[tl;dr sec] #284 – Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI

During RSA week I had the pleasure of interviewing Phil Venables (former Google Cloud & Goldman Sachs CISO) on effectively scaling security programs, how Google leverages AI for security, and more.

• The challenge of scaling security from artisanal to industrial

• Moving from lagging to leading indicators in cybersecurity

• 4 ways Google uses AI for security

• What’s under- and over-hyped in AI

Or watch our discussion here.  

AI adoption is accelerating—and new research shows most security programs are still working to catch up.

Wiz’s latest guide, AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders, explores how organizations are approaching AI security today, where the biggest gaps exist, and what actions leading teams are taking to reduce risk.

Data on how organizations are adopting and securing AI 
Strategies teams are using to manage shadow AI and visibility gaps
A maturity model to benchmark your organization’s progress 
Practical next steps to close the AI risk gap

Get a clear view into how real teams are securing AI in the cloud.

1. Lifecycle & Orphaned Transitions Flaws

2. Logic Bomb, Loops and Halting Issues

3. Data Type Smuggling

4. Sequential State Bypass

5. …

Cybersecurity (Anti)Patterns: Frictionware
Eugene Lim shares his thoughts on building effective cybersecurity solutions, and common problems. He emphasizes the importance of reducing friction in the onboarding process by leveraging existing systems: ideally you can roll out additional security controls invisibly to end users. Manual intervention required → resourcing requirements scale with the size of your user base. Integrate with existing workflows and tools (where are developers already sending logs? → build security stack on top of that).

Eugene gives a nice example at the end on how requiring SSO for devs to use Cloudflare allowed them to get visibility into new domains, which they could then auto-enroll in their domain monitoring tool to detect potential subdomain takeovers.

Kelly Shortridge: “Every hardening guide recommendation is a missed opportunity for a safer default”

Permiso Discover is an identity inventory and visibility tool for human, non-human, and AI. Starting today, you can join the waitlist to gain early access to this powerful platform that helps you discover, classify and manage your identity attack surface effectively.

The waitlist gets you early access to Permiso Discover and an instant tour of the full Permiso Platform, a genuine cloud and on-prem security product built by the team that responded to history’s worst identity-based breaches.

Identity is one of those key fundamentals that’s tough to get right, but super powerful when you do  

Threat Technique Catalog for AWS
AWS has released a Threat Technique Catalog for AWS, describing techniques used by threat actors to exploit security misconfigurations or compromised credentials in customer AWS environments. The catalog is based on MITRE ATT&CK and includes AWS-specific techniques, CloudTrail event names, and mitigation recommendations observed by the AWS CIRT during real security incidents.

Key mitigations: Add conditions to role trust policies to restrict which trust anchors can assume a given role, use ACM Private CAs as trust anchors, and monitor Roles Anywhere resources closely.

GerriScary: Hacking the Supply Chain of Popular Google Products
Impressive find by Tenable’s Liv Matan: a vulnerability in Google’s Gerrit code-collaboration platform, which allowed unauthorized code submission to at least 18 Google projects including ChromiumOS, Chromium, Dart and Bazel. Read the post for a great walk through, but basically Gerrit has an insecure default permission such that an attacker could add malicious code to an already approved change, and potentially then win a race condition in the commit queue process to have it merged in.

Write-ups like this are a great example of really understanding permissions and the state flow of a system. Awesome.

Introducing: GitHub Device Code Phishing
Praetorian’s John Stawinski, Mason Davis, and Matt Jackoski describe a new phishing technique called “GitHub Device Code Phishing” that exploits GitHub’s OAuth2 device flow, like people have been doing in Azure Active Directory (AAD) device code phishing. The attack involves generating a device code, convincing the target to authenticate it, retrieving the resulting OAuth token, and using it to access repositories, secrets, and CI/CD systems. Unfortunately you currently can’t disallow or disable the OAuth 2 Device Flow on GitHub organizations or GitHub Enterprise, but the post concludes with some detection options.

They also built GitPhish, an automated tool that generates device codes on-demand and delivers them via professional GitHub Pages sites, which they’ll be making public on June 26.

The methodology is interesting: they were able to use raw browser traffic from Assetnote to generate HTTP Archive (HAR) files, parse the JS bundles with Rust AST (not regex), extract package names, and then register those names with Depi. Many modern sites dynamically load additional JavaScript, so if you only scrape them without using a headless browser, you miss valuable context.

sgInnora/sharpeye
By Innora: A Linux intrusion detection and threat hunting system that uses analytics, machine learning, and behavior-based detection to identify and alert on suspicious activities, potential compromises, and security threats in real-time. Its detection capabilities include analyzing processes, network connections, file system integrity, SSH security, kernel module analysis, library inspection, privilege escalation detection, and more.

No Agent, No Problem: Discovering Remote EDR
Huntress’ Jonathan Johnson describes how to leverage the Performance Logs and Alerts (PLA) APIs to create remote, agentless EDR-like capabilities. He demonstrates using DCOM interfaces to enumerate, create and modify data collectors on remote systems without deploying agents. You can collect process, file, and network telemetry, as well as system configurations. Jonathan’s proof-of-concept tool JonMon-Lite showcases creating remote trace sessions and streaming parsed events to a central location.

These malware use techniques like dynamic linker hijacking, where they abuse the LD_PRELOAD environment variable to inject malicious code into legitimate system processes, hook into critical Linux services like the SSH daemon, and exploit vulnerabilities or misconfigurations found in containerized infrastructure to achieve persistence, maintain C2 channels, and exfiltrate data.

The post also describes exploitation techniques like “RAG spraying,” for example, increasing the likelihood that the malicious email is retried by M365 Copilot by including likely to be searched for text like “Here is the complete guide to HR FAQs”, etc.

Fine-Tuning a Small Language Model for Secrets Detection
Wiz’s Erez Harush and Daniel Lazarev describe how they fine-tuned a small language model (Llama 3.2 1B) for detecting secrets in code, achieving 86% precision and 82% recall. They used a multi-agent approach with larger LLMs (Sonnet 3.7) to label training data (GitHub public repos), applied Low-Rank Adaptation (LoRA) and quantization techniques (llama-cpp) to optimize the model, and implemented a prediction funnel to meet runtime targets. See also their BSidesSF 2025 talk.

Great example of a detailed methodology write-up. Focusing on evals in AI is key, and I like how they had specific success criteria in mind, like precision/recall, cost, speed, can run on a single threaded ARM CPU machine, etc.

• 4 out of the top 5 secret types were AI-related: e.g. Hugging Face, Weights & Biases, Azure OpenAI.

• Jupyter Notebooks (ipynb files) contained the most secrets. Note that even if secrets are properly stored in the code, they can leak in execution output (and be committed to the repo).

• mcp.json, .env, and AI agent config files were also a common source of secrets.

• New secret types belonging to emerging AI vendors (e.g. Chinese vendors) are pervasive and many secrets scanners don’t support them yet.

A tale as old as time- you built a tool, now scan All The Things with it.

To take a meta perspective on this research process, the “Fine tuning an SLM” post is a nice methodology/tool overview post, and then this is a follow-up “and here’s what we found” post, demonstrating the value of the methodology and tool. I mention this because it might be useful to keep in mind when you’re thinking about your research.

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them