Adventures of a Cyber Security Professional
This article is about the uncomfortable truth that AI coding agents do and will continue to be used to write mission critical security code in products. Both now and in the future. And whether you like it or not and as much as I scrutinize prompt injection and over permissive agents, we need learn to … Continue reading Mission-Critical IAM, Coding Agents and X-Agent Spec-Driven Collaboration
Introduction Working on a side training project and improving the way I build with coding agents with the idea for better orchestrating, tracking and auditing agents work. I attended a Microsoft spec-driven "spek-kit" demo call where they discussed how to better organize these agents with the goal to make them more predictable. Buried beneath that … Continue reading Kicking tires on “Spec” AI Development
AI THREATS IN THE WILD In February 2026, the Cisco CX AI Tools team publicly flagged the popular OpenCode add-on oh-my-opencode after finding remote AI prompt injection in its installation guide. Their concern was not a theoretical bug but instead it was that an AI agent following the official instructions within source, could be manipulated … Continue reading Your AI Agent Is The Attacker – Claude, OpenCode – Threats and Security Designs
A strategic look at adoption, exposure and what to do next ... https://videopress.com/v/jbURi21D?resizeToParent=true&cover=true&preloadContent=metadata&useAverageColor=true Executive take AI adoption is rising fastest in Software Engineering, Marketing/Sales, and Service/Customer Ops, while Finance/HR/Legal are catching up more cautiously. Globally, we've seen exponential innovation and patent filing of AI solutions. Exponential AI Innovation = Growing Attack Surface Source: Stanford "State … Continue reading Seeing the AI-Security Forest Through the Trees
Vulnerable Plugin + MCP Enumeration https://videopress.com/v/hAWQ87ND?resizeToParent=true&cover=true&preloadContent=metadata&useAverageColor=true TL&DR Claude Code didn’t invent most of the security problems discussed in this article but it will make them faster, louder and easier to repeat. As I rush to use AI myself, I realize the attack surface is widening in ways that follow classic software supply chain weaknesses: Unsigned … Continue reading Is Claude Code Secure? Let’s Find Out!
Source: Custom VectorFANG Testing SCript Thousands of insecure Vector Databases and half configured agent orchestrators just... chilling on the public internet? Sure. Why not. Maybe you don’t even need Vector DB access. Just exploit the thing they meant to make public, the chatbot. Let the user say something nice like, “What’s the easiest way to … Continue reading Vector Drift, Prompt Injection, and the Hidden RAG Attack Surface
tl;dr but RTFM Whether you’re building, breaking, or just beginning to explore AI security, one principle holds true: assume the guardrails will fail and architect as if your system already has a target on its back. Because it does. At this time, Meta's LlamaFirewall is likely the most advanced publicly available GuardRail system incorporating both … Continue reading Cooking with AI Agents: A Security Architect’s Guide to AI Threat Modeling & Design
Imagine a world where your every sentiment, every email, every social media post, every meeting minute and every line of code you write was then condensed down to create a pseudo "clone" of yourself. It sounds both horrifying and amazingly beautiful too. Now imagine your ideas, comments and thoughts being used against you or your … Continue reading training ai to Predict your competitor’s next …
@secSandman 