Adventures of a Cyber Security Professional
This article is about the uncomfortable truth that AI coding agents do and will continue to be used to write mission critical security code in products. Both now and in the future. And whether you like it or not and as much as I scrutinize prompt injection and over permissive agents, we need learn to … Continue reading Mission-Critical IAM, Coding Agents and X-Agent Spec-Driven Collaboration
Introduction Working on a side training project and improving the way I build with coding agents with the idea for better orchestrating, tracking and auditing agents work. I attended a Microsoft spec-driven "spek-kit" demo call where they discussed how to better organize these agents with the goal to make them more predictable. Buried beneath that … Continue reading Kicking tires on “Spec” AI Development
Saturday morning, blue skies, snow on the mountain and I'm sitting in this chair hacking away on Entra, HashiCorp Vault, Docker and Claude Code and OpenCode. What the is wrong with me? I thought after decade in cybersecurity, a masters degree and bunch of certifications that I'd be raking in the cash, out riding my … Continue reading Fresh Snow Outside, Fresh Threats Inside: Practical Agentic AI Hardening
A strategic look at adoption, exposure and what to do next ... https://videopress.com/v/jbURi21D?resizeToParent=true&cover=true&preloadContent=metadata&useAverageColor=true Executive take AI adoption is rising fastest in Software Engineering, Marketing/Sales, and Service/Customer Ops, while Finance/HR/Legal are catching up more cautiously. Globally, we've seen exponential innovation and patent filing of AI solutions. Exponential AI Innovation = Growing Attack Surface Source: Stanford "State … Continue reading Seeing the AI-Security Forest Through the Trees
Can you secure the Anthropic SaaS cloud platform? The answer, sorta, kinda, maybe. This article is intended for architects and managers. Low level embedded security analysis is in the works for next week in another article. Let me say ahead of time, huge shout out to Anthropic, I personally respect the company a ton and … Continue reading Anthropic’s Security Layers Explained: The Good, Bad & Ugly
tl;dr but RTFM Whether you’re building, breaking, or just beginning to explore AI security, one principle holds true: assume the guardrails will fail and architect as if your system already has a target on its back. Because it does. At this time, Meta's LlamaFirewall is likely the most advanced publicly available GuardRail system incorporating both … Continue reading Cooking with AI Agents: A Security Architect’s Guide to AI Threat Modeling & Design
Imagine a world where your every sentiment, every email, every social media post, every meeting minute and every line of code you write was then condensed down to create a pseudo "clone" of yourself. It sounds both horrifying and amazingly beautiful too. Now imagine your ideas, comments and thoughts being used against you or your … Continue reading training ai to Predict your competitor’s next …
@secSandman 