🗡️ Head of Security Research @semgrep 📚 Creator of tl;dr sec newsletter
Agent authentication & Model Context Protocol Security, k8s for pentesters, a critical look at "state of cloud security" reports
Threat modeling (with) LLMs, tj-actions woes, reading a threat actor's Telegram C2
Repo for simulating Russia, China, DPRK APTs, getting phished by CloudFormation or SSM, 7 flywheels for amplifying your security program
AI-powered web vuln scanner agent and Baby Naptime, 2 tools + guides on preventing ransomware in AWS, detailed guide on hacking AI agents/apps
How Burp Suite is adding AI-powered features, understanding and mitigating OAuth vulns, a PoC to subtly backdoor an LLM
Insights from Chinese intel reports on the NSA's TTPs, understanding and testing passkeys, how Databricks leverages AI to focus on business critical CVEs
NVIDIA's Agentic CVE investigation workflow, compromising the Internet via abandoned S3 buckets, do more in AppSec by doing less
How Google eliminates vuln classes, human expert-level AI spear phishing, how Palantir hardens their code writing process
How to autofix code and reduce noise, guide on creating infra diagrams and relevant threat modeling tools, identifying cloud TTPs and threat actors
Tool to sinkhole and misinform AI bots crawling your site, Google's new software composition analysis tool, hijacking backdoors in web shells at scale
![[tl;dr sec] #272 - AI Agent Security, Kubernetes Security, ‘State of CloudSec’ Reports: Insights or Self-Owns?](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2024-11-21_at_10.48.21_AM.png)
