llm – @secSandman

Seeing the AI-Security Forest Through the Trees

Posted on November 4, 2025November 4, 2025 by @s3cs&man in Uncategorized

A strategic look at adoption, exposure and what to do next ... https://videopress.com/v/jbURi21D?resizeToParent=true&cover=true&preloadContent=metadata&useAverageColor=true Executive take AI adoption is rising fastest in Software Engineering, Marketing/Sales, and Service/Customer Ops, while Finance/HR/Legal are catching up more cautiously. Globally, we've seen exponential innovation and patent filing of AI solutions. Exponential AI Innovation = Growing Attack Surface Source: Stanford "State … Continue reading Seeing the AI-Security Forest Through the Trees →

Is Claude Code Secure? Let’s Find Out!

Posted on October 26, 2025October 27, 2025 by @s3cs&man in Uncategorized

Vulnerable Plugin + MCP Enumeration https://videopress.com/v/hAWQ87ND?resizeToParent=true&cover=true&preloadContent=metadata&useAverageColor=true TL&DR Claude Code didn’t invent most of the security problems discussed in this article but it will make them faster, louder and easier to repeat. As I rush to use AI myself, I realize the attack surface is widening in ways that follow classic software supply chain weaknesses: Unsigned … Continue reading Is Claude Code Secure? Let’s Find Out! →

Vector Drift, Prompt Injection, and the Hidden RAG Attack Surface

Posted on June 10, 2025June 10, 2025 by @s3cs&man in Uncategorized

Source: Custom VectorFANG Testing SCript Thousands of insecure Vector Databases and half configured agent orchestrators just... chilling on the public internet? Sure. Why not. Maybe you don’t even need Vector DB access. Just exploit the thing they meant to make public, the chatbot. Let the user say something nice like, “What’s the easiest way to … Continue reading Vector Drift, Prompt Injection, and the Hidden RAG Attack Surface →

Cooking with AI Agents: A Security Architect’s Guide to AI Threat Modeling & Design

Posted on June 2, 2025June 9, 2025 by @s3cs&man in Uncategorized

tl;dr but RTFM Whether you’re building, breaking, or just beginning to explore AI security, one principle holds true: assume the guardrails will fail and architect as if your system already has a target on its back. Because it does. At this time, Meta's LlamaFirewall is likely the most advanced publicly available GuardRail system incorporating both … Continue reading Cooking with AI Agents: A Security Architect’s Guide to AI Threat Modeling & Design →

training ai to Predict your competitor’s next …

Posted on November 3, 2024February 10, 2025 by @s3cs&man in Uncategorized

Imagine a world where your every sentiment, every email, every social media post, every meeting minute and every line of code you write was then condensed down to create a pseudo "clone" of yourself. It sounds both horrifying and amazingly beautiful too. Now imagine your ideas, comments and thoughts being used against you or your … Continue reading training ai to Predict your competitor’s next … →