🏡 Be a Host

This week I had the privilege of giving a talk to Airbnb’s security champions.

The talk was on secure defaults, applying AI to security, and where software development is headed in an AI-heavy world.

One of the especially cool parts of the experience was that one of the organizers of the event, Aika Sengirbay, is a long time friend. (Also H/T Mudita Khurana)

I remember meeting Aika about a decade ago when she was just breaking into security. Now she’s “Tech Lead Information Security” 🙌 

And Carlo and Michael Reisinger were there, former NCC Group friends who are now at Airbnb.

I really enjoy seeing people grow, get married and have kids, work all these places, and accomplish all of these amazing things 🤩

One nice thing about security being a small field I suppose.

I wonder how it’s going to feel in another 5 or 10 years.

P.S. Semgrep just launched the private beta of our AI-powered detection, which blends Semgrep's deterministic engine with LLM reasoning. It's already found authorization bugs for companies that they were paying $thousands for when reported via bug bounty.

Sponsor

📣 Master the OWASP Top 10 for LLM Security

AI applications introduce new risks—especially when they handle sensitive data or operate autonomously. Our interactive experience, based on the OWASP Top 10 for LLMs, walks you through real-world threats and actionable steps across data, identity, and AI security. Whether you’re securing prompts, agents, or model access, this guide helps you strengthen your AI posture from the ground up.

👉 Explore the Interactive Guide 👈

AppSec

BSides Seattle 2026 CFP
Closes November 21, 2025.

What's changed in the OWASP Top 10 for 2025
It’s not even Christmas and we get a new OWASP Top 10. Broken Access Control remains at #1. New categories: Software Supply Chain Failures and Mishandling of Exceptional Conditions.

Their methodology combines data from 2.8 million applications across 589 CWEs, with community survey input to balance historical testing data with emerging threats. Generally they aim for categories that focus on root causes rather than symptoms. SSRF has been rolled into Broken Access Control (not Injection? 🤔).

jacobdjwilson/awesome-annual-security-reports
HUGE collection of annual cyber security reports by Jacob Wilson from various vendors, categorized by Analysis or Survey, across: Industry Trends, Threat Intelligence, Application Security, Cloud Security, Vulnerabilities, Ransomware, Data Breaches, Physical Security, and AI and Emerging Technologies.

Introducing HTTP Anomaly Rank
Portswigger’s James Kettle introduces HTTP Anomaly Rank, an algorithm now integrated into Turbo Intruder and Burp Suite's API that automatically identifies the most interesting HTTP responses without manual sorting. This can be useful for finding subtle vulnerabilities (the ol’ “Hm, this looks weird”). The algorithm scores responses based on how different they are from others by calculating weights for various response attributes (status code, word count, etc.) based on their stability, efficiently highlighting anomalies even in noisy responses.

Sponsor

📣 5 Critical Microsoft 365 Security Settings You Might Be Missing

Set it and forget it? Not when it comes to M365 security. Configuration drift, admin sprawl, and risky integrations creep in over time, opening up security gaps that attackers love to exploit. This checklist from Nudge Security will help you catch common pitfalls and keep your environment secure.

👉 Get the Guide 👈

M365 is complex 😥 Great to have a checklist for common gotchas and pitfalls 👆️ 

Cloud Security

2025 SANS CloudSecNext Summit
20 talk recordings now live.

Deploying to Amazon's cloud is a pain in the AWS younger devs won't tolerate
Corey Quinn describes the painful process and complexity of setting up a simple web app in AWS with some A+ snark. 100% agree. “And then you push your code and realize that, on balance, baby seals get more hits than your website.” 😂 

quinnypig/yeet
Be careful when you make jokes on the Internet, because Corey Quinn may just make them real. Yeet analyzes your project using Claude, figures out what’s in it, and then tells you the commands to run to deploy it. Also comes with yoten, which finds where you yeeted your slop, hits the URL, determines if it’s fire, mid, or cooked, and roasts you accordingly.

