Securosis Blog

When you ran inference on AWS Bedrock, the deal was explicit: prompts and completions stayed inside the AWS boundary, and model providers never saw your data. That guarantee is why regulated shops and European organizations route their AI workloads through Bedrock instead of going straight to the model vendor.

The Tech Debt Crisis Is Coming

Like the American middle class living paycheck to paycheck, organizations near or below the security poverty line are one big incident away from catastrophic bankruptcy. They got here through years of underinvesting in core capabilities and unified architecture, not stupidity, but a long series of decisions that prioritized shipping over sustainability. And now every smaller incident consumes the cycles that could have gone toward paying down that debt, making the…

(Co-Authored with Ariel Septon of Native) Security invariants are a critical component of your cloud and IT governance strategy. However, how can we apply this same thinking to the non-deterministic world of Generative AI?

Someone asked me last week if I was going to RSAC. I replied that I’m pretty sure after I die they’ll prop my body up in a corner of Moscone, Irish wake style. Eventually I’ll retire or move on, but this year isn’t THAT year. I still get tremendous value out of RSAC. Personally I spend nearly no time on the show floor, a lot of time in meetings, and a bit of time in sessions. As a review committee member I see all the content for my track before I show up and I think most…

For the last couple months I have been working with AI security. First with the general architecture and data flows for Generative and Agentic AI systems, and lately more with prompt & response security techniques. These later topics are where AI systems offer greenfield for attackers to apply all the old – and a select few new – attack techniques. I was researching how to coerce AI to misbehave, as part of my introduction to prompt engineering, I am stumbling across cases where…

It has survived recessions, obsessions, parenthood, natural disasters, pandemics, unnatural disasters, and the rise and fall of eateries great and small. That’s right, it’s the Securosis RSAC Disaster Recovery Breakfast! This year we’ve changed things up thanks to our new partner, 1Password, who reached out and offered to host the DRB in their event space just up the street from the Moscone center. With all the changes in the restaurant scene in that particular area of…

TL;DR: Support CloudSLAW Here!

I know that as most of you lay your weary heads to rest every night (or morning, for you night shifters), the last thought that fires through your synapses is, “I really wish I could get more CloudSLAW!”

It’s a perfect fall Sunday morning here in Phoenix. After a brutally hot summer the air is cool, the sky is clear, and the fresh air is drifting into the hotel ballroom while I wait for my daughter to take the stage in the Irish dance regionals competition.

We have a major problem. It isn’t really getting better, and soon a critical window of opportunity will close that we can’t afford to lose. I don’t say this lightly, and I think anyone who has read my prior work knows I am not prone to FUD. No one can possibly know the actual percentage of enterprise workloads and applications that have moved to cloud, but every statistic I could find estimates that, at most, it is somewhere in the range of 25% (here’s one Gartner take).…

I just published a piece on Apple Intelligence at TidBITS that I’m pretty excited to release. I wrote it (literally sitting poolside on vacation) to try and explain why this matters to someone even if they don’t know anything about AI or security. For those of us in cloud security, some really interesting things are going on: