Joseph Zeng

@[email protected]
120 Followers
15 Following
151 Posts
All opinions and posts are my own.
My employers (past or present) are not responsible and may not agree with any of them.
Posts do not imply endorsement or agreement as I may just be sharing a discussion/topic of interest.
Twitter (former)https://x.com/josephzengx
Github (For Verification)https://josz5930.github.io/
Joseph ZengMar 21

"Production-ready AI agents need production-grade governance."

Microsoft's Agent Governance Toolkit for:
• Security & access controls
• Policy enforcement
• Audit & compliance guardrails

https://github.com/microsoft/agent-governance-toolkit

#AgenticAI #ResponsibleAI #OpenSource #AISecurity

GitHub - microsoft/agent-governance-toolkit: AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.

AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10. - microsoft/age...

GitHub
Joseph ZengMar 21

Android Reverse Engineering & API Extraction — Claude Code skill

https://github.com/SimoneAvogadro/android-reverse-engineering-skill

#ai #android

GitHub - SimoneAvogadro/android-reverse-engineering-skill: Claude Code skill to support Android app's reverse engineering

Claude Code skill to support Android app's reverse engineering - SimoneAvogadro/android-reverse-engineering-skill

GitHub
Joseph ZengMar 7

[un]prompted Conference - A NoteBookLM containing videos and transcripts.
Appropriately, you can ask questions of the content 😁

https://notebooklm.google.com/notebook/78ee3710-1741-488d-af06-159f518e9510

#ai

Sign in - Google Accounts

Joseph ZengFeb 23

During the Chinese New Year holidays, I was trying out Roo Code in VS Code.

Something that bugged me since the release of the CDC voucher scheme was the question "How much value do you put on the vouchers?"

Here is how the PoC version was generated:

  • Chat with ChatGPT and Claude (Web platforms)
  • Architect mode with Gemini 3.0 Pro
  • Code mode using DeepSeek 3.2
  • Add on features (e.g. PDF export) mainly using DeepSeek

    • The reason why it was mostly DeepSeek is cos I got some credits on DeepSeek platform and so far it is good enough since I do not have much money to spend 😁

    https://github.com/josz5930/CDC-Value-For-You

    GitHub - josz5930/CDC-Value-For-You

    Contribute to josz5930/CDC-Value-For-You development by creating an account on GitHub.

    GitHub
    Joseph ZengFeb 19

    Boundary Point Jailbreak attacks against classifier type AI

    https://www.aisi.gov.uk/blog/boundary-point-jailbreaking-a-new-way-to-break-the-strongest-ai-defences

    " we recommend using batch-level monitoring that aggregates traffic across interactions vs. trying to prevent harmful-interactions by only considering a single interaction at a time. More generally, BPJ reinforces the importance of using a layered defensive approach that avoids a single point of failure—particularly if that point of failure can be directly optimised against."

    #ai #jailbreak

    Boundary Point Jailbreaking: A new way to break the strongest AI defences | AISI Work

    Introducing an automated attack technique that generates universal jailbreaks against the best defended systems

    AI Security Institute
    Joseph ZengFeb 18

    AI agents - "you cannot secure the reasoning layer; you must sandbox the execution layer"

    https://semgrep.dev/blog/2026/openclaw-security-engineers-cheat-sheet/

    #ai #agents #cybersecurity

    OpenClaw Security Engineer's Cheat Sheet

    A practical security guide to OpenClaw: first principles, real attack vectors, skill supply-chain risks, and safe experimentation playbooks.

    Semgrep
    Joseph ZengFeb 2

    "A sandboxed development environment for running Claude Code with bypassPermissions safely enabled."

    https://github.com/trailofbits/claude-code-devcontainer

    #ai #claudecode #cybersecurity

    GitHub - trailofbits/claude-code-devcontainer: Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.

    Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review. - trailofbits/claude-code-devcontainer

    GitHub
    Joseph ZengFeb 2

    "AI magnifies existing non-human identity (NHI) risks related to governance, visibility, ownership, and credential lifecycle management."

    https://cloudsecurityalliance.org/artifacts/state-of-nhi-and-ai-security-survey-report#

    #ai #identity

    The State of Non-Human Identity and AI Security | CSA

    Explore this 2026 survey report about AI adoption and Identity & Access Management (IAM). Learn how AI magnifies existing non-human identity (NHI) risks.

    Joseph ZengJan 7

    Dexprotector Jan 2026 Analysis

    https://www.romainthomas.fr/post/26-01-dexprotector/

    #mobile #appsec #cybersecurity

    A Glimpse Into DexProtector | Romain Thomas

    This blog post provides a high-level overview of DexProtector's security features and their limitations

    Romain Thomas
    Joseph ZengJan 3

    Claude in Chrome

    https://labs.zenity.io/p/claude-in-chrome-a-threat-analysis

    #ai

    Claude in Chrome: A Threat Analysis

    Zenity Labs