Clint Gibler

Clint Gibler

๐Ÿ—ก๏ธ Head of Security Research @semgrep ๐Ÿ“š Creator of tl;dr sec newsletter

NewsletterNewsletter
[tl;dr sec] #292- HTTP/1.1 must die, AI + SAST, Google's Insider Threat Detection Tool

[tl;dr sec] #292- HTTP/1.1 must die, AI + SAST, Google's Insider Threat Detection Tool

James Kettle argues HTTP/1.1 can never be fully secured, augmenting static analysis with LLMs, Google's talk + OSS tool for detecting malicious insiders

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review

[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review

How to build an AI agent that triages GuardDuty alerts, lessons learned scaling Netflix's detection pipelines, Anthropic releases a slash command and GitHub Action for performing secure code review

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels

[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels

Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited resources

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS

[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS

Automatically generating fuzzing harnesses and vulnerability proof-of-concepts, 5 incentives security programs should pursue, it's always DNS

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories

[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories

Checkpoint finds malware containing prompt injection, why preventative security is hard, @Rhynorater talk sharing 11 of his most impactful and technically challenging vulnerabilities

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #287 - fwd:cloudsec Talk Recordings, How Figma Only Runs Approved Software, Auditing Code with AI

[tl;dr sec] #287 - fwd:cloudsec Talk Recordings, How Figma Only Runs Approved Software, Auditing Code with AI

45 excellent cloud security talks, how Figma rolled out the binary authorization tool Santa, AI bug finding tools and paper

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions

[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions

Rules files to vibe securely, earning $25K from dangling commits, compromising the extension marketplace of Cursor, Windsurf, and other VS Code forks

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #285 - AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships

[tl;dr sec] #285 - AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships

Can LLMs red team AI, intro to detection engineering, how to scale security impact via cross-team partnerships

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #284 - Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI

[tl;dr sec] #284 - Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI

4 ways Google uses AI for security, catalog of AWS threat actor techniques, training a custom small language model to find secrets

Clint Gibler
Clint Gibler
PodcastPodcast
Google Cloud CISO: Shift Down not Left, 4 ways Google uses AI for Security (with Phil Venables)

Google Cloud CISO: Shift Down not Left, 4 ways Google uses AI for Security (with Phil Venables)

Moving from artisanal to industrial security at scale, and how Google uses AI for reversing malware, analyzing hacker videos, fuzzing, and more

Clint Gibler
Phil Venables
Clint Gibler, +1