MCPs are just other people’s prompts and other people’s APIs
I’ve been thinking about Model Context Protocols (MCPs) for months, and here’s the simplest way to explain what they actually are: MCPs are other people’s…
Category: Mix
MCPs are just other people’s prompts and other people’s APIs
The Simple Truth About MCPs I’ve been thinking about Model Context Protocols (MCPs) for months, and here’s the simplest way to explain what they actually…
Exploiting API4 — 8 Real-World Unrestricted Resource Consumption Attack Scenarios (and How to Stop Them) — API Security
Unrestricted Resource Consumption (API4:2023) is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service (DoS) and resource…
![[tl;dr sec] #293 - MCP Security, AWS Enumeration, North Korean Hacker's Files Leaked](https://image.cybernoz.com/wp-content/uploads/2025/08/tldr-sec-293-MCP-Security-AWS-Enumeration-North-Korean.png)
[tl;dr sec] #293 – MCP Security, AWS Enumeration, North Korean Hacker’s Files Leaked
Rage-fueled Rewrite Monday morning I discovered that some tl;dr sec automation I’d built in Zapier randomly stopped working, despite me not touching it for months.…
Protecting Your AI-Powered Infrastructure — API Security
With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language…
AI Models Are Not Safety-Tuned for Kids · Joseph Thacker
It hit me like a lightning bolt during a casual conversation about AI safety: we’re tuning these models for adults, but kids are using them…
The Quest for the Shortest Domain · Joseph Thacker
In the world of bug bounty hunting, having a short domain for XSS payloads can be the difference in exploiting a bug or not… and…
The Third Limitation to Creativity
The moment when you realize what was previously impossible is now trivial I just wrote a new piece about the two primary limitations to creativity.…
strategic guidance for CISOs and cybersecurity leaders
If you are a CISO or cybersecurity leader looking to scale your bug bounty program but are not sure when the right time to do this is, how to do this in…
Who’s Not Getting Laid Off?
Who is not being laid off? That’s the question. I’m thinking about all these layoffs. I’m trying to figure out if there’s anything we can…
Two Creativity Barriers | Daniel Miessler
I think there are two primary ways we limit our own creativity. What I’ll call Type 1 is the inability to access your true, internal…
Our 20,000 Eyes and Hands
Here’s a different way to think about the change coming to the workforce and economy from AI. Imagine everyone in the world has 10,000 brains,…