Airline CEOs Push Congress to Fund Airport Security
US airline CEOs urge Congress to end standoff, pay airport security officers ~ this cannot be good for security at a time when we really need it. Also people are going to opt not to work for the government if this continues due to lack of stability. https://t.co/dvJ6g02Lzt
AI Code Refactoring Requires Relentless Prompting and Patience
Spent last night refactoring terribly written software 🤖 into manageable pieces and refactoring requirements. Even though the code had a number of correct examples after I got it to deploy a few resources with the correct pattern, the agent continued...
Built Automated Batch Job Framework in Two Weeks
If you followed my journey to try to build a batch job framework (below) for like three years well, here’s what I got done vibe coding 🤖 as a chaperone for naughty AI agents and chatbots in two weeks. To...
Sandbox AI Models Locally to Avoid Security Risks
Trending on GitHub Be careful if running any kind of AI thingamajig on your laptop - put it in a sandbox with strict permissions. I haven’t looked into this in detail. GitHub - microsoft/BitNet: Official inference framework for 1-bit LLMs https://t.co/aPGkm86lnR
AI-Crafted IAM Policies Require Careful Human Review
This AI chatbots 🤖 do while vibe coding: I have a complex bootstrap script to set up an environment for my batch job framework. It needs to create accounts with a role in the root account. And that is all it...
AI Needs Human Oversight, Not Blame for Outages
If you are distressed because AI is causing outages at AWS well… don’t jump to conclusions like everyone did with the whole slew of S3 bucket debacles. Yes there will be problems as people learn how to use this new...
Mac's DNS Glitch Sparks Apple Support Confusion
What are the chances this is really Apple Support? And why is my Mac trying to connect to ip addresses instead Mountain View California right now instead of domain names. Don’t have time for this. 64.233.176.254 @google @apple https://t.co/qsHLJWmhRt
AI Code Isn’t Reliable, but It Speeds Development
You cannot trust code written by AI. But you can still use it to write code faster.
AI-Generated Code Still Fails Critical Security Checks
OMG so much time telling LLMs 🤖to create two lambdas that ALWAYS verify Yubikey before taking actions and after many rounds of bug fixes like wrong database table names for example (would never work) they come up with a...
AI‑Built Tool Cuts AWS Private Network Costs
I’m working on this but got hung up on networking once again The cost to deploy private networks on AWS is prohibitive for small businesses just trying out an idea. My solution is an alternate network for different environments like testing...
AI Coding Agents Can Install Unsafe Tools, Beware
Fun with coding agents. 🤖 Told it to check if a tool was installed and if not install it. Wrote code to use curl to get a common tool from some sketchy GitHub repo instead of using yum on EC2. People not paying...
Detect Reverse Shells with Process‑Network Monitoring Script
A Script To Monitor Application Network Connections 🔒 How would you spot a reverse shell such as was used in Lexus Nexus breach? I vibe coded this script to see parent and child processes with application paths, process names, IPs,...
AWS Secrets Manager Misuse Fueled Lexus Nexus Breach
Lexus Nexus Breach Involving AWS Secrets Manger, RDS, ECS 🔒☁️ Taking a look at the root cause of a breach on AWS, what is actually relevant, and how it may have been prevented https://t.co/Uox6A1LzE9 https://t.co/T7mTvFkZFZ
AI-Generated AWS Scripts Need Human Verification
So here’s a couple of fun things I tried that show how counting on AI 🤖 to do the right thing can go terribly wrong if you are not testing and paying attention. I tested automatically creating some AWS infrastructure scripts...
AWS Model Privacy: Risks of Insider Access and Data Leakage
Although I’m in 🩷 with Kiro CLI and like that AWS makes a copy of the model so your data doesn’t reach the model providers, I want to know more about AWS internal access to such things, customer segregation with...
Build Efficient Multi‑Agent Workflows with Kiro CLI
A Multi-Agent Workflow 🤖 Creating a multi-agent workflow with Kiro CLI (or any other AI tool for that matter) that processes tasks efficiently https://t.co/2gvuZWuBqj https://t.co/pYWOVMmaXe
Isolate Each Kiro CLI Agent in Secure Sandboxes
Securing Kiro CLI Custom AI Agents 🤖 Configuring multiple agents to work with Kiro CLI in individual sandboxes https://t.co/Bt0CxhDK5j https://t.co/Z4WJtwDoms
OAuth Redirect Abuse Fuels Phishing and Malware
OAuth redirection abuse enables phishing and malware delivery | Microsoft Security Blog I just wrote about this type of attack and what you should be asking about authentication processes. Modifying scopes is an authorization issue but it’s related. https://t.co/TucGqHuinb
AI-Powered Lambda Fixes CloudTrail Errors with Bedrock
Querying CloudTrail Errors And Getting AI Recommendations To Fix Them 🤖☁️ Creating a Lambda Function That Uses an AI Prompt with Bedrock and tests Claude and Nova models https://t.co/NQkQbdjudd https://t.co/mnM0kRO5hp
FT Blamed AI; It Was User Misconfiguration Error
We want to address the inaccuracies in the Financial Times' reporting yesterday. The brief service interruption they reported on was the result of user error—specifically misconfigured access controls—not AI as the story claims. https://t.co/0ApCIDNsJT
Know What Security Tools Access Before They Exploit You
Until it hacks everyone’s GitHub accounts and wipes out all their IP. Be careful with tools like this. Make sure you understand what it can access and what it can do. Understand where it is sharing your code and storing...
Defense in Depth: Evaluate Auth with Password + Yubikey
Questions to ask when evaluating an authentication mechanism 🔒 Why I still use a password with a Yubikey, not a passkey or a pin Why I dislike the device code flow with a browser How lack of segregation facilitated a Microsoft breach. Defense...
AI Threatens CAPTCHA and Voice Biometrics Authentication
“AI can defeat CAPTCHA systems and analyse voice biometrics to compromise authentication,” [TR: Never trusted voice recognition, it’s too fuzzy to use for auth in my opinion. Infecting memory is an interesting problem.]
AI Chatbots Spot Security Bugs, Not Write Safe Code
Finding Security Bugs in Code With AI Chatbots and Agents 🤖🦊 Although you can't trust code written by an AI chatbot or model you can use one to help you better secure your code https://t.co/mhQJgBlHPe https://t.co/VO48Wro7LJ
Secure AI: Blend Deterministic Controls with Trustworthy Insights
How can a company like @TIBCO win in the age of AI? Was just reading about their current market strategy and risk. I was involved with a TIBCO project while implementing a tax solution at a Fortune 1000 company. Focus...
Ask the Problem First, Then Match Tools
This is an interesting thread. Everyone is suggesting tools to solve the problem. I’d start by asking more about the data and the questions the customer is trying to answer or problems they are trying to solve first before recommending...
Automated GuardDuty Feature Audit and Enablement in Hours
Vibe coded 🤖 a script to list which AWS GuardDuty features are enabled in minutes. Took 15-30 minutes to correct it. The script to enable disabled features, sub features, and create an s3 malware scan plan took about two hours. See blog...