AI Security Blog
Session recaps and replays, guest posts, and notes from the people defending AI.
Stop Slowing Down AI. Your Security Team Should Be Leading It.
Raj Umadas on why security teams should lead AI adoption — not gatekeep it. Builders first, default to yes, and the mechanics that actually close the find/fix gap.
JUNE 4, 2026Is Your LLM Lying to You? What Testing 21 Models Revealed
Scott Bly built Hermia, an open-source LLM eval framework, and ran 21 models across three inference backends. The results break a few assumptions security teams are still operating on.
MAY 28, 2026Kin Lane: A $125K AWS Bill, Overnight
Kin Lane woke up to a $125,000 AWS bill. The story isn't about the money — it's about how a single exposed credential turned into six figures of damage in under eight hours.
MAY 21, 2026AI Agents Don't Use Your App. They Hit the API.
A conversation with Darren Shelcusky on what changes when the caller isn't a person — and why a decade of security investment sits at the wrong layer.
MAY 18, 2026Two AI Attacks in One Week. The Defensive Playbook Just Broke.
Apple's MIE walked around in five days. The first AI-built zero-day shipped against a real target. The disclosure-and-patch cycle was calibrated to an attacker that doesn't exist anymore.
MAY 12, 2026MCP Just Got Its First Real Attacks. The Pattern Behind Them Is Worse.
Two pieces of MCP attack research landed this week. Both reproducible. Both pointing at the same design flaw in how agentic coding tools handle trust.
AI security, in your inbox weekly
Session recaps, new course drops, and the week's most important AI-security research — no noise.