March 2026 - IOSEC.IN

Cyber Security

Security as Code: Getting Started with OPA and Rego — Part 1

Why Security Policies Belong in Code — Not Documents Security policies have traditionally lived in documents — PDFs, wikis, and runbooks that describe what should happen. Engineers read them sometimes, interpret them inconsistently, and implement them manually. The gap between documented policy and enforced reality is exactly where breaches are born. Security as Code closes…

Shekhar Suman014 mins

AI

1 week ago

AI Is Flooding Open Source — And Most of It Won’t Survive (2026)

The Pattern Has Been Here Before When AWS made servers cheap, everyone became a cloud startup. When no-code tools made apps cheap, everyone became a founder. Now AI has made writing software cheap — and everyone has become an open source maintainer. The result is the fastest expansion of GitHub repositories in its history. Most…

Shekhar Suman08 mins

AI Is Flooding Open Source — And Most of It Won’t Survive (2026)

OT Security

2 weeks ago2 weeks ago

CVE-to-OT Impact Translator – COIT

Why NVD Lies to OT Engineers — And the Tool Built to Fix It There is a question every OT security engineer has asked at least once, usually at 11pm after a vendor advisory lands in their inbox. “This CVE is a 10.0. But what does that actually mean for my plant?” The answer NVD…

Shekhar Suman016 mins

AI

2 weeks ago2 weeks ago

LANCE: An Open Source Framework for Automated Red Teaming of LLMs (2025)

Every New Attack Surface Arrives Before the Tooling Does SQL injection was being exploited in production years before parameterised queries became standard. Cross-site scripting tore through the early web while developers were still debating whether it was really a vulnerability. Insecure deserialization, XXE, SSRF — each one went through the same cycle: technique emerges, attackers…

Shekhar Suman012 mins

AI

2 weeks ago

Jailbreaking vs. Prompt Injection: Same Problem, Different Names — Or Is It?

Introduction If you’ve been reading this series, you’ve heard both terms. They get used interchangeably in the press, in vendor marketing, and honestly, in a lot of engineering slack channels. But jailbreaking and prompt injection are not the same thing — and conflating them leads to defenses that protect against one while leaving you completely…

Shekhar Suman012 mins

AI

3 weeks ago3 weeks ago

End-to-End LLM Security Architecture: How All the Defenses Fit Together

Introduction If you’ve followed this series from the beginning, you’ve seen the full attack landscape: direct prompt injection, indirect injection through RAG pipelines, and multi-agent cascades where a single poisoned document can ripple across an entire agent network. Each post ended with defenses specific to that attack. But defenses in isolation don’t make a security…

Shekhar Suman028 mins