News Feed

How Amazon Web Services uses AI to be a security ‘force multiplier’

~ Reporter ~ Leave a comment

When Amazon Web Services deploys thousands of new digital sensors around the globe, it often runs into a ruthless truth of the internet: Within minutes, the sensors are poked, prodded, and attacked. However, using large language models, the company is turning those immediate attacks into actionable security intelligence for its vast array of cloud-centered services.  

According to Stephen Schmidt, the company’s chief security officer, examples like this demonstrate how AI enables capabilities that weren’t possible with earlier tools. During remarks at the AWS Summit on Tuesday, Schmidt highlighted this example to illustrate how AI is fundamentally transforming AWS’s approach to security — especially in areas like application security reviews and incident response.

“What we can do with AI is allow engineers to ask questions about what’s going on with that data much more easily than they could otherwise, and they can say things like ‘Find me all of the examples of situations where someone tried to break into this particular version of this particular database, and came from IP addresses that are associated with the VPNs that are normally used by this particular threat actor,” he told CyberScoop. “You can’t do that otherwise, and the tooling allows them to really dig into things much more deeply.”

The technology allows for more consistent and efficient security assessments, especially for junior engineers who may lack extensive experience.

By training large language models on previous security reviews, organizations can effectively transfer knowledge from senior security professionals to newer team members. This approach raises the overall security standard by embedding institutional expertise directly into AI-powered review processes.

“A junior engineer may not have all the knowledge, the background, the experience of the more senior engineers,” he said. “By training our large language models internally on the prior security reviews, it allows us to apply the knowledge and learning that our more senior staff have embodied in the documents that we all own, trained on, to our more junior staff. So it really raises the bar on the absolute level of security.” 

The cybersecurity industry faces persistent personnel shortages, a problem AI can help mitigate. Schmidt noted that AI tools can handle significant “heavy lifting” previously performed manually, allowing security staff to focus on more complex tasks.

Critically, Schmidt highlighted the non-deterministic nature of AI systems, meaning identical queries can produce different responses. He pointed to this as a reason why humans still need to be involved in making decisions based on the model’s output.

“We look at it this way, if you’re just asking a question and getting an answer, that’s one set of scrutiny that you have to give a system,” he said. “But if you’re going to take an action to block something, to prevent something from occurring, you’ve got to be really sure it’s correct. So there has to be that skilled person at the end of the AI-use process, saying, ‘Yes, this is the right thing to do at this point in time with this context.’”

That need for a human in the process is why Schmidt believes that AI will not supplant entry- or junior-level positions, even if the technology continues to improve. He said conversations around AI replacing junior engineers are rooted in “FUD,” and he expects the models to raise the skill level faster than ever before. 

“I don’t think it’s going to happen,” he said of AI replacing human-led security work. “The thing about security that’s both great and difficult is you’re never done, and it’s never perfect. So we always have the ability to raise the bar across things, and by using tooling that allows us to get those junior engineers up to speed more quickly and to learn more about why senior engineers make decisions. It means we’ve got this middle ground of staff who are really good, much more quickly than we would otherwise.”

The post How Amazon Web Services uses AI to be a security ‘force multiplier’ appeared first on CyberScoop.

from CyberScoop https://ift.tt/CKWwrI4
via IFTTT

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

~ Reporter ~ Leave a comment

Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM).
Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23.
“Successful

from The Hacker News https://ift.tt/9Mx1qIO
via IFTTT

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

~ Reporter ~ Leave a comment

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized internal and external parties.
The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions.
“Low-code platforms such as

from The Hacker News https://ift.tt/kr8VQeb
via IFTTT

AWS Weekly Roundup: New AWS Heroes, Amazon Q Developer, EC2 GPU price reduction, and more (June 9, 2025)

~ Reporter ~ Leave a comment

The AWS Heroes program recognizes a vibrant, worldwide group of AWS experts whose enthusiasm for knowledge-sharing has a real impact within the community. Heroes go above and beyond to share knowledge in a variety of ways in developer community. We introduce our newest AWS Heroes in the second quarter of 2025.

To find and connect with more AWS Heroes near you, visit the categories in which they specialize Community Heroes, Container Heroes, Data Heroes, DevTools Heroes, Machine Learning Heroes, Security Heroes, and Serverless Heroes.

Last week’s launches
In addition to the inspiring celebrations, here are some AWS launches that caught my attention.

For a full list of AWS announcements, be sure to keep an eye on What’s New at AWS.

Other AWS news
Here are some additional projects, blog posts that you might find interesting:

  • Up to 45 percent price reduction for Amazon EC2 NVIDIA GPU-accelerated instances – AWS is reducing the price of NVIDIA GPU-accelerated Amazon EC2 instances (P4d, P4de, P5, and P5en) by up to 45 percent for On-Demand and Savings Plan usage. We are also making the very new P6-B200 instances available through Savings Plans to support large-scale deployments.
  • Introducing public AWS API models – AWS now provides daily updates of Smithy API models on GitHub, enabling developers to build custom SDK clients, understand AWS API behaviors, and create developer tools for better AWS service integration.
  • The AWS Asia Pacific (Taipei) Region is now open – The new Region provides customers with data residency requirements to securely store data in Taiwan while providing even lower latency. Customers across industries can benefit from the secure, scalable, and reliable cloud infrastructure to drive digital transformation and innovation.
  • Amazon EC2 has simplified the AMI cleanup workflow – Amazon EC2 now supports automatically deleting underlying Amazon Elastic Block Store (Amazon EBS) snapshots when deregistering Amazon Machine Images (AMIs).
  • The Lab where AWS designs custom chips – Visit Annapurna Labs in Austin, Texas—a combination of offices, workshops, and even a mini data center—where Amazon Web Services (AWS) engineers are designing the future of computing.

Upcoming AWS events
Check your calendars and sign up for these upcoming AWS events.

  • Join re:Inforce from anywhere – If you aren’t able to make it to Philadelphia (June 16–18), tune in remotely. Get free access to the re:Inforce keynote and innovation talks live as they happen.
  • AWS Summits – Join free online and in-person events that bring the cloud computing community together to connect, collaborate, and learn about AWS. Register in your nearest city: Shanghai (June 19 – 20), Milano (June 18), Mumbai (June 19) and Japan (June 25 – 26).
  • AWS re:Invent – Mark your calendars for AWS re:Invent (December 1 – 5) in Las Vegas. Registration is now open
  • AWS Community Days – Join community-led conferences that feature technical discussions, workshops, and hands-on labs led by expert AWS users and industry leaders from around the world: Mexico (June 14), Nairobi, Kenya (June 14) and Colombia (June 28)

That’s all for this week. Check back next Monday for another Weekly Roundup!

Betty

from AWS News Blog https://ift.tt/e03LRHV
via IFTTT