Archive

NewsletterNewsletter
[tl;dr sec] #322 - GitHub's Supply Chain Roadmap, Scaling Vulnerability Management with AI, Finding Vulnerabilities Across Repos

[tl;dr sec] #322 - GitHub's Supply Chain Roadmap, Scaling Vulnerability Management with AI, Finding Vulnerabilities Across Repos

GitHub's plan to harden GitHub Actions and supply chain security, automating and scaling SAST and SCA vuln management, OSS tool that uses AI agents to reason about vulns across repos

Clint Gibler
Clint Gibler
BlogBlog
How we made Trail of Bits AI-native (so far)

How we made Trail of Bits AI-native (so far)

We had 5% buy-in and 95% resistance. A year later, AI-augmented auditors are finding 200 bugs a week on the right engagements. Here's the six-part operating system we built, open sourced, and are giving away.

Clint Gibler
Dan Guido
Clint Gibler, +1
NewsletterNewsletter
[tl;dr sec] #321 - Sandboxing AI Agents, Trivy Compromised, Pentesting AWS' AI Pentester

[tl;dr sec] #321 - Sandboxing AI Agents, Trivy Compromised, Pentesting AWS' AI Pentester

Sandbox approaches by NVIDIA and Niel Provos, moar supply chain compromises, vulnerabilities in AWS Security Agent

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #320 - Ramp's Security Agents, How Datadog Caught Malicious OSS Contributions, Obliterating Model Refusals

[tl;dr sec] #320 - Ramp's Security Agents, How Datadog Caught Malicious OSS Contributions, Obliterating Model Refusals

How Ramp fixed ~100 security issues in 6 days, detecting and mitigating GitHub supply chain attacks, two tools to automatically remove censorship from models

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #319 - AI is Eating Security, BSidesSF & RSA, Claude Finds Firefox 0-days

[tl;dr sec] #319 - AI is Eating Security, BSidesSF & RSA, Claude Finds Firefox 0-days

What does security look like in 5 years? Let's hang out in San Francisco and avoid badge scans, Opus 4.6 finds 22 vulns and auto-writes 2 exploits

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #318 - Unprompted Talk Summaries, AI Bot Hacking GitHub Actions, AI Skills & Semgrep Rules

[tl;dr sec] #318 - Unprompted Talk Summaries, AI Bot Hacking GitHub Actions, AI Skills & Semgrep Rules

Slides + notes for the CodeMender and AI for Shai-Hulud response talks, an AI bot was autonomously hacking GitHub Actions, security-focused Skills and AI anti-pattern Semgrep rules

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #317 - 100+ Kernel Bugs in 30 Days, Secret Scanning, Threat Actors Stealing Your PoC

[tl;dr sec] #317 - 100+ Kernel Bugs in 30 Days, Secret Scanning, Threat Actors Stealing Your PoC

$600 finds more 0-days in Windows kernel drivers that you can shake a stick at, secret scanners, benchmarks, and improvements, Cline compromised by someone snooping on a researcher's testing

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #316 - How Trail of Bits uses Claude Code, GitHub Threat Intel, Open Source AI Pentesting Tools

[tl;dr sec] #316 - How Trail of Bits uses Claude Code, GitHub Threat Intel, Open Source AI Pentesting Tools

Extensive guide on being a Claude Code power user, tracking threat actors on GitHub, open source AI-powered pentesting tools

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #315 - Securing OpenClaw, Top 10 Web Hacking Techniques of 2025, Discovering Negative-Days with LLMs

[tl;dr sec] #315 - Securing OpenClaw, Top 10 Web Hacking Techniques of 2025, Discovering Negative-Days with LLMs

Minimal OpenClaw alternatives, scanning tools, and hardening guidance, PortSwigger's curated top web hacking techniques, open source GitHub Action to flag commits fixing vulnerabilities before they get a CVE

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #314 - ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure

[tl;dr sec] #314 - ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure

ClawdBot vulns, tools, and Skill scanners; measuring security with scorecards; new open-source framework mapping 70+ attack techniques across the SDLC

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #313 - MCP Security Hub, IDE-Shepherd, Plaid's Security Pipeline as Code

[tl;dr sec] #313 - MCP Security Hub, IDE-Shepherd, Plaid's Security Pipeline as Code

MCP servers for offensive security tools, Datadog's IDE extension to protect against malicious IDE extensions, how Plaid scales security scanning across 100s of services

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #312 - The Industrialization of Exploit Generation, macOS EDR Evasion, Hacking the AWS Console

[tl;dr sec] #312 - The Industrialization of Exploit Generation, macOS EDR Evasion, Hacking the AWS Console

Generating 0-day exploits with Opus 4.5 and GPT-5.2, blind spots for EDRs on macOS, supply chain vuln that enabled compromising the AWS Console

Clint Gibler
Clint Gibler
FirstBack
12345678
Next Last