AI for Security Engineers (with Cursor’s Security Lead)
AI is helping developers ship faster than ever. How can security keep up?
I’m stoked for my upcoming chat with my friend Travis McPeak, Security Lead at Cursor, about how security engineers can use coding agents to become even more leveraged.
Cursor has been one of the fastest growing and shipping AI-forward companies right now, so I thought it’d be great to hear from someone on the front lines.
I’ve actually known Travis and been a fan of his work for years, when he was doing cool stuff as the AppSec engineering manager at Netflix, then Head of Product Security at Databricks, then co-founder of Resourcely.
We’ll discuss in the webinar:
How modern coding agents change what projects are feasible for security engineers.
The impact of coding agents on secure defaults and building a “paved road.”
Using AI to rapidly ramp up on new code bases and tech domains.
Automating cloud security.
Building (and owning in production) security controls, without hurting developer experience.
Getting broad and continuous visibility into security-relevant code changes.
Where AI is headed, and what it means for you and your role.
We’ll leave plenty of time for questions, so you can ask Travis and I about whatever is most immediately pressing and useful to you.
When: (next week) February 19th, 10am PST.
AppSec
Top 10 web hacking techniques of 2025
PortSwigger’s James Kettle announces the top 10 web hacking techniques of 2025, selected from 63 community nominations through voting and expert panel review. Some research, well worth reading as always.
ambionics/phpggc
A library of PHP unserialize() payloads along with a tool to generate them. It supports 15+ frameworks including Laravel, Symfony, Drupal, and Monolog, with gadget chains for RCE, file read/write, and other exploitation primitives.
The CISO’s Craft: Watchmaker or Gardener?
Phil Venables contrasts two CISO leadership philosophies: the “Watchmaker” emphasizes precision, command-and-control, detailed policies, and centralized tools for predictable security but risks rigidity and burnout; and the “Gardener,” which focuses on cultivating security culture, empowering teams with principles and guardrails, and building adaptive resilience but may appear less structured. Modern CISOs should blend both.
Attackers are definitely moving faster (see the AI + Security section). Streamlined fixes and quickly prioritizing the right things seems like it’s going to be more and more important.
Cloud Security
AI-assisted cloud intrusion achieves admin access in 8 minutes
Sysdig’s Alessandro Brucato and Michael Clark observed where a threat actor escalated from stolen credentials to admin access in under 10 minutes, with strong indicators of LLM-assisted operations including Serbian-commented code, hallucinated GitHub repos, and fake AWS account IDs. The threat actor gained initial access to the victim’s AWS account through credentials discovered in public S3 buckets, escalated privileges through Lambda function code injection, moved laterally across 19 unique AWS principals, abused Amazon Bedrock for LLMjacking, and launched GPU instances for model training. “The affected S3 buckets were named using common AI tool naming conventions, which the attackers actively searched for during reconnaissance.”
Novel Technique to Detect Cloud Threat Actor Operations
Palo Alto Networks’ Nathaniel Quist describes a detection method that identifies threat actors by mapping cloud security alerts to MITRE ATT&CK techniques, successfully distinguishing between Muddled Libra (cybercrime group using social engineering and ransomware) and Silk Typhoon (China-nexus APT exploiting Exchange servers and VPNs) based on their unique “fingerprints.” The analysis across 22 industries from June 2024-June 2025 found Muddled Libra triggered nearly 70 unique alert types (focused on Azure Graph API enumeration and Microsoft 365 exfiltration) with only 3 overlapping with Silk Typhoon’s 50+ alert types (focused on automated collection and data destruction).
The takeaway: tracking unique alert variety (breadth of techniques) versus average daily alert volume (operational persistence) can enable proactive threat hunting.
I wonder if any threat actors read reports like this about other threat actor groups and think, “Huh nice, good point, yeah I should do more of what they’re doing, I’m missing out.”
AI + Security
qwibitai/nanoclaw – A lightweight alternative to Clawdbot / OpenClaw that runs Agents in containers (supports Linux and macOS containers) for security. Connects to WhatsApp, has memory, scheduled jobs, and runs directly on Anthropic’s Agents SDK.
