@IronCoreLabs profile picture
IronCore Labs @IronCoreLabs

Bringing strong data protection to cloud apps and AI through usable, searchable, data-in-use encryption. @ironcore@infosec.exchange

Joined March 2015
  • Tweets 1,184
  • Following 245
  • Followers 351
342 Photos and videos
Another example in the wild showing how to use IronCore's Cloaked AI to protect vector embeddings and #ai #data. Thanks @hexens! na2.hubs.ly/H05hW690

Encrypted Vector Databases Without Sacrificing Search

A technical deep-dive into cryptographically secure vector databases, covering embedding attacks, why exact distance-preserving encryption fails, and the Scale-and-Perturb scheme

hexens.io
8
ICYMI, here's a recording of our CEO, @zmre's #SnowFroc 2026 talk on #hacking #AI-enabled apps. Some good news buried inside. na2.hubs.ly/H05hX0M0

SnowFROC 2026 - Hacking AI-Enabled Apps

This is a talk that IronCore CEO Patrick Walsh delivered first at t...

youtube.com
19
When it comes to #cryptography, the real trick is handling the encryption keys. It's seemingly simple, but deceptively complex. na2.hubs.ly/H05hX0C0

Key Management Is 90% of the Problem

The world's top cryptographers lost their own election key. Here's why key management, not encryption algorithms, is where the practical problems lie.

ironcorelabs.com
2
1
14
Nice blog post by @IBM and @alexsotob breaking down how approximate distance preserving #encryption (ADCPE) protects data in RAG workflows and #AI. Thank you! na2.hubs.ly/H05hRPG0

Protecting AI embedding vectors by using approximate distance preserving encryption for RAG...

Protect embedding vectors from reverse-engineering attacks using distance-comparison-preserving symmetric encryption (DCPE). Learn to implement DCPE in Java with IronCore Labs Alloy SDK for secure...

developer.ibm.com
1
1
194
End-to-end #encryption provider Seald was acquired and then left U.S. customers in the lurch. EU customers have reason to be worried, too. Here's a look at what to do instead and why it's soo much better. na2.hubs.ly/H03ZXGm0

Seald's U.S. Shutdown: Migration Options

Seald's U.S. shutdown came with little notice, while its European customers get 'alpha' status with no support. Here's a comparison with a better option.

ironcorelabs.com
1
18
With #AI, the situation for data privacy has grown exponentially worse. #Privacy has never been more important or imperiled. Our latest video talks about some ways to counter the problems. na2.hubs.ly/H03F21Y0
11
AI #security risks can be partly mitigated with tools (like Cloaked AI), but that's just one part of the puzzle. You also need to set policy for when it's okay or not to use or enable #AI tools. Our latest blog walks through the #policy here at IronCore: na2.hubs.ly/H03lltn0

AI Coding Agents: Our Privacy Line in the Sand

How IronCore draws the line on AI coding agents: our policies for protecting customer data, secrets, and source code while still leveraging AI's power.

ironcorelabs.com
1
27
Human errors leading to #breaches are at record levels and we have the stats and case studies to prove it. You canโ€™t eliminate mistakes, but you can design for them. Read what 17 billion exposed records taught us about resiliency. #cybersecurity #infosec na2.hubs.ly/H02Bzv_0

One Unchecked Box, One Billion Records: The Human Error Problem

One unchecked authentication box exposed 1 billion Chinese police records. Studies show human error is rising as a cause of breaches. Here's how you can survive mistakes.

ironcorelabs.com
33
Want to see our popular @defcon talk on #hacking #AI, but don't have an hour to spend on YouTube? We just posted all the slides intermingled with the transcript so you can read or skim it. Enjoy! #security #aisec na2.hubs.ly/H02BzF60

Illuminating the Dark Corners of AI (annotated presentation)

Full annotated transcript of my DEF CON 33 presentation on exploiting shadow data in AI models and embeddings. Learn how attackers extract training data, system prompts, and private information from...

