cybersecurity
Google Officially Completes Wiz Acquisition for Cloud Security
Google has officially closed its acquisition of Wiz. Learn what this merger means for multi-cloud security, AI-driven threat detection, and platform support.
ai security
ai-security
What is Promptfoo?
The AI security landscape is shifting rapidly. Discover Promptfoo, the LLM red-teaming and evaluation platform recently acquired by OpenAI, and how it fits into your AI security stack.
ai-security
Clawdbot Security: How an AI Agent Could Leave Your Front Door Unlocked
Clawdbot is the latest AI trend, but critical misconfigurations are exposing API keys, Signal accounts, and root shells to the public internet. Here is what you need to know.
ai-security
Hacking the AI Inner Voice: Understanding Chain-of-Thought Forgery
Chain-of-Thought (CoT) Forgery is a sophisticated attack where hackers plant fake reasoning to trick AI models into bypassing safety guardrails. Learn how "Authority by Format" works and how to secure your LLMs.
ai-security
The New Triad of AI Security: Promptfoo, Strix, and CAI
Discover the new wave of open-source AI security tools: Promptfoo, Strix, and CAI. Learn how to combine them for a defense-in-depth strategy to secure your AI applications.
ai-security
Setup Google Model Armor with Terraform
Secure your LLMs with Google Model Armor. Learn how it works, deploy reusable Terraform modules for templates, and enforce organization-wide safety floors to prevent prompt injections.
ai-security
The Moltbook Hack: When "Vibe Coding" Leaks 1.5M API Keys
A massive breach at Moltbook exposed 1.5M API keys and 35,000 user emails due to a simple Supabase misconfiguration. Learn how "vibe coding" led to this critical security failure.
ai-security
How a Calendar Invite Tricked Google Gemini
A new prompt injection flaw in Google Gemini allowed attackers to steal private data via malicious Calendar invites. Learn how this "semantic attack" bypassed security controls and what it means for AI agent security.
ai-security
Private AI Coding: Run Secure, Local LLMs with OpenCode and Docker
Stop leaking your code to the cloud. Learn how to build a private, secure AI coding assistant using OpenCode and Docker Model Runner. Full tutorial with code samples for local RAG and secure model serving.
ai-security
From Reactive to Autonomous: A Guide to the AI Maturity Model for Cybersecurity
Is your SOC truly AI-driven? Explore the 5 levels of the AI Maturity Model for Cybersecurity, from manual operations to autonomous defense, and chart your path to resilience.
ai-security
Securing Model Context Protocol (MCP) Authentication: Best Practices
Securing the Model Context Protocol (MCP) is critical for AI agent safety. Learn the best practices for authentication, from preventing Confused Deputy attacks to implementing OAuth 2.0 and avoiding token passthrough.
ai-security
The Key Principles of Google SAIF Framework (1/3)
Discover the core principles of Google's Secure AI Framework (SAIF). Learn how this holistic, lifecycle-aware blueprint helps organizations build secure-by-design AI systems and combat novel threats like prompt injection and data poisoning.
ai-security
The Ultimate Defense Strategy: Mapping MITRE ATLAS to OWASP for LLMs
Bridge the gap between OWASP threats and MITRE ATLAS defenses. A strategic blueprint mapping the OWASP Top 10 for LLMs to specific, actionable MITRE ATLAS mitigations for securing Generative AI.
ai-security
AI Security: Promptfoo, Strix, CAI, and Giskard (Updated)
Discover how Giskard joins Promptfoo, Strix, and CAI to provide continuous, compliance-ready red teaming for enterprise AI agents.
ai-security
Guide: Building Secure Agentic Applications
AI Agents introduce new security risks. Learn how to secure your autonomous AI systems with this architectural guide based on the OWASP Agentic Security Initiative.
ai-security
Slopsquatting: The AI Hallucination That Infects Your Codebase
Discover AI Slopsquatting, the new supply chain attack where AI code assistants hallucinate malicious packages, tricking developers into installing malware.
ai-security
The AI Engine's Exposed Wires: A Practitioner's Guide to MCP Security
Master MCP security threats: RCE, injection attacks, malicious dependencies & data poisoning. Complete defense-in-depth guide for securing AI agents and preventing supply chain attacks.
ai-security
The Prompt That Turns Your AI Coder into a Security Expert
Your AI code assistant is a brilliant, eager, and dangerously naive intern. It's time to give it a security promotion by mastering the art of the secure prompt.
ai-security
Securing Remote MCP Servers with Google Cloud
Secure remote MCP servers on Google Cloud using a defense-in-depth architecture with IAP, Cloud Armor, and IAM.
iam
IAM Is Dead. Long Live IAM for the Agentic Era
Traditional IAM is broken. Discover the new paradigm of Agentic IAM, from DIDs and VCs to dynamic, real-time access control. A CISO's guide to governing your AI workforce.
ai-security
The Clock is Ticking: AI Weaponizes Vulnerabilities in 15 Minutes
Modern AI can turn a vulnerability disclosure into a weaponized exploit in 15 minutes. This CISO's guide unveils the critical risks and provides a blueprint for secure AI adoption.
ai-security
The AI Security Arsenal: AI Security New Tools
Your traditional security stack is blind to AI. This guide, based on industry research, unveils the new arsenal of tools needed to secure your AI ecosystem, from posture management to runtime defense.
ai-security
From Zero to Root: Deconstructing the NVIDIA Triton RCE Vulnerability
A critical RCE vulnerability chain in NVIDIA Triton Inference Server (CVE-2025-23319) allows unauthenticated attackers to take full control. Learn how the attack works and how to defend your AI infrastructure.
ai-security
Your AI Strategy’s Biggest Blind Spot: MCP Vulnerability Scanning
Your AI strategy's biggest blind spot is the Machine Control Plane (MCP). Learn about critical threats like Tool Poisoning and how specialized MCP vulnerability scanning is essential for security.
ai-security
The AI Revolution's Double-Edged Sword: A CISO's Guide to AI Security
AI is your new competitive advantage and your greatest security blind spot. This CISO's guide, based on SANS, NIST, and Tenable research, unveils the critical risks and provides a blueprint for secure AI adoption.
ai-security
RCE in mcp-remote (CVE-2025-6514)
Critical RCE vulnerability (CVE-2025-6514) in Anthropic's mcp-remote exposes developer machines. Learn how attackers can chain exploits to take control and why securing AI agents is paramount.
ai-security
EchoLeak: Zero-Click AI Vulnerability Exposed M365 Copilot Data
Critical EchoLeak zero-click AI vulnerability in Microsoft 365 Copilot (CVE-2025-32711) allowed sensitive data exfiltration without user interaction. Learn how it worked and Microsoft's response.