HKUDS/nanobot – An ultra-lightweight personal AI assistant inspired by OpenClaw. Core agent functionality is just ~4,000 lines of code, 99% smaller than Clawdbot’s 430k+ lines.
nearai/ironclaw – An OpenClaw inspired implementation in Rust focused on privacy and security. Untrusted tools run in isolated WebAssembly containers with capability-based permissions. Secrets are never exposed to tools; injected at the host boundary with leak detection. Endpoint allowlisting.
owockibot’s hot wallet private key was compromised after 5 days, his learning in public GitHub gist was compromised. Retrospective.
I spent too long on this section and ran out of time for the supply chain, blue/red team sections. Sorry friends
OpenClaw Security Engineer’s Cheat Sheet
Great security guidance overview of OpenClaw by Semgrep’s Kurt Boberg, covering: thinking about OpenClaw security concerns from first principles, the attack surface, detecting use in your corporate environment (across endpoints, your registry mirror, network indicators), setting up hardened environments to experiment in (sandboxing), security scanning Skills, configuration hardening, incident response, and more.
Tons of useful tools links, commands to run, hardening recommendations, related work references, and more. I love posts like this tying a bunch of things together
kappa9999/ClawShield
Security preflight and guardrails for OpenClaw/Moltbot. It checks your config for risky settings, warns you if your gateway is exposed, and helps you keep skills from being tampered with.
prompt-security/clawsec
A complete security skill suite for OpenClaw’s family of agents. Protect your SOUL.md from drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite.
“Protecting your SOUL.md” was not a phrase I had on my 2026 Bingo card
backbay-labs/clawdstrike
By Connor Whelan: A runtime security enforcement library for AI agents that provides tool-boundary enforcement through 7 built-in guards (path access, network egress, secrets detection, patches validation, tool restrictions, prompt injection, and jailbreaks) with Ed25519-signed receipts proving what was decided under which policy. It has four-layer jailbreak detection (heuristic, statistical, ML, and optional LLM-as-judge), output sanitization with streaming support, and adds low overhead per tool call.
Discovering Negative-Days with LLM Workflows
Eugene Lim describes building a GitHub Action workflow that uses Claude to detect “negative-days” and “never-days” (vulnerabilities patched in open-source projects before they get a CVE) by monitoring repository commits and analyzing them with LLMs. He walks through iterating on the prompt and process: incorporating pull request context via GitHub’s listPullRequestsAssociatedWithCommit API, refining prompts to focus on exploitable vulnerabilities with concrete PoCs, and fixing JSON output issues.
Academics have been writing about finding bugs from diffs for probably decades, but what I think is important to note is how relatively straightforward and effective this approach was. In your mental threat model, move “detecting vulnerabilities before they receive CVEs and creating exploits” from “requires nation state resources” to “one person, a few days, a few dollars in LLM costs.” (of course depends on the target)
The increased rate and ease of finding vulnerabilities (see also below) is going to make being able to rapidly patch software, roll out updates, and ideally solve classes of problems (secure defaults, memory safe languages, sandboxing/capabilities) even more important.
Evaluating and mitigating the growing risk of LLM-discovered 0-days
Anthropic’s Nicholas Carlini, Keane Lucas, Evyatar Ben Asher et al describe how Claude Opus 4.6 discovered over 500 high-severity memory corruption vulnerabilities in well-fuzzed open source codebases. How: they put Claude in a VM and gave it access to the latest versions of open source projects, standard utilities (e.g., the standard coreutils or Python) and vulnerability analysis tools (e.g., debuggers or fuzzers). But no special instructions on how to use these tools nor a custom harness that that gives specialized knowledge about how to better find vulnerabilities.
Claude worked like a human researcher: analyzing Git commit histories to find similar unpatched bugs, identifying unsafe function patterns like strcat, and understanding complex compression algorithms like LZW to craft exploits that traditional fuzzers miss.
The team validated each bug before reporting: first having Claude validate and deduplicate, then a human validated the issue and wrote a patch. They focused on memory corruption vulnerabilities because they can be easily validated, by monitoring the program for crashes and running tools like address sanitizers to catch non-crashing memory errors.
“Looking ahead, both we and the broader security community will need to grapple with an uncomfortable reality: language models are already capable of identifying novel vulnerabilities, and may soon exceed the speed and scale of even expert human researchers.”
The key part here is without special instructions or a custom harness, just Opus 4.6 going to town. We can reasonably expect with moderate to high scaffolding the outcome would be some to significantly better.
I would be curious to know a bit more about the details though: after the automated validation, how many of the findings were still “false positives” / not interesting? How much did this cost (total, per bug)? How long did Opus run to find the bugs?
