📺️ AI for Security Engineers (with Cursor's Security Lead)

AI is helping developers ship faster than ever. How can security keep up?

I'm stoked for my upcoming chat with my friend Travis McPeak, Security Lead at Cursor, about how security engineers can use coding agents to become even more leveraged.

Cursor has been one of the fastest growing and shipping AI-forward companies right now, so I thought it’d be great to hear from someone on the front lines.

I’ve actually known Travis and been a fan of his work for years, when he was doing cool stuff as the AppSec engineering manager at Netflix, then Head of Product Security at Databricks, then co-founder of Resourcely.

We'll discuss in the webinar:

• How modern coding agents change what projects are feasible for security engineers.

• The impact of coding agents on secure defaults and building a “paved road.”

• Using AI to rapidly ramp up on new code bases and tech domains.

• Automating cloud security.

• Building (and owning in production) security controls, without hurting developer experience.

• Getting broad and continuous visibility into security-relevant code changes.

• Where AI is headed, and what it means for you and your role.

We’ll leave plenty of time for questions, so you can ask Travis and I about whatever is most immediately pressing and useful to you.

When: (next week) February 19th, 10am PST.

Hope to see you there!

👉️ Join us: AI for Security Engineers 👈️ 

Sponsor

📣 2026 State of Identity Security Report

Attackers are already logged in before access risk is fully understood, and the biggest delay in response isn’t alerts, it’s confidence.

New data from 500+ security teams shows:

• Identity-based access is the most common path into cloud environments

• Teams often detect activity but lack context to assess risk pre-incident

• Non-human identities and AI agents drive blast radius through long-lived, over-privileged credentials

The State of Identity Security Report 2026 breaks down where identity visibility fails and what helps teams scope and contain incidents faster.

👉 Get the Report 👈

AppSec

Quicklinks

• Lost in Translation: Exploiting Unicode Normalization by Ryan Barnett and Isabella Barnett (So cool to have a family co-presenting team 🤩, love it)

• The security platform that ships with your code — Arcjet helps teams protect APIs and applications using in-code security like rate limiting, bot protection, and request validation. No proxies, test locally, everything in code.*

• Parser Differentials: When Interpretation Becomes a Vulnerability by Joern Schneeweisz

^*Sponsored

Top 10 web hacking techniques of 2025
PortSwigger’s James Kettle announces the top 10 web hacking techniques of 2025, selected from 63 community nominations through voting and expert panel review. Some 🔥 research, well worth reading as always.

1. By Vladislav Korchagin: Successful Errors: New Code Injection and SSTI Techniques introduces new error-based techniques for exploiting blind server-side template injection. Includes novel polyglot-based detection techniques.

2. By Alex Brown: ORM Leaking More Than You Joined For evolves ORM leaks from a niche, framework-specific vulnerability into a generic methodology for exploiting search and filtering capabilities.

3. By Shubham Shah: Novel SSRF Technique Involving HTTP Redirect Loops - A technique for making blind SSRF visible.

ambionics/phpggc
A library of PHP unserialize() payloads along with a tool to generate them. It supports 15+ frameworks including Laravel, Symfony, Drupal, and Monolog, with gadget chains for RCE, file read/write, and other exploitation primitives.

The CISO's Craft: Watchmaker or Gardener?
Phil Venables contrasts two CISO leadership philosophies: the "Watchmaker" emphasizes precision, command-and-control, detailed policies, and centralized tools for predictable security but risks rigidity and burnout; and the "Gardener," which focuses on cultivating security culture, empowering teams with principles and guardrails, and building adaptive resilience but may appear less structured. Modern CISOs should blend both.

Sponsor

📣 AI is speeding up attacks—can your AppSec keep up?

New research highlights a harsh reality for AppSec: 54% of orgs saw incidents in their own apps, and half take 1–7 days to fix critical issues. Attackers do not wait and AI‑driven threats move faster than teams can respond. Omdia explains why Application Security Posture Management (ASPM) is becoming essential for cutting alert noise, taming tool sprawl, and keeping security in step with modern delivery speed.

👉 Read the Omdia Report 👈

Attackers are definitely moving faster (see the AI + Security section). Streamlined fixes and quickly prioritizing the right things seems like it’s going to be more and more important.

Cloud Security

awesome-foundation/aws-config-d
By Luka Kladarić: Manage multiple AWS SSO organizations with separate config files. Split ~/.aws/config into one file per organization. Concatenate on shell start. No dependencies.

Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile
SpecterOps’ Andrew Gomez and Allen DeMoura announce azureBlob, a new Mythic C2 profile that leverages Azure Blob Storage for command and control, exploiting common firewall exceptions like *.blob.core.windows.net found in deployment guides from vendors like Citrix, Parallels, and Nerdio.

AI-assisted cloud intrusion achieves admin access in 8 minutes
Sysdig’s Alessandro Brucato and Michael Clark observed where a threat actor escalated from stolen credentials to admin access in under 10 minutes, with strong indicators of LLM-assisted operations including Serbian-commented code, hallucinated GitHub repos, and fake AWS account IDs. The threat actor gained initial access to the victim's AWS account through credentials discovered in public S3 buckets, escalated privileges through Lambda function code injection, moved laterally across 19 unique AWS principals, abused Amazon Bedrock for LLMjacking, and launched GPU instances for model training. “The affected S3 buckets were named using common AI tool naming conventions, which the attackers actively searched for during reconnaissance.”

Novel Technique to Detect Cloud Threat Actor Operations
Palo Alto Networks’ Nathaniel Quist describes a detection method that identifies threat actors by mapping cloud security alerts to MITRE ATT&CK techniques, successfully distinguishing between Muddled Libra (cybercrime group using social engineering and ransomware) and Silk Typhoon (China-nexus APT exploiting Exchange servers and VPNs) based on their unique "fingerprints." The analysis across 22 industries from June 2024-June 2025 found Muddled Libra triggered nearly 70 unique alert types (focused on Azure Graph API enumeration and Microsoft 365 exfiltration) with only 3 overlapping with Silk Typhoon's 50+ alert types (focused on automated collection and data destruction).

The takeaway: tracking unique alert variety (breadth of techniques) versus average daily alert volume (operational persistence) can enable proactive threat hunting.

💡 I wonder if any threat actors read reports like this about other threat actor groups and think, “Huh nice, good point, yeah I should do more of what they’re doing, I’m missing out.”

AI + Security

Quicklinks

• qwibitai/nanoclaw - A lightweight alternative to Clawdbot / OpenClaw that runs Agents in containers (supports Linux and macOS containers) for security. Connects to WhatsApp, has memory, scheduled jobs, and runs directly on Anthropic's Agents SDK.

• HKUDS/nanobot - An ultra-lightweight personal AI assistant inspired by OpenClaw. Core agent functionality is just ~4,000 lines of code, 99% smaller than Clawdbot's 430k+ lines.

• nearai/ironclaw - An OpenClaw inspired implementation in Rust focused on privacy and security. Untrusted tools run in isolated WebAssembly containers with capability-based permissions. Secrets are never exposed to tools; injected at the host boundary with leak detection. Endpoint allowlisting.

• owockibot’s hot wallet private key was compromised after 5 days, his learning in public GitHub gist was compromised. Retrospective.

• I spent too long on this section and ran out of time for the supply chain, blue/red team sections. Sorry friends 😅 

OpenClaw Security Engineer's Cheat Sheet
Great security guidance overview of OpenClaw by Semgrep’s Kurt Boberg, covering: thinking about OpenClaw security concerns from first principles, the attack surface, detecting use in your corporate environment (across endpoints, your registry mirror, network indicators), setting up hardened environments to experiment in (sandboxing), security scanning Skills, configuration hardening, incident response, and more.

💡 Tons of useful tools links, commands to run, hardening recommendations, related work references, and more. I love posts like this tying a bunch of things together 👍️ 

kappa9999/ClawShield
Security preflight and guardrails for OpenClaw/Moltbot. It checks your config for risky settings, warns you if your gateway is exposed, and helps you keep skills from being tampered with.

prompt-security/clawsec
A complete security skill suite for OpenClaw's family of agents. Protect your SOUL.md from drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.

💡 “Protecting your SOUL.md" was not a phrase I had on my 2026 Bingo card 😂 

backbay-labs/clawdstrike
By Connor Whelan: A runtime security enforcement library for AI agents that provides tool-boundary enforcement through 7 built-in guards (path access, network egress, secrets detection, patches validation, tool restrictions, prompt injection, and jailbreaks) with Ed25519-signed receipts proving what was decided under which policy. It has four-layer jailbreak detection (heuristic, statistical, ML, and optional LLM-as-judge), output sanitization with streaming support, and adds low overhead per tool call.

