bluerock Articles

BlueRock in Action: Neutralizing Deserialization Attacks Against AI/ML Workloads

AI/ML systems are rapidly adopting Python-based tools, exposing organizations to serious security threats—particularly from insecure deserialization. Attackers now exploit pickle-based flaws across major ML frameworks like PyTorch, Keras, vLLM, and BentoML to execute remote code, steal data, or corrupt models. With zero-days on the rise and patching cycles lagging, traditional defenses fall short.
Darien Kindlund
VP Security Research @ BlueRock Security
View all
We Must Go Beyond the Scan/Patch Hamster Wheel
We are losing the scan-patch battle – and that has to change. Written by Bob Tinker.
The Day CVE Almost Died
On 16 April 2025, U.S. funding for MITRE’s Common Vulnerabilities and Exposures (CVE) catalog hit zero. An 11‑month rescue contract from CISA arrived at the eleventh hour, but the close call exposed a brittle single‑sponsor model. The immediate fix: two parallel efforts—the nonprofit CVE Foundation and Europe‑backed Global CVE (GCVE)—aim to decentralize governance. Meanwhile, attackers now weaponize fresh bugs in about five days, so defenders must pair CVE intel with fast, compensating‑control automation such as BlueRock’s Evidence of Vulnerability Coverage (EVC).
Stop Chasing CVEs: Automate Proof of Coverage
In an era where software supply chain attacks are increasing rapidly, organizations struggle to keep up with the growing volume of Common Vulnerabilities and Exposures (CVEs). Traditional vulnerability management is reactive and often inefficient, leaving security teams chasing endless patch cycles.
Featured in Forbes: Real-Time Prevention Strategies for Enhanced Cloud Security
Bluerock.io was recently featured in Forbes, where we shared insights on advancing cloud security through real-time prevention. The article explores essential strategies to protect cloud environments effectively and seamlessly, aligning with our commitment to making security native to infrastructure
The Quest for Resilience: Has the Pendulum Swung Too Far from Prevention?
Carl Jung is credited as having said “The pendulum of the mind oscillates between sense and nonsense, not between right and wrong” (emphasis mine) which succinctly captures the essence of a lot of human thought, not least in cybersecurity. Pendulums are also great metaphors for human thinking because—like an idealized theoretical model of a pendulum—external forces don’t necessarily cause things to return to an equilibrium
Open Source Software and the Terrible, Horrible, No Good, Very Bad Week
Uncover the critical details of CVE-2024-1086, a notable Linux kernel vulnerability with far-reaching security implications.
eBPF – Who Watches the Watcher… and What is the Cost?
Discover eBPF's journey as a game-changer in Linux security and observability, shaping today's digital security landscape.
When Patching and Hardening Aren’t Enough: The Case for “Outside-In” Protection
CVE-2024-1086—a.k.a. Dirty Pagedirectory—is back in the news again and is an excellent demonstration of the limits of OS hardening and other “self-protection” mechanisms. It illustrates why modern runtime security can best be achieved by decoupling the method of protection from the object of protection. BlueRock achieves this separation with its groundbreaking workload protection platform.
Dirty Pagedirectory (CVE-2024-1086) and the (Missing) Pinnacle of the Pyramid of Pain
The Pyramid of Pain has been an essential tool for defenders, but may place too much emphasis on detection and response and inadvertently marginalized prevention.