Blog

Executive summary Enterprises are racing to adopt AI coding agents like Claude Code to accelerate development, improve code quality, and automate maintenance tasks. But running these agents directly on developer laptops or shared workstations quietly reshapes your threat model. You are no longer hardening a human with tools; you are giving a semi-autonomous process broad, continuous access to endpoints, credentials, and networks at machine speed. On a typical enterprise laptop, an AI coding agent can execute shell commands, install packages, run arbitrary code, talk to your host Docker daemon, touch production-like data, and probe every file and credential within reach. Even if the model is benign and your vendor is trustworthy, this is still an avoidable expansion of attack surface. Misconfiguration, prompt injection, compromised dependencies, or simple agent mistakes can all turn that power into damage. ...

Introduction AI agent skills promised to revolutionize productivity—plug-and-play instructions that let your agents book meetings, query databases, or access 1Password vaults. These modular capabilities, distributed through marketplaces like ClawHub and OpenClaw, offer the same convenience that npm and PyPI brought to software development. Organizations rushed to adopt these skills, integrating them into workflows with minimal vetting, trusting the marketplace ecosystem to ensure quality and security. But research reveals a darker reality: 36% of skills in these marketplaces contain vulnerabilities, and hundreds harbor active malicious payloads. Unlike traditional software supply chain attacks that target static packages, agent skills operate dynamically at runtime, executing natural language instructions that evade conventional security tools. This new attack vector combines the weaponization potential of software supply chain compromises with the unique exploitability of AI systems, creating a threat landscape that defenders are only beginning to understand. ...

Building Workforce Security Guardrails Without Slowing Engineers When workforce security depends on humans saying yes or no to every access request, it doesn’t scale — it collapses. Approval queues balloon, context gets lost, and engineers either wait or work around controls. The result is the same: more risk, not less. This post is a practical, architecture-focused look at how to design guardrails instead of gates — so security becomes part of the system, not a bottleneck. ...

The Fatal .env Files Breach: How 230 Million AWS Environments Were Compromised In early 2024, the cloud security community was rocked by one of the largest and most concerning breaches in recent history. Attackers systematically compromised over 230 million AWS environments by exploiting a deceptively simple vulnerability: publicly exposed .env configuration files containing sensitive credentials. What made this breach particularly alarming wasn’t sophisticated zero-day exploits or advanced persistent threat techniques, but rather how attackers leveraged basic security architecture flaws to devastating effect. ...

Sigma Rules Decoded: Building Effective Threat Detection at Scale Every SOC leader I’ve spoken with says the same thing: we’ve spent millions on SIEM, yet attackers still slip through. The missing link? Detection engineering as a discipline. With threats evolving faster than ever, detection stands as the first line of reliable defense. Yet despite significant investment in Security Information and Event Management (SIEM) platforms, many organizations still struggle to implement detection rules that actually catch attackers. The gap isn’t in the technology, it’s in the implementation. ...

From Blind Spots to Insights: The CDM Revolution In the complex world of cybersecurity, traditional point-in-time security assessments have become dangerously insufficient. Organizations receive a “clean bill of health” that offers false comfort right up until the inevitable breach occurs. The harsh reality? These breaches often exploit vulnerabilities that existed during the last assessment that gave the all-clear. Continuous Diagnostics and Mitigation (CDM) is emerging as the solution to this fundamental flaw in our security approach. By shifting from intermittent testing to constant visibility, CDM aligns with NIST frameworks to provide actionable insights in real-time, preventing the most common enterprise security blind spots that lead to devastating breaches. ...

The Secret Weapon of Security Code Reviews In analyzing major breaches over the past year, a striking pattern emerges: 4 out of 5 major security incidents could have been prevented with proper security code reviews. While the cybersecurity industry chases the latest EDR tools, threat intelligence platforms, and zero-day vulnerability scanners, we’re collectively overlooking one of the most foundational security controls—manual security code reviews. Tip: A hybrid approach is highly effective—automated tools catch repetitive or technical issues efficiently, while manual reviews excel at evaluating logic, architecture, and business context.(aikido.dev) ...

SolarWinds: The Supply Chain Attack That Rewrote Trust In December 2020, cybersecurity professionals worldwide faced a sobering reality: one of the most sophisticated supply chain attacks ever seen had been silently compromising organizations for months. The SolarWinds breach wasn’t just another headline, it represented a fundamental shift in how we must think about security architecture and trust relationships in the software supply chain. The attack revealed a devastating vulnerability in how organizations implicitly trust software from vendors, particularly updates and patches. By poisoning legitimate software at its source, attackers bypassed traditional defenses and gained privileged access to thousands of organizations, including multiple U.S. government agencies and Fortune 500 companies. This incident forces us to reconsider our security architecture principles for an era where trust itself has become weaponized. ...

From Engineer to Business Security Partner: Bridging the Technical–Business Gap Technical skills alone won’t get you into leadership. Many brilliant engineers master firewalls, clouds, and malware, but still wonder why their recommendations don’t get funded. The blocker isn’t skill, it’s translation. If your message lands as CVEs and controls while the business speaks in customers, revenue, and runway, the best architecture in the world won’t get funded. This post builds on my recent LinkedIn reflection with a deeper dive into how to shift from technical expert to trusted business partner. ...

The Hidden Cost of Bad Data Classification In the world of cybersecurity, millions are spent on sophisticated tools and controls to protect sensitive data. Yet these investments frequently underperform for one fundamental reason, organizations cannot properly classify what they’re trying to protect. Data classification serves as the foundation upon which all security decisions are built, yet it’s often reduced to a mere compliance checkbox. As a component of the Asset Security domain in CISSP frameworks, data classification represents the critical first step in determining how resources should be allocated to protect information. When done poorly, it creates a dangerous disconnect between security efforts and business reality - leading to either wasteful overprotection or dangerous under protection of critical assets. ...