@secSandman

Mission-Critical IAM, Coding Agents and X-Agent Spec-Driven Collaboration

Kicking tires on “Spec” AI Development

Fresh Snow Outside, Fresh Threats Inside: Practical Agentic AI Hardening

Your AI Agent Is The Attacker – Claude, OpenCode – Threats and Security Designs

Microsoft Ignite 2025: AI Security – tl;dr but RTFM

Seeing the AI-Security Forest Through the Trees

A strategic look at adoption, exposure and what to do next … Executive take AI adoption is rising fastest in Software Engineering, Marketing/Sales, and Service/Customer Ops, while Finance/HR/Legal are catching up more cautiously. Globally, we’ve seen exponential innovation and patent filing of AI solutions. Exponential AI Innovation = Growing Attack Surface Source: Stanford “State of…

by @s3cs&man November 4, 2025November 4, 2025

Is Claude Code Secure? Let’s Find Out!

Vulnerable Plugin + MCP Enumeration TL&DR Claude Code didn’t invent most of the security problems discussed in this article but it will make them faster, louder and easier to repeat. As I rush to use AI myself, I realize the attack surface is widening in ways that follow classic software supply chain weaknesses: With a…

by @s3cs&man October 26, 2025October 27, 2025

Panel 1

Home

AI RED TEAMING – man-in-the-vector Attack & custom Tooling

Vector Drift, Prompt Injection, and the Hidden RAG Attack Surface

Chaos, Complexity, and the Hidden Structure of Hash Functions in Proof-of-Work

Cooking with AI Agents: A Security Architect’s Guide to AI Threat Modeling & Design

From Known to Unknown: Shifting Cybersecurity to Proactive AI Detection

Introduction Everyday, Cyber Security teams are faced with a chicken-and-egg problem to detect and contain bad things. As I’ll discuss later in this article, it’s my belief that cyber teams shift allocation of resources to engineering of unsupervised anomaly detections to hunt for broader and deeper unknown threats. Threat Intelligence Teams and Red Teams alike…

by @s3cs&man January 6, 2025February 10, 2025

training ai to Predict your competitor’s next …

Imagine a world where your every sentiment, every email, every social media post, every meeting minute and every line of code you write was then condensed down to create a pseudo “clone” of yourself. It sounds both horrifying and amazingly beautiful too. Now imagine your ideas, comments and thoughts being used against you or your…

by @s3cs&man November 3, 2024February 10, 2025

Abusing AI for Password Guessing and social engineering

While taking some time off, I wanted to dig into the world of AI as it relates to password based attacks and password guessing. Breached password lists are gold standard and password hash cracking has been awhile for decades but I was more intrigued into whether a personal or free account user can prompt large…

by @s3cs&man October 11, 2024February 10, 2025

Panel 2 Placeholder

Panel 3 Placeholder

Panel 4 Placeholder