| HTTPS://www.linkedin.com/in/markcartertm |
Useful 🛡️ The #Microsoft AntiSSRF library is a security-developed, exhaustively-tested secure code library that provides robust URL validation to mitigate the risk of Server-Side Request Forgery (SSRF) vulnerabilities. It is an easy-to-use drop-in library with minimal adoption effort for developers, available for both .NET and Node.js applications.
https://github.com/microsoft/AntiSSRF#microsoft-antissrf
#InfoSec #AppSec
A good read for every CISO and general counsel 🛡️ The Invisible Insider: How AI Agents Enable Undetectable Trade Secret Theft – and What Companies Must Do Now
https://www.jdsupra.com/legalnews/the-invisible-insider-how-ai-agents-6220515/ #InfoSec #Legal
Powerful and simple 🧙 operate.txt — A standard for the agentic web. Tell AI agents how to operate your website or app.
We are no longer in the "chat with AI" era. We are in the era where AI agents act on your behalf — clicking buttons, filling forms, completing purchases, navigating workflows.
Claude Projects. Persistent memory. Computer use. Multi-agent orchestration. These are production features, not demos. Agents are operating on real websites, apps, and tools right now.
And when an agent lands on your website, it is blindfolded.
It reconstructs your entire interface from screenshots and DOM trees. It guesses what buttons do. It mistakes loading screens for errors. It takes wrong actions on irreversible operations. It wastes compute figuring out things you could have just told it.
Operate.txt is an "operate me" file. It tells agents how your product works, how to navigate it, what actions exist, and what consequences those actions have. It's the missing layer between your interface and the agents your users are already deploying.
Good resource 🛡️ Financial Services Sector Coordinating Council (FSSCC) Mitigating AI-Powered Attacks Against Identity and Authentication 🛡️ The purpose of this paper is to highlight three current and emerging attack vectors powered by
Gen AI – along with ten concrete examples of how adversaries are using these attack vectors to
compromise the identity and authentication tools used by many FIs – and outline potential
mitigations that FIs can deploy to guard against each of them.
By examining these threats and exploring how both GenAI and traditional AI can be leveraged
for defense, the paper delivers practical insights to help financial institutions protect their
systems and consumers from increasingly sophisticated fraud and identity risks.
https://fsscc.org/wp-content/uploads/2026/02/AI-IA-Workstream-Mitigations.pdf #Infosec #Finance
👍 Announcing the "AI Agent Standards Initiative" for Interoperable and Secure Innovation 🛡️ Today, the Center for AI Standards and Innovation (CAISI) at NIST announced the launch of the AI Agent Standards Initiative. The Initiative will ensure that the next generation of AI—AI agents capable of autonomous actions—is widely adopted with confidence, can function securely on behalf of its users, and can interoperate smoothly across the digital ecosystem. Working in coordination with other federal partners, including the Information Technology Laboratory (ITL) at NIST, CAISI aims to foster the emerging ecosystem of industry-led AI standards and protocols while cementing U.S. dominance at the technological frontier.
AI agents can now work autonomously for hours, write and debug code, manage emails and calendars, and shop for goods, among other emerging use cases. While the productivity promise is enticing, the real-world utility of agents is constrained by their ability to interact with external systems and internal data. Absent confidence in the reliability of AI agents and interoperability among agents and digital resources, innovators may face a fragmented ecosystem and stunted adoption. To address this concern, NIST, including CAISI, aims to foster industry-led technical standards and protocols that build public trust in AI agents, catalyze an interoperable agent ecosystem, and diffuse their benefits to all Americans and across the world.
https://www.nist.gov/news-events/news/2026/02/announcing-ai-agent-standards-initiative-interoperable-and-secure #InfoSec
Useful 👍 AI Bill of Materials — discover every AI agent, model, and API in your infrastructure 🔍 60%+ of AI usage is undocumented.
Developers ship LLM integrations, agent frameworks, and MCP servers without security review. Shadow AI is the new shadow IT.
One command. 13 scanners. 9 output formats. Standards-compliant AI Bill of Materials.
TIL that SSDs can lose data if left unplugged for long periods of time (only required to hold data up to 1 year), unlike HDDs which as long as the material holds it can take years.
Edit: added link: https://www.slashgear.com/1893447/dont-leave-your-old-ssd-unplugged/
David Amador