Ideas, Observations & Stories in Cybersecurity
Introduction In the previous post, we covered indirect prompt injection — where an attacker embeds malicious instructions inside documents your RAG pipeline retrieves. By itself, that’s already a serious problem. But what happens when your system isn’t a single AI assistant? What happens when it’s a network of autonomous agents — each specializing in a…
Introduction If you’ve been following this series, you already know what prompt injection is and why it’s dangerous. But direct prompt injection — where a user manipulates the model through the chat interface — is only the tip of the iceberg. Indirect prompt injection is where things get really scary for enterprise applications. And nowhere…
If you’ve been in application security for any amount of time, you’ve seen this pattern before. A new technology arrives. Developers adopt it fast. Security teams scramble to catch up. And in the gap between adoption and understanding, attackers find a comfortable home. We saw it with cloud misconfigurations. We saw it with GraphQL. We’re…
Every organization today claims to follow a Secure SDLC. And yet, vulnerabilities still reach production — not rarely, but routinely. Not exotic zero-days. Not nation-state exploits. But basic, structural flaws that should never have existed in the first place. So the uncomfortable question is not whether Secure SDLC exists.It’s whether it actually works the way…
After completing CSSLP, I wanted to take a step beyond technical depth and build leadership skills — GSLC was a natural choice, and here I am after successfully clearing the GIAC Security Leadership (GSLC) certification. GSLC is not just another cybersecurity certification. It is a leadership-focused credential designed to validate a security professional’s ability to…
When I saw the “Pass” result for the CSSLP exam, my first reaction wasn’t excitement. It was relief. And then — clarity. CSSLP wasn’t just another certification to add to my profile. It was a mirror held up to my career, forcing me to confront how often security is treated as an afterthought, a patch,…
