Published inAppSec UntangledAre AI Agents the Ultimate Confused Deputy? How AI Agents' Capabilities Are Being AbusedAI agents are unlocking seemingly unlimited new use cases, so it shouldn’t be a surprise that everyone is racing to build AI agents right…Oct 8A response icon1Oct 8A response icon1
Published inAppSec UntangledWhat is AI Prompt Injection and How to Mitigate It? (Explained with an Example)Everyone seems to be working on some AI-related project right now, and why not with the amazing capabilities LLMs have unlocked? However…Jul 24Jul 24
Published inAppSec UntangledHow AI Code Scanning Breaks SAST’s Limits - Corgea as an ExampleMany resources tackle the SAST false-positive problem, but today I am here to discuss the SAST false-negative problem, and how AI could…Mar 11Mar 11
Published inAppSec UntangledLessons learned #5: Internal applications need review too (Subaru STARLINK Admin Panel…Welcome to another story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the perspective of an application…Feb 19Feb 19
Published inAppSec UntangledHow Reachability Analysis can help with open source vulnerabilities mess (Coana as an example)If you are a security engineer or a developer, you probably already know the pain of having to deal with the vulnerabilities affecting the…Jan 22Jan 22
Published inAppSec UntangledLessons Learned #4: One error message could expose all your data (FileSender CVE-2024–45186)Welcome to another story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the perspective of an application…Jan 14Jan 14
Published inAppSec UntangledLessons Learned #3: Is your random UUID really random?Welcome to the third story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the perspective of an…Nov 20, 2024A response icon1Nov 20, 2024A response icon1
Published inAppSec UntangledLessons Learned #2: Your new feature could introduce a security vulnerability to your old feature…This is the second story in the “Lessons Learned” series where we discuss real-world vulnerabilities from the eyes of an application…Sep 25, 2024Sep 25, 2024
Published inAppSec UntangledLessons Learned #1: One line of code can make your application vulnerable (Pre-Auth RCE in Metabase…Welcome all to this new series “Lessons Learned”. In this series, I plan to share some real-world vulnerabilities from the eyes of an…Sep 2, 2024Sep 2, 2024
Published inAppSec UntangledHow to make “Input validation” easy for your devsCreating a Paved road for input validationJul 22, 2024Jul 22, 2024