Discovering Negative-Days with LLM Workflows
Eugene Lim describes building a GitHub Action workflow that uses Claude to detect "negative-days" and "never-days" (vulnerabilities patched in open-source projects before they get a CVE) by monitoring repository commits and analyzing them with LLMs. He walks through iterating on the prompt and process: incorporating pull request context via GitHub's listPullRequestsAssociatedWithCommit API, refining prompts to focus on exploitable vulnerabilities with concrete PoCs, and fixing JSON output issues.

Eugene open sourced the GitHub Action: vulnerability-spoiler-alert-action and a live dashboard showing recent findings: vulnerabilityspoileralert.com.

💡 Academics have been writing about finding bugs from diffs for probably decades, but what I think is important to note is how relatively straightforward and effective this approach was. In your mental threat model, move “detecting vulnerabilities before they receive CVEs and creating exploits” from “requires nation state resources” to “one person, a few days, a few dollars in LLM costs.” (of course depends on the target)

The increased rate and ease of finding vulnerabilities (see also below) is going to make being able to rapidly patch software, roll out updates, and ideally solve classes of problems (secure defaults, memory safe languages, sandboxing/capabilities) even more important.

Evaluating and mitigating the growing risk of LLM-discovered 0-days
Anthropic’s Nicholas Carlini, Keane Lucas, Evyatar Ben Asher et al describe how Claude Opus 4.6 discovered over 500 high-severity memory corruption vulnerabilities in well-fuzzed open source codebases. How: they put Claude in a VM and gave it access to the latest versions of open source projects, standard utilities (e.g., the standard coreutils or Python) and vulnerability analysis tools (e.g., debuggers or fuzzers). But no special instructions on how to use these tools nor a custom harness that that gives specialized knowledge about how to better find vulnerabilities.

Claude worked like a human researcher: analyzing Git commit histories to find similar unpatched bugs, identifying unsafe function patterns like strcat, and understanding complex compression algorithms like LZW to craft exploits that traditional fuzzers miss.

The team validated each bug before reporting: first having Claude validate and deduplicate, then a human validated the issue and wrote a patch. They focused on memory corruption vulnerabilities because they can be easily validated, by monitoring the program for crashes and running tools like address sanitizers to catch non-crashing memory errors.

“Looking ahead, both we and the broader security community will need to grapple with an uncomfortable reality: language models are already capable of identifying novel vulnerabilities, and may soon exceed the speed and scale of even expert human researchers.”

💡 The key part here is without special instructions or a custom harness, just Opus 4.6 going to town. We can reasonably expect with moderate to high scaffolding the outcome would be some to significantly better.

I would be curious to know a bit more about the details though: after the automated validation, how many of the findings were still “false positives” / not interesting? How much did this cost (total, per bug)? How long did Opus run to find the bugs?

Misc

Misc

• Mace Windu vs Palpatine but it's a musical

• DJ KHALED: Sundae Conversation with Caleb Pressley

• breachpool - Which company is going to get hacked next?

AI

• Noah Kagan - AppSumo revenue is down 50% over the past 2 years - Software margins going down, LLMs killing low value software, it’s easier for devs to quite and start something new.

• Meme - When you 100% vibe coded your app and it works 😂 

• Prof Galloway Markets - Did AI Kill Software?

• Ian Tracey - The K-Shaped Future of Software Engineering

• OpenAI President Greg Brockman - Software development is undergoing a renaissance in front of our eyes. “As a first step, by March 31st, we're aiming that: For any technical task, the tool of first resort for humans is interacting with an agent rather than using an editor or terminal.“

• Peter Girnus - The SaaSpocalypse: How Eleven Free Plugins Exposed Tech's Biggest Lie

• Matt Shumer - Something Big Is Happening

Politics

• He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive - Absolutely insane story and great reporting 🤯 

• Y Combinator CEO Garry Tan launches dark-money group to influence California politics

• Grok has been getting some flak for enabling users to create non consensual adult images and spicy pictures of minors.

• Meanwhile, the Pentagon will be sharing classified info and data from intelligence databases to Grok.

• Trump’s campaign of retribution - “Reuters documented at least 470 targets of retribution under Trump’s leadership – from federal employees and prosecutors to universities and media outlets. The list illuminates the sweeping effort by the president and his administration to punish dissent and reshape the government.”

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint

P.S. Feel free to connect with me on LinkedIn 👋