During RSA week I had the pleasure of interviewing Phil Venables (former Google Cloud & Goldman Sachs CISO) on effectively scaling security programs, how Google leverages AI for security, and more. We discussed: * The challenge of scaling security from artisanal to industrial *

How good are LLMs at red teaming... AI systems? 📚 New paper-- AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models Ads Dawson, Rob Mulla, Nick Landers, and Shane Caldwell introduce AIRTBench, an AI red teaming benchmark for evaluating language models'

🤖 Agentic AI Red Teaming Guide Cloud Security Alliance(CSA) whitepaper by Ken Huang, CISSP et al presenting a framework for red teaming Agentic AI, describing how to test for vulnerabilities like permission escalation, hallucination, orchestration flaws, memory manipulation,

🫶 AppSec as Glue: Building Partnerships to Scale Security Great BSidesSF panel from senior AppSec leaders. Here's a follow-up post answering questions they couldn't get to live, covering: 1. What do you think is the biggest gap or risk in AppSec that remains today? 2. If AI

☁️ 𝐀𝐖𝐒 𝐫𝐞:𝐈𝐧𝐟𝐨𝐫𝐜𝐞 2025 𝐓𝐚𝐥𝐤 𝐒𝐮𝐦𝐦𝐚𝐫𝐢𝐞𝐬 Don't have time to watch 163 talks? ➡️ Repo with summaries, transcripts, key points, and other useful insights. Across: * AI/ML security and GenAI * IaC and DevSecOps * IAM * Multi-Account & Enterprise Security *

🔬What is a Detection Engineer, and how do you become one? New blog series by Datadog, Inc.'s Head of Detection & Research Zack Allen, covering: An overview of what is a detection engineer and how they fit into a cybersecurity function. Within the NIST Cybersecurity Framework

Out of scope, low impact self-XSS got you down? 💪 𝐌𝐚𝐤𝐞 𝐒𝐞𝐥𝐟-𝐗𝐒𝐒 𝐆𝐫𝐞𝐚𝐭 𝐀𝐠𝐚𝐢𝐧 How to transform stored self-XSS into regular stored XSS. Using credentialless iframes and modern browser capabilities. The post walks through examples of CSRF on login forms

Vibe coding IDEs like Cursor, Microsoft Copilot, and RooCode have empowered developers to ship code significantly faster. However, if LLMs produce bugs at the same density per line of code as humans, that means more bugs are being introduced faster than ever. Join Clint Gibler

🎣 𝐊𝐢𝐧𝐠𝐟𝐢𝐬𝐡𝐞𝐫 - a new, blazing fast secret detection tool (Rust) Validates if secrets are active. >700 secret detection rules. Kingfisher uses: * Hyperscan for regex matching * tree-sitter for parsing source code across 20+ programming languages H/T Mick G. for

👿 𝐇𝐢𝐣𝐚𝐜𝐤𝐢𝐧𝐠 𝐀𝐦𝐚𝐳𝐨𝐧 𝐄𝐯𝐞𝐧𝐭𝐁𝐫𝐢𝐝𝐠𝐞 𝐟𝐨𝐫 𝐥𝐚𝐮𝐧𝐜𝐡𝐢𝐧𝐠 𝐂𝐫𝐨𝐬𝐬-𝐀𝐜𝐜𝐨𝐮𝐧𝐭 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 Square's Ramesh Ramani describes six attack patterns leveraging EventBridge's cross-account capabilities for infiltration and exfiltration. AWS

𝐁𝐚𝐱𝐁𝐞𝐧𝐜𝐡: 𝐂𝐚𝐧 𝐋𝐋𝐌𝐬 𝐆𝐞𝐧𝐞𝐫𝐚𝐭𝐞 𝐒𝐞𝐜𝐮𝐫𝐞 𝐚𝐧𝐝 𝐂𝐨𝐫𝐫𝐞𝐜𝐭 𝐁𝐚𝐜𝐤𝐞𝐧𝐝𝐬? A new benchmark by Mark Vero et al to evaluate LLMs on secure and correct code generation. My initial thoughts: It’s awesome that they released the code and dataset. There’s