Weekly Security Roundup: AI Detection, CodeQL, and Access Controls

The latest security updates focus on AI-powered detection, vulnerability scanning, CodeQL language expansion, new data security controls, and enhanced authentication from Microsoft Fabric and Entra ID.

AI-Assisted Detection Engineering and Supply Chain Protection

AI-powered detection now helps security analysts extract technical indicators from threat reports using Retrieval Augmented Generation and mitigation mapping to MITRE ATT&CK. Best practices stress deterministic prompts, structured output, and validation against golden datasets. A vulnerability report for LangGrinch (CVE-2025-68664) in LangChain Core outlines the serialization injection risks, remediation, and how to detect and hunt for exploits using KQL and Defender for Cloud.

• Accelerating Threat Detection Engineering with AI-Assisted TTP Extraction
• Case Study: Securing AI Application Supply Chains

Static Analysis: CodeQL 2.24.0 Expands Language Coverage and Security Capabilities

CodeQL 2.24.0 adds support for .NET 10, C# 14, and Swift 6.2.2/6.2.3. It updates JavaScript/TypeScript, Python, Java/Kotlin, C/C++/Rust, and Axum detection. Security improvements target CSRF in ASP.NET Core, more injection sinks, and better taint tracking. The release also enhances false positive reduction for current frameworks. This builds on last week's update to CodeQL 2.23.9, reflecting the ongoing push to secure more languages and frameworks.

• CodeQL 2.24.0 Adds .NET 10 and Swift 6.2 Support, Enhances Security Analysis

Fabric Data Security: Outbound Access Protection and Workspace-Level Firewalls

Microsoft Fabric introduces preview features for workspace outbound access protection and workspace-level IP firewalls. These controls let admins restrict outbound network flows and define IP rules per workspace, providing more options for data exfiltration prevention and compliance.

• Workspace Outbound Access Protection for Data Factory and OneLake Shortcuts (Preview)
• Introducing Workspace-Level IP Firewall Rules in Microsoft Fabric (Preview)

Identity Security: Passkey-Based Authentication with Entra ID

Entra ID now deploys passkey-based authentication, supporting synced and device-bound credentials for more secure access and easier administration.

• Automatic Passkey Rollout Update for Microsoft Entra ID

Other Security News

A tutorial details how to set up two-factor authentication using TOTP codes via Azure Functions and Key Vault, guiding through secure setup, backend, and frontend for cloud-native 2FA. A recent GitHub Podcast episode covers the Secure Open Source Fund, with maintainers sharing how funding drives security best practices, SBOM adoption, and workflow hardening. AI and Copilot are being used for advanced vulnerability detection in open source.

• Building a TOTP Authenticator App on Azure Functions and Azure Key Vault
• Inside the GitHub Secure Open Source Fund: Leveling Up OSS Security