Security Diaries #6
New Security Model Created by Cisco
Cisco creating new security model using 30 years of data describing cyber-dramas and saves
Cisco, an incredibly popular networking & security company is updating their AI model from an 8 Billion parameter model, to 17 Billion parameters. This model has been built on "30 years of data" and will help customers:
- Automate processing of security alerts
- Reviewing code to find potential security issues
- Suggesting workflows that prioritise security.
This new model will be appearing shortly after Christmas.
What is Just-In-Time(JIT) Access?
Traditionally, system access has relied on usernames and passwords. These days, Single Sign-On (SSO) has become the standard. However, in environments where credentials are shared or used by machines, it becomes difficult to trace who is actually using them—casting a shadow over their security and accountability.
Let me give you a quick example.
Imagine a company with a product that’s built and deployed using a CI/CD pipeline. During this process, the pipeline needs access to AWS, so AWS credentials are created specifically for this purpose.
This setup is quite common. But here’s the problem: what’s stopping someone from misusing those credentials? The logs will show activity under that credential, but because it’s tied to the CI/CD process, there’s a level of anonymity. Multiple people could potentially use the same credential to do anything—malicious or not—and it would be hard to trace.
This is where Just-In-Time (JIT) access comes in.
With JIT, when a CI/CD pipeline build is initiated, a request is sent to an approver. Once approved, a temporary credential is issued for the build. This eliminates anonymity because now we know who requested the pipeline run, and it’s been approved by a third party. This significantly reduces the risks associated with shared credentials.
You can even automate the approval process if the request meets predefined standards.
As the name suggests it provides access just in time!
If you want more information on JIT access, CrowdStrike has a really article on this which can be found here.
UK Crackdown on Scam Callers
Spoofed numbers blocked in crackdown on scammers
A new agreement has been signed with all major mobile networks to crackdown on the number of scam callers reaching UK citizens.
This will be done by mobile networks upgrading their network within the next year to eliminate the ability for foreign call centres to spoof UK numbers and making it clear that calls are originating from abroad.
Data shows that 96% of phone users determine whether or not to pick up a phone based on the number shown on their screen. Three Quarters are unlikely to pick up their phone if it's from a unknown international number.
Advanced call tracing will also be rolled out, allowing police to track down scammers in different countries with hopes of dismantling their operations.
AI will also be deployed to identify and block suspicious calls and texts.
Further Reading
- Are you interested in maximising AI responses? ByteByteGo has a good video on what prompt engineering is, and some easy ways you can build prompts to improve AI output.
- Google released their own AI agentic code reviewer that aims to minimise vulnerabilities in code.
- AI security is a small part of total investment into security. Even with rapid growth in AI, we have seen a slow growth in AI security.
- UK government spends an alleged £532,000 on a logo and UI/UX change. This is during a time where we have the highest levels of debt and with threats of rising tax rates potentially impacting everyone across all tax brackets.
Final Thoughts
If you've read through this entire article, thank you. Let me know if there is anything you want me to look at and explain, especially if you think it would help others out too.
Thanks for reading this edition of Security Diaries. My goal is to document the progress I make learning more about technology and cybersecurity, with the hopes of inspiring others, informing others, and show that I know what I claim to know.
