tl;dr sec

tl;dr sec
Topics
Newsletter

Feb 05, 2026

[tl;dr sec] #314 - ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure

ClawdBot vulns, tools, and Skill scanners; measuring security with scorecards; new open-source framework mapping 70+ attack techniques across the SDLC

Clint Gibler

NewsletterNewsletter

Jan 29, 2026

[tl;dr sec] #313 - MCP Security Hub, IDE-Shepherd, Plaid's Security Pipeline as Code

MCP servers for offensive security tools, Datadog's IDE extension to protect against malicious IDE extensions, how Plaid scales security scanning across 100s of services

Clint Gibler

NewsletterNewsletter

Jan 22, 2026

[tl;dr sec] #312 - The Industrialization of Exploit Generation, macOS EDR Evasion, Hacking the AWS Console

Generating 0-day exploits with Opus 4.5 and GPT-5.2, blind spots for EDRs on macOS, supply chain vuln that enabled compromising the AWS Console

Clint Gibler

NewsletterNewsletter

Jan 15, 2026

[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills

Slack's AI agent system to optimize security alert investigations, deep dive into cloud-native detection engineering, ToB's open source Skills for security research, vulnerability detection, and audit workflows

Clint Gibler

NewsletterNewsletter

Jan 08, 2026

[tl;dr sec] #310 - Vulnerable MCP Labs, Pathfinding.cloud, Prompt Injection Taxonomy

9 vulnerable MCP servers to learn how to pen test AI agent infra, a knowledge base of 65+ AWS IAM privilege escalation paths, Jason Haddix's open-source classification system for LLM prompt injection attacks

Clint Gibler

NewsletterNewsletter

Dec 18, 2025

[tl;dr sec] #309 - Winning the AI Cyber Race, SAST at LinkedIn, Detection Engineering

Why AI offense is beating defense and Verifiability is All You Need, how LinkedIn scales SAST to millions of LOC and 10k's of repos, atomic detection rules

Clint Gibler

NewsletterNewsletter

Dec 11, 2025

[tl;dr sec] #308 - MCP Security, AWS re:Invent Recaps, Detecting Malicious Pull Requests with AI

MCP practice labs and securing MCP paper, re:Invent highlights, how Datadog detects malicious PRs at scale

Clint Gibler

NewsletterNewsletter

Dec 04, 2025

[tl;dr sec] #307 - AI Bug Hunting Tools, Shai-Hulud 2.0, Keeping Secrets out of Logs

Three open source AI-powered vulnerability finding tools, a baker's dozen security vendor blogs about the latest supply chain attack, how to keep secrets out yo' logs son

Clint Gibler

NewsletterNewsletter

Nov 20, 2025

[tl;dr sec] #306 - Claude Code's Hacking Campaign, Rust in Android, Secrets Scanners Miss

Claude used by state actors for a hacking campaign + industry weighs in, Rust -> 1000x reduction in memory safety vulns in Android, why your secret scanner is missing valid secrets

Clint Gibler

NewsletterNewsletter

Nov 13, 2025

[tl;dr sec] #305 - AI SAST, Awesome Annual Security Reports, Block Risky Dependencies

Open source AI SAST tools + vendor comparison, huge list of vendor security reports, GitHub Action to block risky dependencies

Clint Gibler

NewsletterNewsletter

Nov 06, 2025

[tl;dr sec] #304 - OpenAI & DeepMind's AI Security Agents, OSS Malware Database, How Figma Detects Sensitive Data Exposure

Aardvark and CodeMender autonomously find/fix vulnerabilities, open database for tracking malicious open-source packages, how Figma finds authorization issues at scale

Clint Gibler

NewsletterNewsletter

Oct 30, 2025

[tl;dr sec] #303 - MCP Security Scanners, Attacking GitLab CI/CD, AI SOC Benchmarks

Tools to scan MCPs for vulnerabilities, attacking self-hosted GitLab instance runners, benchmarks measuring the performance of AI's SOC and CTI capabilities

Clint Gibler