IronCore Labs

@[email protected]
24 Followers
13 Following
54 Posts

This is the company account for IronCore Labs. We talk about #privacy, data #security, #cryptography, #AI and #AppSec.

IronCore protects data in modern GenAI systems and in classic databases, object stores, vector databases, and search indices with encryption-in-use technology that lets the data stay encrypted through its lifecycle, while allowing it to be utilized.

Our tools make it easier for developers and devsecops teams to secure and protect the data behind their apps using application-layer #encryption.

Websitehttps://ironcorelabs.com/
Githubhttps://github.com/ironcorelabs
Twitterhttps://twitter.com/ironcorelabs
IronCore LabsMay 18
BrianKrebsMay 18

New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

IronCore LabsMay 18
PatrickMay 16

So…Bitwarden quietly swapped their CEO for a PE exit specialist, dropped “Always free”, rewrote their values, then half-scrubbed a 4 year old blog post to cover it. Post still contradicts itself. I looked. There was no announcement.

https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden

#bitwarden #passwordmanager #selfhosting #userhostile #privacy #blog #vaultwarden #privateequity

The Quiet Renovation at Bitwarden - ByteHaven - Where I ramble about bytes

Back in March, I wrote about Bitwarden doubling their Premium price — and specifically how they did it. Buried in a feature announcement. Priced in fake...

IronCore LabsMay 5
IronCore LabsMay 5
Nice blog post by IBM's Alex Soto breaking down how approximate distance preserving #encryption (ADCPE) protects data in RAG workflows and #AI. Thank you! https://developer.ibm.com/articles/java-vector-embeddings-encryption/
Protecting AI embedding vectors by using approximate distance preserving encryption for RAG applications

Protect embedding vectors from reverse-engineering attacks using distance-comparison-preserving symmetric encryption (DCPE). Learn to implement DCPE in Java with IronCore Labs Alloy SDK for secure RAG applications.

IBM Developer
IronCore LabsMay 5
IronCore LabsMay 5
When it comes to #cryptography, the real trick is handling the encryption keys. It's seemingly simple, but deceptively complex. https://ironcorelabs.com/blog/2026/encryption-key-management-ninety-percent/
Key Management Is 90% of the Problem

The world's top cryptographers lost their own election key. Here's why key management, not encryption algorithms, is where the practical problems lie.

IronCore Labs
IronCore LabsMay 5
Patrick WalshMay 5
If you couldn't make the #snowfroc conference this year, I've got you covered. I made a clean recording of my talk, #hacking #AI-enabled apps. And there are some positive trends in there for AI #security. https://www.youtube.com/watch?v=Ki5VOTmT81w
SnowFROC 2026 - Hacking AI-Enabled Apps

YouTube
IronCore LabsMay 5
When it comes to #cryptography, the real trick is handling the encryption keys. It's seemingly simple, but deceptively complex. https://ironcorelabs.com/blog/2026/encryption-key-management-ninety-percent/
Key Management Is 90% of the Problem

The world's top cryptographers lost their own election key. Here's why key management, not encryption algorithms, is where the practical problems lie.

IronCore Labs
IronCore LabsMay 5
Nice blog post by IBM's Alex Soto breaking down how approximate distance preserving #encryption (ADCPE) protects data in RAG workflows and #AI. Thank you! https://developer.ibm.com/articles/java-vector-embeddings-encryption/
Protecting AI embedding vectors by using approximate distance preserving encryption for RAG applications

Protect embedding vectors from reverse-engineering attacks using distance-comparison-preserving symmetric encryption (DCPE). Learn to implement DCPE in Java with IronCore Labs Alloy SDK for secure RAG applications.

IBM Developer
IronCore LabsApr 15
Patrick WalshApr 15
Looking forward to giving my talk at #SnowFROC on Friday on hacking AI-enabled apps and how to harden your app if you're integrating AI. Lots of demos, deep dive into #OpenClaw, and some interesting results. Hope to see you there! https://snowfroc.com
SNOWFROC '26 - Where Cybersecurity Meets the Slopes

Join us April 16-17, 2026 at Denver Cable Center for the premier cybersecurity conference in the Rockies

IronCore LabsNov 19, 2025
#Agentic #AI and #MCP servers are all the rage right now. Vendors are racing to add MCP servers to their stacks and reassure their customers that they are secure. Okay, but are they safe to use? Our latest blog digs in. #cybersecurity #security #aisec https://ironcorelabs.com/blog/2025/mcp-servers-are-electric/
MCP Servers Are Electric

MCP servers promise magic, but one prompt can blow up your GitHub, Salesforce, or entire stack. Here's why LLM integrations are far more dangerous than vendors admit.

IronCore Labs
IronCore LabsOct 30, 2025
Our CEO, @zmre, will be presenting next week at the @owasp Global #appsec conference demonstrating how AI systems leak data, including some new demos exploiting MCP servers. https://owasp.glueup.com/event/owasp-2025-global-appsec-usa-washington-dc-131624/ #cybersecurity