Writing
Notes on AI security, SOC, and the bridge between them
Working notes from active adversarial testing, defensive operations, and a career split between two security communities that should be talking to each other and mostly aren't.
-
Detecting Prompt Injection: The Playbook Your SIEM Doesn't Have Yet
Prompt injection is succeeding in production right now, and most SOCs can't see it. Why traditional detection primitives partially-fail, three places where they can work, and what's still hard.
-
The Bridge — Why AI Security Needs SOC People, and SOC Needs AI Red Teamers
Two communities that should be talking to each other are mostly not. Here's what each side is missing — and what bridging them looks like in practice.
Want a heads-up when I publish a new post? Drop a line through the contact form with "subscribe" in the subject and I'll send a one-line email when something new is up. Or subscribe via RSS. No newsletter platform, no spam, no algorithm.