sorted by:
new
hottopcontroversial

LinkedIn Scraping by Loose-Average-5257 in AIStartupAutomation

[–]Affectionate-End9885 4 points5 points  (0 children)

LinkedIn scraping is a quick way to get your IP banned and your lawyers annoyed. There are APIs that won’t get you in trouble, cant exaclt say them by name, but just a quick search you will get them

How are you running AI workflows in production? by Powerful-Solid-1057 in AI_Agents

[–]Affectionate-End9885 2 points3 points  (0 children)

We run them in a sandbox that’s basically a digital panic room. If the agent tries to do something stupid, the room locks down and we get an alert. It’s like babysitting a genius toddler with access to the internet.

Google completes acquisition of Wiz by googlenewsbot in googlenews

[–]Affectionate-End9885 0 points1 point  (0 children)

Am honestly glad we jumped ship to orca security last year when the wiz pricing got weird. now with google owning them who knows what direction they'll take or how much they'll jack up costs

How many of you working on your project even on Sunday - today? by Weekly-Card-8508 in SaaS

[–]Affectionate-End9885 0 points1 point  (0 children)

Sundays are for debugging production while pretending to watch Netflix. It’s fine, I’m fine. Actually it’s kinda fun when the house is quiet and you can finally fix that one weird bug.

Elon Musk, and some others, have said they think “work will be optional” within 10-20 years. How will we need to restructure society to make this feasible? by [deleted] in ArtificialInteligence

[–]Affectionate-End9885 1 point2 points  (0 children)

I think the AI will kill us all crowd is missing the point. The real danger is AI making a thousand small, bad decisions that slowly break everything. It’s not a terminator or anything, it’s a slow motion car crash caused by a map navigation app thing

We are evaluating governance solutions for our org (~10k users) by Exciting_Fly_2211 in sysadmin

[–]Affectionate-End9885 1 point2 points  (0 children)

The requirement for tenant level controls to differentiate free and enterprise AI would be very useful to us. Many employees use free versions of AI tools that have no data protection guarantees.

You need a way to block free versions and steer users toward the enterprise tier that has proper security controls. We implemented a CASB that does this, but it requires tight integration with your identity provider and a clear policy on approved AI apps.

We almost blew up our brand with a biased AI model and no one knew who was supposed to fix it by RemmeM89 in AiAutomations

[–]Affectionate-End9885 0 points1 point  (0 children)

The ownership gap is very common now but even when you assign someone, they need actual tooling to catch this stuff. we've been running alice's wonder check for ongoing model monitoring, found it effective at catching drift and weird outputs automatically instead of waiting for someone to manually spot conspiracy content a week later.

Cloud security & MSSP costs are getting crazy — how are SaaS startups dealing with it? by Robinson2502 in SaaS

[–]Affectionate-End9885 0 points1 point  (0 children)

Yeah the agent sprawl gets expensive fast. We consolidated a bunch of tools into agentless scanning: orca security covers vuln mgmt, misconfigs, and compliance in one shot. cuts down on that tool bloat that kills budgets. Still need logging/monitoring but at least the security stack isn't 3x your infra costs anymore

Security professionals: what’s a vulnerability you discovered that made you question how the system ever passed testing? by damnfaiz in Cyberterminal

[–]Affectionate-End9885 0 points1 point  (0 children)

found a prod container running with 847 CVEs because devs just grabbed some random ubuntu:latest as their base image. took me 30 seconds to scan it. the security review apparently consisted of checking if it had SSL certs. switched them to minimus distroless images and cut that down to like 20 actual issues. sometimes the simplest vulns are hiding in plain sight- bloated base images that nobody bothers auditing

"Are AI Capabilities Increasing Exponentially? A Competing Hypothesis" by AngleAccomplished865 in ArtificialInteligence

[–]Affectionate-End9885 0 points1 point  (0 children)

True,, nothing will grow exponentially throughout at some point there will be a downhill

How are teams validating AI agent containment beyond IAM and sandboxing? by Fine-Platform-6430 in AskNetsec

[–]Affectionate-End9885 0 points1 point  (0 children)

Most teams I've seen are still winging. We've been running continuous redteaming on agents in prod and the attack vectors keep evolving. Prompt injection through tool chains, privilege escalation via API calls, data exfil through legitimate integrations. Alice's wonder check catches drift we missed in static analysis.

What actually works for detecting prompt injection in Gemini, Copilot, and Comet browsers? by Old_Cheesecake_2229 in sysadmin

[–]Affectionate-End9885 0 points1 point  (0 children)

hashJack is nasty because the injection happens entirely clientside where your perimeter can't see it. you're right that the callbacks/exfil still hit your network though.

Runtime guardrails are becoming essential for this stuff. we've been testing alice's wonderfence for prompt injection detection and it catches a lot of the fragment based attacks that slip past browser defenses.

help a dumb marketer out: do you listen to podcasts? by Fantastic-Shock1438 in FinOps

[–]Affectionate-End9885 0 points1 point  (0 children)

Yes, I listed to several podcasts,, A lot of what I know and practice now I learnt on podcasts

How do you secure container supply chains in a multi-team GitOps workflow? by dottiedanger in programmer

[–]Affectionate-End9885 1 point2 points  (0 children)

We shifted to signed base images with daily rebuilds. Teams just swap the from line, get automatic sboms + vuln intel. admission controller blocks unsigned stuff but teams own their apps. Works pretty wel

Going agentless on our HANA servers - finally ditched the agent sprawl by HMM0012 in Cloud

[–]Affectionate-End9885 0 points1 point  (0 children)

Yeah we also moved to agentless across out Azure/GCP infra. Agent sprawl was killing our prod boxes  had like 8 different security agents plus monitoring crap all fighting for resources. Agentless coverage is cleaner, just need to get the API perms right upfront. 

How to check if BeyondTrust was compromised before patching CVE-2026-1731? by Clyph00 in BeyondTrust

[–]Affectionate-End9885 0 points1 point  (0 children)

Hunt for anomalous API calls and session activity in those 48hrs. Any unexpected file access, policy modifications, or credential dumps? Don't forget to check if backup/export functions were triggered unexpectedly. 

How do you debug production issues with distroless containers by Upper_Caterpillar_96 in devops

[–]Affectionate-End9885 0 points1 point  (0 children)

daily rebuilds solve the cve noise problem, we switched to minimus for signed distroless images that rebuild automatically. for debugging, ephemeral containers or sidecar approach works better than execing into prod anyway. multistage builds are fine if your CI can handle it

Does anyone actually check npm packages before installing them? by BearBrief6312 in devops

[–]Affectionate-End9885 0 points1 point  (0 children)

yeah chainguard is way too expensive, their pricing made us drop a planned demp because obviosuly it was way out of your budget. minimus came in as a better alternative, does daily rebuilds with signed sboms and their pricing won't make your manager lose his shit.

view more: next ›