Clint Gibler

🗡️ Head of Security Research @semgrep 📚 Creator of tl;dr sec newsletter

Jun 18, 2026

[tl;dr sec] #333 - Perplexity's Bumblebee, Evading Cloud Logging, AI Vuln Hunting Spec

OSS tool to scan packages, agent configs, editors, and browser extensions for malware, tactics for evading cloud logging, a specification to generate your own custom agentic AI security scanning system

Clint Gibler

NewsletterNewsletter

Jun 11, 2026

[tl;dr sec] #332 - I've Joined OpenAI, fwd:cloudsec, AWS Well Architected Supply Chain Security

Why I joined OpenAI to lead Cyber efforts, playlist of the latest cloud security talks, AWS' supply chain best practices

Clint Gibler

NewsletterNewsletter

Jun 04, 2026

[tl;dr sec] #331 - How Adversaries Use AI, Skill Issues, Using IDEs for C2

Google's deep dive on how threat actors are using AI, bypassing malicious skill scanning, using VS Code dev tunnels for command and control

Clint Gibler

NewsletterNewsletter

May 28, 2026

[tl;dr sec] #330 - AWS Pathfinding Labs, Running Codex Safely at OpenAI, Glasswing Updates

100+ intentionally vulnerable AWS environments for practicing cloud attack paths, how OpenAI deploys Codex internally, Anthropic's update on bugs found and their open sourced harness

Clint Gibler

NewsletterNewsletter

May 21, 2026

[tl;dr sec] #329 - AI-powered Honeypots, GitHub Action Canaries, Microsoft’s Agentic Security Scanner

Detecting and deceiving attackers with AI honeypots, detect supply chain attacks with GitHub Action canaries, the latest from Microsoft's new "Autonomous Code Security" team

Clint Gibler

NewsletterNewsletter

May 14, 2026

[tl;dr sec] #328 - Shai-Hulud's Source Code Leaked, Break Into Buildings for $, Reversing EDRs with AI

Teardown of TeamPCP's offensive framework that was briefly published on GitHub, Reddit AMA on a career in physical penetration testing, the end of "opaque defense": AI makes understanding defensive tool implementations easy

Clint Gibler

NewsletterNewsletter

May 07, 2026

[tl;dr sec] #327 - Finding Zero-days with Any Model, Practical Package Security, Measuring the AI Offense-Defense Gap

Niels Provos on finding 0-days with public models, a guide to securing your use of third party packages, two open source tools to measure AI hacking vs defense (+ dynamic lab environment)

Clint Gibler

NewsletterNewsletter

Apr 30, 2026

[tl;dr sec] #326 - AI Auto Exploiting Vulnerabilities, GitHub RCE, Autonomous Cloud Hacking Agent

Automatically creating PoCs for vulnerabilities, git push → code execution on github.com, how well can an AI agent system hack your cloud?

Clint Gibler

NewsletterNewsletter

Apr 23, 2026

[tl;dr sec] #325 - Dissecting Mythos, The $0 Security Stack, GitHub Action Red Team Framework

Replicating Mythos bugs with public models and more, building a useful security program for free, new post-exploitation framework for CI/CD pipelines that can replicate the full TeamPCP attack kill chain

Clint Gibler

NewsletterNewsletter

Apr 16, 2026

[tl;dr sec] #324 - OpenAI's GPT-5.4-Cyber, Solve by Default, GitHub Action Security

OpenAI's new cyber-focused model and early access program, how to solve instead of defer tasks, securing GitHub Actions

Clint Gibler