Mastodawn

We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :)

Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.

For all we know, the poor agent was not at fault and may not have even been able to witness what was happening.

https://srlabs.de/blog/hacking-ai-agent

#AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure

We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research

We strolled through an enterprise AI assistant's backend, helped ourselves to full application takeover and access to every chat log, and had a Microsoft Entra ID dump for dessert — no prompt injection, no model tricks, no AI expertise required.

SRLabs

Rory McCune Mar 11

One of the points I make in Kubernetes Security a lot is that talking about security defaults is hard as each distribution has its own idea of what works for their users.

One of the most surprising of these is Microk8s' choice to not enable RBAC by default. I wrote up a bit about it, here. https://raesene.github.io/blog/2026/03/11/microk8s-rbac-default/

Variance of defaults - Microk8s RBAC

Rory McCune Mar 10

Kubernetes SIG-Security docs have been doing some work to refresh the OWASP Kubernetes Top 10, to help cluster operators and users have a clear idea of where to start with Kubernetes security. It's taken a little longer than expected, but we have our draft top 10 out now. Any feedback very welcome

https://owasp.org/www-project-kubernetes-top-ten/

OWASP Kubernetes Top Ten | OWASP Foundation

Welcome to the OWASP Top Ten for Kubernetes

Rory McCune Mar 5

Insomni'hack Mar 5

Christophe Tafani-Dereeper join us again at #INSO26 and explains how phising campaigns are evolving into worms.
Buy your ticket: https://insomnihack.ch/?utm_source=mastodon&utm_medium=image&utm_campaign=Insomnihack2026&utm_content=0503
#InsomniHack #Cybersecurity #INSO26

Rory McCune Feb 27

Obsidian Feb 27

Obsidian 1.12 is now available to everyone!

- Obsidian CLI
- Bases search
- Image resizing
- Automatically clean up unused images
- Better copy/paste into rich text apps like Google Docs
- Native iOS share sheet

Rory McCune Feb 26

Really looking forward to Securi-Tay from the Abertay Ethical Hacking Society tomorrow.

If you're there and interested in hearing what 20 years of speaking experience has taught me and how you can hopefully improve your next talk, I'm on at 11:30am in track 3!

https://securi-tay.co.uk/schedule

Rory McCune Feb 26

If you're using GCP and have enabled Gemini on any of your projects, this one is worth reading, as you may have some checking to do. https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

Rory McCune Feb 25

Marcus Noble Feb 25

Does anyone have a decent write-up of how the Kubelet works and interacts with the Kubernetes API server?

Trying to fill some gaps in my knowledge around mirror pods.

Rory McCune Feb 22

As the hardware price hikes start impacting server hosting costs, could be a good time to look out those old laptops and desktop you're hoarding (or that could just be me) and see if you can self-host!

Rory McCune Feb 11

Cloud Native Rejekts Feb 11

We’re excited to welcome Isovalent🐝🐝 as a new sponsor of Cloud Native Rejekts! 🥳

With @isovalent.bsky.social's support, we’re looking forward to even more great discussions, deeper technical insights, and stronger collaboration across the cloud-native ecosystem. Welcome aboard! 🚀

Personal Site	https://www.mccune.org.uk/
Blog	https://raesene.github.io/
Container Security Site	https://www.container-security.site
GitHub	https://github.com/raesene/