ironcorelabs.com
117
#Agentic #AI and #MCP servers are all the rage right now. Vendors are racing to add MCP servers to their stacks and reassure their customers that they are secure. Okay, but are they safe to use? Our latest blog digs in. #cybersecurity #security #aisec na2.hubs.ly/H02795l0

MCP Servers Are Electric

MCP servers promise magic, but one prompt can blow up your GitHub, Salesforce, or entire stack. Here's why LLM integrations are far more dangerous than vendors admit.

ironcorelabs.com
47
Our CEO, @zmre, will be presenting next week at the @owasp @appsecusa conference demonstrating how AI systems leak data, including some new demos exploiting MCP servers. na2.hubs.ly/H01RSVJ0 #cybersecurity
2
114
New blog! Covers how encrypted models can overcome the enterprise prohibitions on using their data to train models, which is a major barrier to adoption of new #AI features. na2.hubs.ly/H01RNKv0 #encryption #privacy #cybersecurity

Privacy-Preserving AI: The Secret to Unlocking Enterprise Trust

Enterprises are blocking vendors from training AI on their private data. Learn how privacy-preserving tech like encrypted models can restore trust, win deals, and enable AI features.

ironcorelabs.com
1
1
51
The lineup of talks and speakers at this year's @lasconatx in #Austin looks fantastic. Our own @zmre will be there talking on Friday on the Hidden Risks of Integrating AI. Drop in and say hello! #aisec na2.hubs.ly/H01K45x0
1
126
Our #defcon 33 talk is now available: Exploiting Shadow Data in AI Models and Embeddings (demos included). Enjoy! #aisec #security na2.hubs.ly/H01J7CC0

DEF CON 33 - Exploiting Shadow Data from AI Models and Embeddings -...

This talk explores the hidden risks in apps leveraging modern AI sy...

youtube.com
1
4
212
While everyone focuses on Salesloft, they're missing the deeper points. #Security teams need to talk to their vendors about those OAuth tokens or this will keep happening. na2.hubs.ly/H010P2W0

The Terrifying Takeaways from the Massive OAuth Breach

Massive Salesforce, Google & Salesloft hacks expose OAuth risks. Learn why tokens are dangerous and how SaaS vendors are screwing up security.

ironcorelabs.com
36
IronCore is proud to be named a Gartner Cool Vendor in the just released "Cool Vendors in Data Security 2025: Securing Your Data in the Age of GenAI and Quantum Computing" report! Here's the link if you're a client: #cybersecurity #genai #encryption hubs.ly/Q03FV8JZ0

Cool Vendors in Data Security 2025: Securing Your Data in the Age of GenAI and Quantum Computing

Gartner Research on Cool Vendors in Data Security 2025: Securing Your Data in the Age of GenAI and Quantum Computing

gartner.com
1
62
New blog out covering trends we're seeing in #SaaS #security and specifically the increase in push for advanced #encryption from financial sector companies. hubs.ly/Q03FRSP30

The Rapid Evolution of Bank-Grade SaaS Security

Financial institutions are demanding SaaS vendors adopt application-layer encryption and hold-your-own-key solutions. Here's what's driving the increase in pressure.

ironcorelabs.com
31
What do you need to #hack AI? Just a little persistence. Built-in #AI controls are not #security and should never be trusted as such. Read our new blog explaining what we mean: hubs.ly/Q03zTGXg0

When Randomness Backfires: Security Risks in AI

LLMs produce different results every time and sometimes those results are outliers that can be used by hackers to exploit systems.

ironcorelabs.com
30
IronCore has just announced its ability to #encrypt training data and use that encrypted data to build models, which can only be run with the proper key. Bring your own #AI framework, only with #privacy and #security layered in. hubs.ly/Q03wKyrB0
1
3
70
Why DCPE may be the best option for securing AI data while NIST #standards for privacy-preserving #encryption remain years away. hubs.ly/Q03vflTY0

Vector Encryption, AI, and the Slow Pace of Standards

Why DCPE may be the best option for securing AI data while NIST standards for privacy-preserving encryption remain years away.

ironcorelabs.com
1
31
Load more