tl;dr sec

tl;dr sec
Topics
Newsletter

Aug 07, 2025

[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review

How to build an AI agent that triages GuardDuty alerts, lessons learned scaling Netflix's detection pipelines, Anthropic releases a slash command and GitHub Action for performing secure code review

Clint Gibler

NewsletterNewsletter

Jul 31, 2025

[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels

Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited resources

Clint Gibler

NewsletterNewsletter

Jul 24, 2025

[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS

Automatically generating fuzzing harnesses and vulnerability proof-of-concepts, 5 incentives security programs should pursue, it's always DNS

Clint Gibler

NewsletterNewsletter

Jul 17, 2025

[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories

Checkpoint finds malware containing prompt injection, why preventative security is hard, @Rhynorater talk sharing 11 of his most impactful and technically challenging vulnerabilities

Clint Gibler

NewsletterNewsletter

Jul 10, 2025

[tl;dr sec] #287 - fwd:cloudsec Talk Recordings, How Figma Only Runs Approved Software, Auditing Code with AI

45 excellent cloud security talks, how Figma rolled out the binary authorization tool Santa, AI bug finding tools and paper

Clint Gibler

NewsletterNewsletter

Jul 03, 2025

[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions

Rules files to vibe securely, earning $25K from dangling commits, compromising the extension marketplace of Cursor, Windsurf, and other VS Code forks

Clint Gibler

NewsletterNewsletter

Jun 26, 2025

[tl;dr sec] #285 - AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships

Can LLMs red team AI, intro to detection engineering, how to scale security impact via cross-team partnerships

Clint Gibler

NewsletterNewsletter

Jun 19, 2025

[tl;dr sec] #284 - Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI

4 ways Google uses AI for security, catalog of AWS threat actor techniques, training a custom small language model to find secrets

Clint Gibler

NewsletterNewsletter

Jun 12, 2025

[tl;dr sec] #283 - Awesome Black Hat Tools, Evading EDR, Disrupting Malicious Uses of AI

Huge list of tools presented at various Black Hat conferences, how attackers evade modern EDR, OpenAI's report on threat actor campaigns they've disrupted

Clint Gibler

NewsletterNewsletter

Jun 05, 2025

[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery

Using Dependabot to merge malicious code and bypass branch protections, JWT attack guide with mitigations and labs, AI agents found a new Linux Kernel USB protocol stack vulnerability

Clint Gibler

NewsletterNewsletter

May 29, 2025

[tl;dr sec] #281 - Free AI Red Teaming Labs, Cloud Security Roadmaps, o3 Finds 0-day

Free Black Hat training by Microsoft's AI red team, a cloud security roadmap for your start-up, o3 finds an 0-day in the Linux kernel’s SMB implementation

Clint Gibler

NewsletterNewsletter

May 22, 2025

[tl;dr sec] #280 - Hardening GitHub Actions, Uber's Multi-Cloud Secret Management, Prompts are the New IOCs

Detailed guide on all the ways to harden GitHub Actions, Uber's Secret Management Platform that manages >150,000 secrets, "LLM TTPs" + a tool to detect and hunt adversarial prompts

Clint Gibler