Adventures of a Cyber Security Professional
Source: Custom VectorFANG Testing SCript Thousands of insecure Vector Databases and half configured agent orchestrators just... chilling on the public internet? Sure. Why not. Maybe you don’t even need Vector DB access. Just exploit the thing they meant to make public, the chatbot. Let the user say something nice like, “What’s the easiest way to … Continue reading Vector Drift, Prompt Injection, and the Hidden RAG Attack Surface
tl;dr but RTFM Whether you’re building, breaking, or just beginning to explore AI security, one principle holds true: assume the guardrails will fail and architect as if your system already has a target on its back. Because it does. At this time, Meta's LlamaFirewall is likely the most advanced publicly available GuardRail system incorporating both … Continue reading Cooking with AI Agents: A Security Architect’s Guide to AI Threat Modeling & Design
Executive Summary Imagine pouring years of hard-work into your idea, only to have your work stolen overnight. Every person and computer in your company is a target, finance with unreleased quarterly results, engineering with blueprints, development with new source code or a journalist with the latest story. That nightmare has been the reality for all … Continue reading Breaches Cost Millions! Build AI Detections from NHI + Network logs
Introduction Everyday, Cyber Security teams are faced with a chicken-and-egg problem to detect and contain bad things. As I'll discuss later in this article, it's my belief that cyber teams shift allocation of resources to engineering of unsupervised anomaly detections to hunt for broader and deeper unknown threats. Threat Intelligence Teams and Red Teams alike … Continue reading From Known to Unknown: Shifting Cybersecurity to Proactive AI Detection
Imagine a world where your every sentiment, every email, every social media post, every meeting minute and every line of code you write was then condensed down to create a pseudo "clone" of yourself. It sounds both horrifying and amazingly beautiful too. Now imagine your ideas, comments and thoughts being used against you or your … Continue reading training ai to Predict your competitor’s next …
For cyber security folks, we're both horrified and laughing that a company named "Change Healthcare" who has stockpiles of marketing jargon for "Improving IT Security" also made the news for a cyber incident. As a cyber security professional by day and a partial owner and investor of a new medical business, this breach hits home … Continue reading CHANGE HEALTHCARE: ITS LITERALLY IN THE NAME
@secSandman 