Weaponizing the AWS CLI for Persistence
Hector Ruiz Ruiz shows how AWS CLI aliases can be weaponized for stealthy persistence by creating a one-liner that executes malicious code while preserving the original command functionality. The technique works by creating an alias for a common command (e.g. aws sts) that dynamically modifies the alias file at runtime to call the original command so everything seems normal, then it runs arbitrary malicious commands (exfiltrating credentials, reverse shell, etc.) after and finishes by restoring the malicious alias.

Supply Chain

Heisenberg: How We Learned to Stop Worrying and Love the SBOM
AppOmni’s Yevhen Grinman and Max Feldman announce Heisenberg (GitHub Action), an open-source tool that automatically scans pull requests to detect risky or newly published dependencies before they merge.

It scans new or changed dependencies (from your lock/manifest), pulls health and risk signals (deps.dev, Snyk Advisor, Socket + heuristics), flags fresh publishes (<24h), flags deprecated/inactive packages, detects if there are postinstall scripts, and comments a report on the PR, optionally labels it for security review, and can fail the job on policy hits.

Heisenberg currently supports PyPI, npm/yarn, and Go ecosystems, and can also be used to quickly determine if/where you’re affected in the case of Yet Another NPM Attack (YANPMA): (beforehand) you generate an SBOM for every repo which Heisenberg can then use to search for the known compromised packages.

The attack exploits a race condition between maintainer approval and code execution: in one case, a maintainer could comment “/ok to test” → malicious code pushed to the approved PR → bot copies the untrusted code into a new in-repo branch for automated testing (code execution within the victim repo → steal secrets).

Recommendations: all approvals must be pinned to an immutable object (e.g. commit SHA), prefer pull_request_review over issue_comment, remove workflow: write permissions if possible and use Repository Rulesets to block any identify from pushing directly to .github/workflows/, use Environment Secrets with Required Reviewers, and more.

Blue Team

karlvbiron/MAD-CAT
By Karl Biron: MAD-CAT (Meow Attack Data Corruption Automation Tool) is a security tool designed to simulate data corruption attacks against multiple database systems (MongoDB, Elasticsearch, Cassandra, Redis, CouchDB, and Hadoop HDFS). The tool supports both single-target attacks and bulk CSV-based attack campaigns, with support for both credentialed and non-credentialed attack scenarios.

EvilBytecode/NoMoreStealers
A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware, specifically, browser user data, cryptocurrency wallets, and communications apps (Discord, Telegram, Signal). Note that this is more of a proof of concept: it doesn’t monitor file writes, uses hardcoded-paths, and is vulnerable to file name spoofing.

All you need to know about JA3 & JA4 Fingerprints (and how to collect them)
Gabriel Alves explains the key differences between JA3 and JA4 fingerprints and how they can be used for network-based threat detection, for example identifying C2 communications in encrypted traffic. In short, JA[3-4+] fingerprints act as a unique “signature” of TLS clients, allowing the quick identification of malicious communications, such as those originating from C2 infrastructure or botnets, which frequently use custom or specific TLS libraries, resulting in a unique fingerprint.

J3 is a hash of a number of factors (opaque), J4(+) is a collection of smaller fingerprints that make it easier to reason about the TLS versions, ciphers, protocol, etc. The post provides practical guidance on collecting these fingerprints using Wireshark and implementing multi-fingerprint detection strategies with example YARA rules for identifying C2 communications.

AI + Security

arm/metis
By Arm's Product Security Team: Metis is an open-source AI-powered security code review tool that helps engineers detect subtle vulnerabilities, improve secure coding practices, and reduce review fatigue. It uses LLMs for deep semantic understanding, leverages RAG for context-aware reviews (ChromaDB or PostgreSQL with pgvector as vector store backends), supports C, C++, Python, Rust, and TypeScript through a plugin-based system. Metis offers both interactive and non-interactive modes.

The system outperformed single-agent approaches in testing, finding 78-89% more vulnerabilities than Claude Code and 4-4.25x more than Codex, and so far Claude Sonnet offers the best performance-to-cost ratio.

