Adventures of a Cyber Security Professional
AI THREATS IN THE WILD In February 2026, the Cisco CX AI Tools team publicly flagged the popular OpenCode add-on oh-my-opencode after finding remote AI prompt injection in its installation guide. Their concern was not a theoretical bug but instead it was that an AI agent following the official instructions within source, could be manipulated … Continue reading Your AI Agent Is The Attacker – Claude, OpenCode – Threats and Security Designs
Vulnerable Plugin + MCP Enumeration https://videopress.com/v/hAWQ87ND?resizeToParent=true&cover=true&preloadContent=metadata&useAverageColor=true TL&DR Claude Code didn’t invent most of the security problems discussed in this article but it will make them faster, louder and easier to repeat. As I rush to use AI myself, I realize the attack surface is widening in ways that follow classic software supply chain weaknesses: Unsigned … Continue reading Is Claude Code Secure? Let’s Find Out!
Introduction Everyday, Cyber Security teams are faced with a chicken-and-egg problem to detect and contain bad things. As I'll discuss later in this article, it's my belief that cyber teams shift allocation of resources to engineering of unsupervised anomaly detections to hunt for broader and deeper unknown threats. Threat Intelligence Teams and Red Teams alike … Continue reading From Known to Unknown: Shifting Cybersecurity to Proactive AI Detection
For cyber security folks, we're both horrified and laughing that a company named "Change Healthcare" who has stockpiles of marketing jargon for "Improving IT Security" also made the news for a cyber incident. As a cyber security professional by day and a partial owner and investor of a new medical business, this breach hits home … Continue reading CHANGE HEALTHCARE: ITS LITERALLY IN THE NAME
@secSandman 