Writing
3 articlesHunting the Ghost in the Machine: Detecting Malicious Exploitation of AI Coding Agents
Agentic AI tools like Claude Code and GitHub Copilot execute arbitrary code, read files, and make network requests on behalf of developers. When threat actors find CVEs in these agents, the attack surface expands dramatically. This piece explores detection strategies, MITRE ATT&CK mappings, and YARA-based hunting rules for AI agent exploitation in enterprise environments.
Prompt Injection at Scale: Threat Modeling AI-Augmented CI/CD Pipelines
When your CI pipeline can talk to an LLM, a crafted commit message might be enough to exfiltrate secrets. Threat modeling the new attack surface of AI-augmented build systems.
Detection as Code: Building a SIEM Rule Review Workflow with GitLab
Treating detections like software: version control, peer review, and automated testing for SIEM rules using GitLab's native CI tooling.
Signal vs. Noise: Tuning Detections in High-Velocity Developer Environments
At GitLab, developers generate enormous amounts of log data. How do you build detections that catch real threats without burning out your team with false positives?
Learning Russian as an InfoSec Engineer: Notes on Pattern Recognition in Language and Logs
Finding patterns in security telemetry and finding patterns in a foreign language have more in common than you'd think. Reflections on learning Russian while working in detection engineering.