Topics
Browse posts by category and tag — every topic we cover, with the latest pieces under each.
Tags
- #explainer 4
- #incident-tracking 4
- #methodology 4
- #journalism 3
- #source-verification 2
- #ai-incidents 1
- #attribution 1
- #cve 1
- #definitions 1
- #disclosure 1
- #due-diligence 1
- #incident-response 1
- #meta 1
- #ml-libraries 1
- #model-cards 1
- #model-evaluation 1
- #nvd 1
- #taxonomy 1
- #vendor-advisory 1
- #vulnerability-management 1
Categories
news 7 posts
- Anatomy of a Vendor Advisory: Reading What Isn't SaidVendor advisories from AI model providers follow a recognizable shape. Knowing what to look for — and what's intentionally omitted — turns a marketing document into actionable intelligence.
- Taxonomy: Incident vs. Vulnerability vs. Disclosure vs. MisuseFour terms used interchangeably in AI security reporting, but each describes a different event and triggers a different response. This is the working taxonomy.
- Decoding NVD CVE Entries for ML Libraries: What Fields Tell YouNVD CVE entries for torch, transformers, vllm, and langchain are not written for ML engineers. Here's how to read them — and what to do when the metadata is wrong.
- Reading a Model Card for Security SignalsModel cards are written for ML researchers, not defenders. Here's what to actually read first if you're trying to understand a model's security posture from the public documentation.
- Source Verification Across Tiers: How an Beat Vets a ClaimThe five-tier source ladder used to verify AI security incidents, with worked examples of when a single tweet was enough and when ten reposts still weren't.
- Why We Don't Do Attribution Speculation on AI IncidentsAttribution is the slowest, hardest, most consequential call in incident reporting. Here's the policy that keeps us from getting it wrong.