Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast infosec.exchange/@anton_chuv…

Joined January 2008
344 Photos and videos
Dr. Anton Chuvakin reposted
Sunday thoughts: So you mean to tell me the managers that are so convinced they are going to replace organizations with agents are the same people saying people need to be in office. Got it.
9
9
82
3,560
Dr. Anton Chuvakin reposted
Sharing this job position for two reasons. The first is to help a new comer find employment. The second is to point to the fact that organizations with internal access to frontier model capabilities are and will continue to hire junior security personnel. google.com/about/careers/app…
4
13
65
4,420
Dr. Anton Chuvakin reposted
Companies should randomly route a small percentage of their internal AI requests to an intentionally dumb or malicious model. You want to build systems that are tolerant to different levels of intelligence and reliability.
23
8
119
9,386
Dr. Anton Chuvakin reposted
We are leaving the Old Code Age, the Paleocodic, the artisinal code era, where if you needed a novel program, you would commission a local codesmith or code guild to hand-craft a work of code for you, bespoke.
it's truly insane what people were able to build in the last few decades by manually typing the code character by character
76
163
1,935
129,360
Dr. Anton Chuvakin reposted
Two simultaneous AI narratives right now: 1) You can now do the work of 20 people, learn anything and create anything with AI. Just learn how to use claude. 2) We are investing Billions in forward deployed engineers to help you implement AI b/c its too time consuming and hard for you to do it yourself. I skew more towards #1, fwiw. But I find these narratives to be incongruent.
156
32
544
126,991
Dr. Anton Chuvakin reposted
51
261
2,245
35,742
Dr. Anton Chuvakin reposted
Stop worrying about the Mythos AI cyber apocalypse. The world is more complex than “if AI is good at hacking then everyone gets hacked.”
18
6
111
5,659
Dr. Anton Chuvakin reposted
If a vuln is publicly exploited and ends up in CISA’s KEV catalog, patching is only half the job!! We also need to know how to determine whether a server has already been compromised I’m not asking for exploit details or a PoC. I’m asking for defender guidance: - Relevant log entries - Observable artifacts - Child processes - Event IDs - File system traces Without that, orgs can patch a server that was already compromised yesterday and have no reliable way to tell Microsoft and CISA should make “Defender Detection Guidance” a standard part of every actively exploited vulnerability disclosure
CISA: Microsoft SharePoint RCE flaw now actively exploited bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…
8
39
242
21,833
Dr. Anton Chuvakin reposted
My current stance on AI-assisted coding: Web pages, styling and visual templates, POCs, demos, internal tools, internal services, automation/workflows*, code reviews, test cases*, performance tuning. In short: anything that doesn’t hurt much if it breaks. YES. Standard software development, low-level programming, or coding tasks that haven’t been done publicly a thousand times and therefore are unlikely to be in the training data. NO.
10
18
130
12,827
Dr. Anton Chuvakin reposted
AI implementation advice on my X feed is divided between those who "feel the exponential" and those whose (unconscious?) mental model of AI is that this is about as good as it is going to get, so it is time to build around the limitations & cost structures of today's capabilities
38
10
268
26,221
Dr. Anton Chuvakin reposted
Anthropic releases Fable with all kinds of comments about how it won’t do cybersecurity activities Meanwhile, everyone keeps trying to use it for such and complains.
9
2
62
5,663
Dr. Anton Chuvakin reposted
This is awesome nice one @anton_chuvakin sharing CoSAI fundamentals as we build for AI security The framework turns ‘whose fault is this?’ into ‘which layer’s controls failed, and who owns remediation for each?
"From Cloud to Chaos: Defining Shared Responsibility for AI Security" bit.ly/4oXmZf4 <- jokes and painful questions (and some answers) from CoSAI work on AI shared responsivity
1
5
656
Dr. Anton Chuvakin reposted
The current lolz is that everyone is AI assisted REing EDR products, backchanneling stories and findings, and quietly comparing notes. People are just avoiding talking about it publicly so vendors don’t start harassing them, targeting tenants, or doing other fun things.
18
29
230
25,482
Dr. Anton Chuvakin reposted
11
43
1,064
20,123
Dr. Anton Chuvakin reposted
Please don't forget about other cyber threats.
5
25
3,788
"From Cloud to Chaos: Defining Shared Responsibility for AI Security" bit.ly/4oXmZf4 <- jokes and painful questions (and some answers) from CoSAI work on AI shared responsivity
1
5
18
2,219
Dr. Anton Chuvakin reposted
it happens
5
8
33
2,571