Joined April 2014
- Tweets 11,286
- Following 1,361
- Followers 977
- Likes 34,898
1,611 Photos and videos
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 15
🤓 Soon enough (if not already), you will have to investigate AI breaches and answer these questions:
How do you hunt for adversarial prompts?
How do you investigate a breach in your AI agent's execution?
How do you detect that your agent has been compromised?
I have been working on these topics for a while and I have already investigated multiple agent compromises.
Now it is time to make this into a formal security practice!
4
24
100
5,848
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 15
OpenGridWorks 📍
A fascinating map of power infrastructure, substations, transmission lines, power plants, data centers, and more: all visualized in one place.
Definitely worth exploring if you’re into infrastructure, energy, OSINT, or critical systems.
Source: opengridworks.com
4
29
134
8,772
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 15
AI agents should not get a blank check to your Microsoft 365 tenant.
That is why I added Guardrails to Lokka.dev (my Microsoft Graph MCP server).
Lokka lets you use AI to query and manage Microsoft Graph, but once an agent can call real APIs, you need a way to decide where the boundaries are. Graph permission scopes are too broad.
Guardrails lets you control what model-driven tool calls are allowed:
✅ Allow or block HTTP methods like GET, POST, PATCH, and DELETE
✅ Restrict allowed Microsoft Graph API paths
✅ Scope access to specific resources, such as only certain groups, users, sites, apps, or devices
✅ Apply rules globally or per tenant
✅ See exactly which rule blocked the last request
The nice bit: when a request is blocked, Lokka remembers why. Open Lokka Guardrails and it takes you to the right place, explains what happened, and gives focused options to fix it.
This is still experimental, but it feels like an important step toward making AI admin tools safer and more understandable.
PS Guardrails are off by default. Try it out and let me know.
What would you like to see as the default config for Lokka Guardrails?
Should I turn on guard rails by default and only allow GET and POST requests and disabling the others (especially DELETE)?
#MicrosoftGraph #Azure #Microsoft365 #MCP #AI #EntraID #SysAdmin #DevTools
4
7
71
5,929
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Hardening Intune, by @Carlos_Perez
Part 1: The Privileged Roles Nobody Talks About trustedsec.com/blog/the-priv…
Part 2: The Implementation Guide trustedsec.com/blog/hardenin…
30
108
6,967
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 14
MCP is moving from 'cool agent connector' to enterprise integration layer. Microsoft just made MCP servers first-class citizens in Azure API Management, including:
- Productize access
- Observe tool calls
- Version safely
- Automate with API/IaC
This is the API management playbook for agentic AI in the Microsoft ecosystem.
techcommunity.microsoft.com/…
3
10
48
3,502
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 12
anthropics/defending-code-reference-harness: Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize github.com/anthropics/defend…
11
53
2,666
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 13
CISO 2.0
The Chief Information Security Officer role is fundamentally shifting from dealing with what they have to actively shaping business strategy.
What does this mean and how are leading security teams navigating this change?
philvenables.com/post/ciso-v…
2
32
103
5,584
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 12
Intune has no built-in backup. I wrapped IntuneManagement by @Micke_K_72 into a GitHub template repo for daily automated backups - full change history via commits, point-in-time releases, all free.
sastu-insights.com/posts/Aut…
#MSIntune #GitHub #PowerShell
4
13
128
7,502
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 12
Folks, I just released Lokka 2.0 today!
The world's first Microsoft Graph MCP server is now a full blown MCP App.
First up multi-tenant support. You can now sign into more than one tenant.
What does it mean?
1/16
13
39
211
17,787
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 11
CISA tells govt agencies to patch critical exploited flaws in 3 days
bleepingcomputer.com/news/se…
bleepingcomputer.com/news/se…
2
34
86
11,665
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 10
Microsoft just dropped the biggest Patch Tuesday in 23 years.
malwarebytes.com/blog/bugs/2…
7
40
166
20,378
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 9
"We want to defend the EDR as well. We specifically have an entire piece of our product designed to stop EDR killers from ever running." - Jose Hernandez, Prevention Lab LIVE · Episode 1
Today on Prevention Lab Live, Jose and Mike took us back to where it all started, from LOLDrivers and LOLRMM to the moment it became clear that the gap nobody wanted to touch was right there in plain sight: tools that aren't malicious by nature, but malicious by use.
More than 10,000 researchers looking for answers. Community collaborations. Years of open source intelligence. All of it pointing to the same problem and the same solution.
Watch complete live: youtube.com/watch?v=220fVOS0…
1
8
19
5,926
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 8
Discovery of N-day vulnerabilities are largely solved at scale by the Mythos and Opus models, for both proprietary and open-source software.
It’s time to seriously rethink vulnerability disclosure and time-to-fix timelines. Cascading effects across the software supply chain are becoming a serious bottleneck.
Jun 8
Frontier models are also really good at finding and exploiting n-day vulnerabilities, doing so on timescales of hours. Read about some recent work from my team studying these capabilities! red.anthropic.com/2026/n-day…
5
26
99
22,485
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
ServiceNow discloses security incident exposing customer data
bleepingcomputer.com/news/se…
bleepingcomputer.com/news/se…
6
90
263
42,986
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 8
Hi, I’m hiring a Director of Detection Engineering and Threat Hunting. It’s my role, so if your work history is like mine you might be a good candidate.
Read more: job-boards.greenhouse.io/hun…
9
44
157
27,091
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 8
Microsoft Defender now monitors RPC activity techcommunity.microsoft.com/…
1
18
107
11,511
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 7
Week 23 - 2026 #DFIR
thisweekin4n6.com/2026/06/07…
1
10
19
973
Kyle - chaoticflaws.bsky.social 🇺🇦 retweeted
Jun 6
We're dropping our first cloud intrusion case next week in Threat Hunting Labs, based on an AWS intrusion.
In the meantime, if you want to explore our new threat hunting playground, there's no better time, as we just added Azure Log Analytics as a platform option 😊👇
🎉Azure Log Analytics is now available in the Threat Hunting Playground!
Provision an Azure lab environment and query the workspace directly from the search console. Same workflow as the Elastic and Splunk setups.
See 👇
1
6
61
11,973
.@Volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances. VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN.
For more details on how the incident unfolded, the malware used by the threat actor, and the end goal of the intrusion, check out the full blog post: volexity.com/blog/2026/06/04…
#dfir
22
49
22,904