For the last couple months I have been working with AI security. First with the general architecture and data flows for Generative and Agentic AI systems, and lately more with prompt & response security techniques. These later topics are where AI systems offer greenfield for attackers to apply all the old — and a select …| Securosis
Research Research Library All Securosis research is completely independent and objective. It is developed in accordance with our Totally Transparent Research policy.| Securosis
It has survived recessions, obsessions, parenthood, natural disasters, pandemics, unnatural disasters, and the rise and fall of eateries great and small. That’s right, it’s the Securosis RSAC Disaster Recovery Breakfast! This year we’ve changed things up thanks to our new partner, 1Password, who reached out and offered to host the DRB in their event space …| Securosis
TL;DR: Support CloudSLAW Here! I know that as most of you lay your weary heads to rest every night (or morning, for you night shifters), the last thought that fires through your synapses is, “I really wish I could get more CloudSLAW!” Well, now you can! I’ve been debating for a while on the best …| Securosis
It’s a perfect fall Sunday morning here in Phoenix. After a brutally hot summer the air is cool, the sky is clear, and the fresh air is drifting into the hotel ballroom while I wait for my daughter to take the stage in the Irish dance regionals competition. The schedule is a little behind, so …| Securosis
We have a major problem. It isn’t really getting better, and soon a critical window of opportunity will close that we can’t afford to lose. I don’t say this lightly, and I think anyone who has read my prior work knows I am not prone to FUD. No one can possibly know the actual percentage …| Securosis
I just published a piece on Apple Intelligence at TidBITS that I’m pretty excited to release. I wrote it (literally sitting poolside on vacation) to try and explain why this matters to someone even if they don’t know anything about AI or security. For those of us in cloud security, some really interesting things are …| Securosis
TL;DR: Back in December, I took a job as head of strategy and technology for a candy-importing company called Dorval Trading. To explain the move I dusted off the confessor structure, and also performed a POPE evaluation of the opportunity below. I’ll be teaching at Black Hat this summer, so I hope to see many …| Securosis
The next phase of cloud security won’t be about shiny new products or services, although we’ll have those. It won’t be about stopping the next world-ending cloud 0-day, but we’ll continue trying to prevent them. It won’t be about AI, but we’ll still have to do something with AI to appease our machine overlords. It …| Securosis
I’ve been teaching cloud incident response with Will Bengtson at Black Hat for a few years now, and one of the cool side effects of running training classes is that we are forced to document our best practices and make them simple enough to explain. (BTW — you should definitely sign up for the 2024 …| Securosis
A year or so ago I was on an application security program assessment project in one of those very large enterprises. We were working with the security team and they had all the scanners, from SAST/SCA to DAST to vulnerability assessment, but their process was really struggling. It took a long time for bugs to …| Securosis
The UCTM is a cloud-centric threat model to help organizations better understand thereal-world attacks they are most likely to experience.| Securosis
