Deep dives into detection engineering, threat intelligence, and security operations.
Extending detection-as-code pipelines to cover AI-specific threat patterns — from prompt injection detection and anomalous agent behavior to LLM data exfiltration indicators, with production-ready Splunk SPL and ESCU-compatible YAML.
A comprehensive technical guide to implementing defense-in-depth data leakage prevention for enterprise LLM deployments — from PII redaction and egress monitoring to API gateway controls and token-level output filtering.
Why rigid SOAR playbooks fail at scale and how multi-agent orchestration delivers dramatically better incident response — with a technical migration guide from traditional SOAR to agentic IR.
A deep dive into inter-agent trust exploitation — how peer agents bypass direct injection defenses, why 100% of tested LLMs are vulnerable to peer-agent requests, and how to architect zero-trust multi-agent systems.
How to build AI-powered purple team exercises using autonomous adversary simulation, MITRE ATT&CK-aligned testing, and agentic red/blue team coordination for continuous security validation.
How to implement agentic compliance workflows that replace periodic manual audits with continuous monitoring, automated evidence collection, and real-time POA&M lifecycle management across FedRAMP, CMMC, and NIST frameworks.
A practical guide to securing Model Context Protocol deployments — from prompt injection via tool responses to tenant isolation and privilege escalation in production AI agent infrastructure.
A technical guide to transforming traditional SOC operations with agentic AI — from autonomous alert triage and investigation to coordinated response, while maintaining human-in-the-loop governance.
A technical deep dive into the five-stage promptware kill chain — how adversaries weaponize LLM-based systems through multi-stage prompt injection campaigns, and how to detect and mitigate each phase.
Learn how to merge STIG/SCAP compliance scans with Splunk security detections to transform static STIG failures into live, risk-aware signals that prioritize controls based on real security events.
How to operationalize Splunk ESCU updates as part of a modern detection-as-code pipeline.
How to strategically manage and document recurring low-severity findings in audits and penetration tests, focusing on residual risk assessment and evidence-based acceptance.
Get the latest insights on cybersecurity, detection engineering, and threat intelligence delivered to your inbox.