Security

Over the past ten years, I’ve spent considerable time and energy trying to shorten critical time gaps. The time it takes attackers (the good kind) to find bugs, defenders to mitigate, and responders to act when things go sideways. This has always been about data—getting the right people the right information at the right time. I’ve built systems designed to reduce friction, perform the drudgery that bug hunters do at scale (before AI made this interesting), and tackle attack surface problems before ASM was a thing. In every case, success hinged on that fundamental principle: right people, right data, right time. ...

This concludes our two-part exploration of evolving from intuition-based to evidence-based prompt engineering. Read Part 1 for the context and methodology behind these findings. The Real Results: Validating and Expanding “Curious Case” Findings After fixing the flag format bias and running the complete four-strategy comparison across all models, the results were definitive - and they validated the core insight from “The Curious Case of the Thinking Machine” while revealing much broader patterns: ...

This continues my exploration of AI-assisted development workflows, building on insights from Making Security Ambient and the practical lessons learned from daily Claude Code usage. The Evolution of AI-Assisted Development The progression has been fascinating to observe—and participate in. We started with simple one-shot prompts: “Generate this function.” Then we got smarter about light planning, adding some structure to our requests. From there, we developed systematic AI-assisted workflows like the /plan-task approach I’ve written about, where architectural guardrails transform unpredictable AI assistance into something more craftsperson-like. ...

In the previous article on Beyond Comprehensive Context, I explored how AI-assisted development revealed challenges with comprehensive documentation and token efficiency. What follows are my approaches for memory optimization that emerged from daily use—not as a definitive solution, but as a possible option. The Layered Memory Paradigm What I’ve discovered through daily practice is that Claude Code’s memory system reveals something pretty cool about how expertise actually functions. The system’s three-layered structure mirrors the way I think about knowledge—from universal principles to contextual applications. ...

In this world of vibe-coding—where developers “fully give in to the vibes” as Andrej Karpathy put it—I’ve been exploring ways to integrate essential security thinking into this new workflow paradigm without sacrificing the speed and flexibility that makes AI-assisted coding so powerful. The Security Dilemma in Vibe-Coding Vibe-coding represents a fundamental shift in how software gets built. Instead of meticulously crafting each line, developers describe what they want and let AI generate the implementation. While this approach dramatically accelerates development, it creates blind spots around security considerations that traditional manual code reviews would catch. ...

This is Part 2 in a two-part series. Read Part 1: Bridging the Cognitive Gap Introduction LLMs don’t reason. They don’t intuit. They don’t understand risk or strategy. But they are changing how work gets done — fast. From summarizing alerts, drafting recon reports, or reverse engineering malware with tools like GhidraMCP, these agents are delivering value in surprising places. Connected Workflows: Beyond Single-Tool Interaction The most promising developments come from connecting these tools into seamless workflows. Projects like NERVEdemonstrate the power of LLM-coordinated security tools, where a natural language request triggers multiple tools in sequence without requiring manual intervention at each step. ...

Large language models (LLMs) are rapidly becoming integrated into cybersecurity workflows, with systems now able to execute reconnaissance, analyze configurations, or detect potential vulnerabilities with increasing competence. Recent models such as OpenAI’s o1 and Google’s Gemini 2.5 have introduced internal deliberation loops, longer context management, and structured reasoning prompts to expand what models can handle. But something still feels incomplete. Security expertise lives in the gray areas: when to follow a hunch, what a naming convention might imply about infrastructure design, when a redirect chain is just odd enough to be worth digging into. We try to codify these things — through system prompts, retrieval systems, or agent workflows — but what we’re really doing is projecting structure onto a system that lacks true comprehension. ...

In the rapidly evolving landscape of AI-driven cybersecurity, an interesting truth emerges: as automation capabilities increase, the value of human judgment becomes not diminished but amplified. This third installment of our series explores why the “human-in-the-loop” approach remains indispensable despite remarkable advances in AI technologies. The Fundamental Limitations of Current Agentic AI Systems The current generation of AI-driven security tools, particularly agentic systems that attempt to autonomously plan and execute tasks, face significant challenges in security contexts where precision and reliability are non-negotiable. ...

A Practical Interlude in My Cybersecurity AI Series I’m excited to share my new Censys MCP tools module that demonstrates how AI capabilities can enhance security workflows when guided by domain expertise. My previous articles here and here explored how the integration of human insight and AI will shape security’s future, introducing the hacker-strategist archetype and examining prompt engineering’s strategic dimensions. Today, I’m offering a practical example connecting those concepts through a project that brings natural language interfaces to OSINT workflows. ...

In our previous exploration of cybersecurity’s AI-driven evolution, we examined how automation is reshaping our field and giving rise to a new type of professional—the hacker-strategist. Now I want to delve deeper into perhaps the most critical skill this hybrid role demands: prompt engineering. The Strategic Dimension of Prompt Engineering Prompt engineering in cybersecurity transcends the technical mechanics of crafting effective AI queries. It represents a fundamental shift in how security expertise is applied. As routine analyses become increasingly automated, the most valuable security professionals will be those who can leverage AI capabilities effectively—knowing when to use one-shot prompts, when to build multi-step workflows, and when to deploy more complex agentic solutions—all while maintaining the creative, boundary-testing mindset that has always characterized our field. ...