tl;dr sec

tl;dr sec

Keep up with Cybersecurity in 7 min/week. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

Connect

Featured Posts

PodcastPodcast
Google Cloud CISO: Shift Down not Left, 4 ways Google uses AI for Security (with Phil Venables)

Google Cloud CISO: Shift Down not Left, 4 ways Google uses AI for Security (with Phil Venables)

Moving from artisanal to industrial security at scale, and how Google uses AI for reversing malware, analyzing hacker videos, fuzzing, and more

Clint Gibler
Phil Venables
Clint Gibler, +1
BlogBlog
Security for High Velocity Engineering

Security for High Velocity Engineering

Strategy and Tactics for Protecting and Enabling Modern Software Organizations

Jason Chan
Jason Chan
BlogBlog
Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

A threat-informed roadmap for securing Kubernetes clusters

Christophe Tafani-Dereeper
Christophe Tafani-Dereeper
BlogBlog
How to securely build product features using AI APIs

How to securely build product features using AI APIs

A Practitioner’s Guide to Consuming AI

Rami McCarthy
Rami McCarthy
BlogBlog
AI and Machine Learning in Cybersecurity

AI and Machine Learning in Cybersecurity

An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.

Clint Gibler
Clint Gibler
What I Learned Watching All 44 AppSec Cali 2019 Talks

What I Learned Watching All 44 AppSec Cali 2019 Talks

2 Days | 4 Rooms | ~32 Hours of Talks

Clint Gibler
Clint Gibler

Archive

NewsletterNewsletter
[tl;dr sec] #321 - Sandboxing AI Agents, Trivy Compromised, Pentesting AWS' AI Pentester

[tl;dr sec] #321 - Sandboxing AI Agents, Trivy Compromised, Pentesting AWS' AI Pentester

Sandbox approaches by NVIDIA and Niel Provos, moar supply chain compromises, vulnerabilities in AWS Security Agent

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #320 - Ramp's Security Agents, How Datadog Caught Malicious OSS Contributions, Obliterating Model Refusals

[tl;dr sec] #320 - Ramp's Security Agents, How Datadog Caught Malicious OSS Contributions, Obliterating Model Refusals

How Ramp fixed ~100 security issues in 6 days, detecting and mitigating GitHub supply chain attacks, two tools to automatically remove censorship from models

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #319 - AI is Eating Security, BSidesSF & RSA, Claude Finds Firefox 0-days

[tl;dr sec] #319 - AI is Eating Security, BSidesSF & RSA, Claude Finds Firefox 0-days

What does security look like in 5 years? Let's hang out in San Francisco and avoid badge scans, Opus 4.6 finds 22 vulns and auto-writes 2 exploits

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #318 - Unprompted Talk Summaries, AI Bot Hacking GitHub Actions, AI Skills & Semgrep Rules

[tl;dr sec] #318 - Unprompted Talk Summaries, AI Bot Hacking GitHub Actions, AI Skills & Semgrep Rules

Slides + notes for the CodeMender and AI for Shai-Hulud response talks, an AI bot was autonomously hacking GitHub Actions, security-focused Skills and AI anti-pattern Semgrep rules

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #317 - 100+ Kernel Bugs in 30 Days, Secret Scanning, Threat Actors Stealing Your PoC

[tl;dr sec] #317 - 100+ Kernel Bugs in 30 Days, Secret Scanning, Threat Actors Stealing Your PoC

$600 finds more 0-days in Windows kernel drivers that you can shake a stick at, secret scanners, benchmarks, and improvements, Cline compromised by someone snooping on a researcher's testing

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #316 - How Trail of Bits uses Claude Code, GitHub Threat Intel, Open Source AI Pentesting Tools

[tl;dr sec] #316 - How Trail of Bits uses Claude Code, GitHub Threat Intel, Open Source AI Pentesting Tools

Extensive guide on being a Claude Code power user, tracking threat actors on GitHub, open source AI-powered pentesting tools

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #315 - Securing OpenClaw, Top 10 Web Hacking Techniques of 2025, Discovering Negative-Days with LLMs

[tl;dr sec] #315 - Securing OpenClaw, Top 10 Web Hacking Techniques of 2025, Discovering Negative-Days with LLMs

Minimal OpenClaw alternatives, scanning tools, and hardening guidance, PortSwigger's curated top web hacking techniques, open source GitHub Action to flag commits fixing vulnerabilities before they get a CVE

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #314 - ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure

[tl;dr sec] #314 - ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure

ClawdBot vulns, tools, and Skill scanners; measuring security with scorecards; new open-source framework mapping 70+ attack techniques across the SDLC

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #313 - MCP Security Hub, IDE-Shepherd, Plaid's Security Pipeline as Code

[tl;dr sec] #313 - MCP Security Hub, IDE-Shepherd, Plaid's Security Pipeline as Code

MCP servers for offensive security tools, Datadog's IDE extension to protect against malicious IDE extensions, how Plaid scales security scanning across 100s of services

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #312 - The Industrialization of Exploit Generation, macOS EDR Evasion, Hacking the AWS Console

[tl;dr sec] #312 - The Industrialization of Exploit Generation, macOS EDR Evasion, Hacking the AWS Console

Generating 0-day exploits with Opus 4.5 and GPT-5.2, blind spots for EDRs on macOS, supply chain vuln that enabled compromising the AWS Console

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills

[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills

Slack's AI agent system to optimize security alert investigations, deep dive into cloud-native detection engineering, ToB's open source Skills for security research, vulnerability detection, and audit workflows

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #310 - Vulnerable MCP Labs, Pathfinding.cloud, Prompt Injection Taxonomy

[tl;dr sec] #310 - Vulnerable MCP Labs, Pathfinding.cloud, Prompt Injection Taxonomy

9 vulnerable MCP servers to learn how to pen test AI agent infra, a knowledge base of 65+ AWS IAM privilege escalation paths, Jason Haddix's open-source classification system for LLM prompt injection attacks

Clint Gibler
Clint Gibler
FirstBack
12345678
Next Last