💡 I also found very interesting in part 3, that a custom Factory Droid found 35-44% more vulnerabilities than SecureVibes using the same model: “All the work I did over the past few days building a custom multi-agent system essentially got matched by a feature Factory released in their coding agent.“

Curl maintainer Daniel Stenberg, who previously was critical about AI-found submissions due to the high rate of slop, was positive about some recent AI-powered bug submissions, “Most of them are just plain variable mixups, return code confusions, small memory leaks in weird situations, state transition mistakes and variable type conversions possibly leading to problems etc.“

• First Use of "Just-in-Time" AI in Malware: For the first time, GTIG has identified malware families that use LLMs during execution to dynamically generate malicious scripts, obfuscate their own code to evade detection, and leverage AI models to create malicious functions on demand, rather than hard-coding them into the malware.

• "Social Engineering" to Bypass Safeguards: Threat actors are adopting social engineering-like pretexts in their prompts to bypass AI safety guardrails, such as “this is for a CTF” or “I’m a cybersecurity researcher.”

• Maturing Cyber Crime Marketplace for AI Tooling: Multiple offerings of tools designed to support phishing, malware development, and vulnerability research, lowering the barrier to entry for less sophisticated actors.

• Continued Augmentation of the Full Attack Lifecycle: State-sponsored actors including from North Korea, Iran, and China continue to misuse Gemini for reconnaissance and phishing lure creation to command and control (C2) development and data exfiltration.

Misc

Feelz

• NY school phone ban has made lunch loud again - More kids are engaging, making friends, reading, etc. when they can’t use phones during the school day.

• Why I No Longer Want To Hear Dating Advice From Conventionally Attractive People

• I Met The Man Who Knows Why People Cheat, Get Divorced Or Find Lasting Love - An interview with psychoanalyst Stephen Grosz, who wrote Love’s Labour and The Examined Life.

• Scott Galloway on The Daily Show discussing his new book, “Notes on Being a Man.” Blog post.

• AI Psychosis: The Birth of Social Atrophy

• Study: ‘Our results further suggest that optimism is specifically related to 11 to 15% longer life span, on average, and to greater odds of achieving “exceptional longevity,” that is, living to the age of 85 or beyond.’

Tech

• Meta is earning a fortune on a deluge of fraudulent ads, documents show - “Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, documents seen by Reuters show. And the social media giant internally estimates that its platforms show users 15 billion scam ads a day. Among its responses to suspected rogue marketers: charging them a premium for ads – and issuing reports on ’Scammiest Scammers.’”

• Caleb Sima LinkedIn thread with good discussion: What’s a security tool you bought that ended up creating MORE work, and NOT producing value?

AI

• Greg Isenberg - This is what’s keeping me up at night - Long tweet with AI predictions

• The New York Times is suing OpenAI and demanding that the court forces them to hand over 20M user conversations. Upcoming Times article: “You won’t believe what people were telling ChatGPT.”

• lone-cloud/gerbil - A desktop app for running LLMs locally. Allegedly this is Richard Gere’s favorite way to run LLMs.

Misc

• Dr. Mike on lead contamination in protein shakes - TL;DR there were some studies that reported “high” levels of lead in some products, but that was based on California’s Prop 65 (stricter than FDA guidelines) which is much lower than levels that have shown to cause long term cognitive issues. If you’re a man it’s probably fine, pregnant women and kids do have lower thresholds though.

• New gel restores dental enamel and could revolutionise tooth repair

• Louisiana Took Months To Sound Alarm Amid Whooping Cough Outbreak - The state’s worst whooping cough outbreak in 35 years. Two infants deaths so far.

• 100 derivatives (in one take)

• Brennan Lee Mulligan - Worst improv scene intro ever

• Brandon Sanderson’s writing lecture - Grandpa Tolkien Cheated

• Julie Gurner - If you want to give yourself a solid kick forward in your future, ask yourself: "What will it cost me if I don't act?" People postpone endlessly because they don't think about or connect fully with the costs of inaction.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint

P.S. Feel free to connect with me on LinkedIn 👋