Welcome to the twenty-seventh instalment of the Stats and Bytes Top 5 Security and AI Reads weekly newsletter. We're opening with a comprehensive survey on model extraction attacks and defences for large language models, providing insights for both protecting public-facing systems and understanding ML-specific attack vectors. Next, we dive into Stealtooth, a Bluetooth security vulnerability that exploits silent automatic pairing to break security protocols on real-world devices (including my actual headphones!). We then explore cutting-edge research directions in software supply chain security, drawing from extensive practitioner expertise and highlighting humans as an explicit threat vector following incidents like the XZ backdoor. Following that, we examine a substantial PhD thesis on N-day vulnerability detection, bisection, and measurement, offering deep technical insights into Android kernel patching ecosystems and novel detection methods. We conclude with groundbreaking researc…