.@adamshostack - AI and modern tooling are accelerating vulnerability discovery faster than teams can triage them. Creates friction between security & engineering #VulnerabilityManagement #AISecurity #SecureEngineering #SecurityCulture #ThreatModeling shostack.org/blog/vuln-findi…

Have you ever filled out hundreds of security questions for procurement? This discussion between G Mark Hardy and Nate Lee in a recent episode of @cisotradecraft highlights few ways to improve this. #GRC #ThirdPartyRisk #TPRM #DevSecOps #CyberSecurity cisotradecraft.substack.com/…

The new @OWASPGenAISec guide on Secure MCP Development is required reading in 2026. Tool poisoning. Token misuse. Confused deputy. Cross-tenant leaks. Read it before you ship. #MCP #GenAISecurity #MCPSecurity #OWASPGenAI #AgenticAI #AgenticAISecurity genai.owasp.org/resource/a-p…

Security friction isn’t the enemy - meaningless friction is. Friction without context or ownership becomes noise. Security is a culture where teams pause to understand risk, not just tick boxes. Ariel Shin & Rahul Zhade #SecurityCulture #AppSec #DevSecOps appseccouncil.substack.com/p…

Authorization hierarchy decides what an identity can do. For AI agents calling APIs at machine scale, flat scopes = over-privilege and blind spots. @aaguiar from @auth0 details the layers of API Authorization. #APISecurity #AISecurity #ZeroTrust #DevSecOps auth0.com/blog/api-authoriza…

SPIFFE gives each workload a cryptographic identity, enables mTLS, and supports least privilege across distributed AI services. Pablo Diaz from @HashiCorp shows how Identity is the control plane for AI security. #AISecurity #SPIFFE #ZeroTrust #AgenticAI medium.com/@pablogd/identity…

.@TreasureData's Eric Chow shows how agentic TPRM solution uses AI agents automation to parse compliance reports and turn manual reviews into minutes, boosting speed and consistency. #TPRM #CyberSecurity #AgenticAI #RiskManagement treasuredata.com/blog/agenti…

.@GHSecurityLab Taskflow Agent uses AI to automate vulnerability triage, reduce false positives, and help teams find real vulnerabilities faster. This is how we secure AI-generated code at scale. #AISecurity #AppSec #DevSecOps #AgenticAI github.blog/security/ai-supp…

Validate tool-call origin, require consent for invocations, and flush stale context between turns to reduce injection attacks for agents. Clinton Carpene, Alex Rosenzweig @blocks #AISecurity #AgenticAI #Guardrails #ThreatModeling block.github.io/goose/blog/2…

The Agentic Trust Framework applies Zero Trust to agents using continuous identity, behavior, data, & segmentation checks, maturity controls for autonomy. This is how secure agentic AI is governed. @jlwoodruff #AgenticAI #ZeroTrust #AISecurity #DevSecOps cloudsecurityalliance.org/bl…

In AI systems, the prompt is the attack surface. NOVA by @fr0gger_ is a prompt pattern matching engine - lets you hunt and detect suspicious prompts using keyword, semantic, and LLM-based rules. blog.securitybreak.io/introd… #AISecurity #PromptPatterns #DevSecOps #ThreatHunting

AI code generators produce fast results - but they also repeat insecure patterns. Fix it with structured prompt patterns like Anti-Pattern Avoidance and Secure/Insecure Diff. @EndorLabs endorlabs.com/learn/structur… #PromptPatterns #SecureCoding #AISecurity #DevSecOps

Prompt patterns make AI responses predictable and safe. Context engineering = structured prompt blocks hard constraints reusable patterns. Read the research paper here by researchers at Vanderbilt University. #PromptEngineering #AISecurity #AgenticAI dre.vanderbilt.edu/~schmidt/…

From confused deputy to MCP auth flaws, prompt injection, in 2026, we see agentic ops, multi-agent platforms, sandboxes, identity complexity, prompt guardrails, and standardized AI IR. Hiroki Akamatsu shares hi120ki.github.io/blog/posts… #AISecurity #AgenticAI #CyberSecurity #DevSecOps

Clawdbot showed how dangerous exposed AI agents can be. @Cloudflare's Moltworker shows how they should be built. It uses Workers, Sandboxes, AI Gateway, and Zero Trust access to mediate every agent action. blog.cloudflare.com/moltwork… #AISecurity #AgenticAI #CloudSecurity #ZeroTrust

Are your Postgres servers melting down right now? Congratulations AND you need PG Dog - the founder Lev is one of the world's experts at scaling and sharding databases - he did it for Instacart and his software can do it for you. If your replicas are falling behind and your IOPS are pegged, it's time. pgdog.dev/

In Kubernetes, nodes/proxy GET is widely considered “read-only.” But via WebSockets, it can execute commands in any Pod - effectively cluster-wide RCE. Research shared by @GrahamHelton3 in his blog post. #KubernetesSecurity #DevSecOps #CloudSecurity grahamhelton.com/blog/nodes-…

The amount of crap I get for putting out a hobby project for free is quite something. People treat this like a multi-million dollar business. Security researchers demanding a bounty. Heck, I can barely buy a Mac Mini from the Sponsors. It's supposed to inspire people. And I'm glad it does. And yes, most non-techies should not install this. It's not finished, I know about the sharp edges. Heck, it's not even 3 months old. And despite rumors otherwise, I sometimes sleep.

AI agents like Moltbot are always-on control planes connected to real systems and credentials. @pyotam2 and Team found publicly exposed instances with secrets, integrations, and automation workflows. #AgenticAI #DevSecOps #aisecurity #identitysecurity blog.pluto.security/p/clawdb…