@secSandman

Fresh Snow Outside, Fresh Threats Inside: Practical Agentic AI Hardening

Saturday morning, blue skies, snow on the mountain and I’m sitting in this chair hacking away on Entra, HashiCorp Vault, Docker and Claude Code and OpenCode. What the is wrong with me? I thought after decade in cybersecurity, a masters degree and bunch of certifications that I’d be raking in the cash, out riding my…

by @s3cs&man March 16, 2026March 16, 2026

Your AI Agent Is The Attacker – Claude, OpenCode – Threats and Security Designs

AI THREATS IN THE WILD In February 2026, the Cisco CX AI Tools team publicly flagged the popular OpenCode add-on oh-my-opencode after finding remote AI prompt injection in its installation guide. Their concern was not a theoretical bug but instead it was that an AI agent following the official instructions within source, could be manipulated…

by @s3cs&man March 11, 2026

Microsoft Ignite 2025: AI Security – tl;dr but RTFM

Microsoft Ignite 2025: Mapping the M365 + Azure Attack Surface to the New AI Security Stack I spent the part of a week reading through the Microsoft Ignite 2025 announcements and honestly? The trend is interesting. AI this, AI that. Instead of the usual marketing fluff about “unified platforms” and “AI-powered everything,” Microsoft actually dropped…

by @s3cs&man December 9, 2025December 10, 2025

Seeing the AI-Security Forest Through the Trees

Is Claude Code Secure? Let’s Find Out!

AI RED TEAMING – man-in-the-vector Attack & custom Tooling

Vector Drift, Prompt Injection, and the Hidden RAG Attack Surface

Chaos, Complexity, and the Hidden Structure of Hash Functions in Proof-of-Work

Theoretical Framework Transcendent Epistemological Framework (TEF) We apply TEF to formalize the idea that randomness may depend on the observer. Key axioms include: Chaos Injection Model Let δ(t) = ε·f(t) where f is a logistic map: cppCopyEditx_{t+1} = r·x_t·(1 – x_t), r ∈ (3.9, 4] Define a perturbed nonce: iniCopyEditn_t = t + δ(t) Bias…

by @s3cs&man June 7, 2025June 7, 2025

Cooking with AI Agents: A Security Architect’s Guide to AI Threat Modeling & Design

tl;dr but RTFM Whether you’re building, breaking, or just beginning to explore AI security, one principle holds true: assume the guardrails will fail and architect as if your system already has a target on its back. Because it does. At this time, Meta’s LlamaFirewall is likely the most advanced publicly available GuardRail system incorporating both…

by @s3cs&man June 2, 2025June 9, 2025

🐝 🐜 🦋 The Secret Internet of Insects

The Structural Conditions for Collective Intelligence

Building Enterprise SSO for my multi-tenant SaaS AI Agent platform

Mission-Critical IAM, Coding Agents and X-Agent Spec-Driven Collaboration

Kicking tires on “Spec” AI Development