - worth a listen https://t.co/uzSjV4d10m
0
0
1
Yet another win for @openssf OSV Schema and overall open source ecosystem: "Ubuntu Security Notices Now Available in OSV" -
0
3
5