AI Security Blog
Session recaps and replays, guest posts, and notes from the people defending AI.

The AI Nutrition Label: Why Model Cards Matter
Model cards were meant to be the nutrition label for AI — a plain-language summary of what's inside a model. A decade in, they're voluntary, inconsistent, and often missing, just as regulators start demanding real transparency.
JUNE 29, 2026The Two Faces of AI in Automotive Security: A Conversation Among Practitioners
Florian Rohde moderates a panel with Jennifer Tisdale, Moe Yassine, and Kartheek Kumar on AI as both threat and defender's tool in automotive security.
JUNE 29, 2026Governing AI Security on Wheels: The GRC Maturity Gap in Automotive
Sai Anand on the 92% remote attack rate, the BIS rule, and why most automotive OEMs are stuck at Level 2–3 on AI/API governance even when they're at Level 4 on traditional cybersecurity.
JUNE 29, 2026Why Your Automotive ML-Based IDS Is an Asset, Not a Control
Tyson Benson (Clarios) on the TARA mistake coming for automotive cybersecurity — and how to treat ML-based intrusion detection systems before they ship.
JUNE 29, 2026A Gearhead's Guide to AI Hacking: Why Most "AI Security" Doesn't Work
Chuck Herrin breaks down AI's insecurable attack surface using analogies from his car collection. Why guardrails can't reach 100%, what NIST's June 2026 proof means, and what defenders should actually do.
JUNE 23, 2026Vibe Coded and Vulnerable: The Hidden Security Cost of Letting AI Write Your Code
AI coding assistants ship faster — and ship more vulnerabilities per line. A security engineer's field guide to vibe coding, slopsquatting, and treating model output as untrusted input.
JUNE 22, 2026The Math Behind Why AI Guardrails Will Always Fail Eventually
A NIST mathematician used a 95-year-old proof from Kurt Gödel to formally show that no fixed set of AI guardrails can ever be complete — and what that means for how we secure AI going forward.
JUNE 12, 2026Stop Slowing Down AI. Your Security Team Should Be Leading It.
Raj Umadas on why security teams should lead AI adoption — not gatekeep it. Builders first, default to yes, and the mechanics that actually close the find/fix gap.
JUNE 4, 2026Is Your LLM Lying to You? What Testing 21 Models Revealed
Scott Bly built Hermia, an open-source LLM eval framework, and ran 21 models across three inference backends. The results break a few assumptions security teams are still operating on.
MAY 28, 2026Kin Lane: A $125K AWS Bill, Overnight
Kin Lane woke up to a $125,000 AWS bill. The story isn't about the money — it's about how a single exposed credential turned into six figures of damage in under eight hours.
MAY 21, 2026AI Agents Don't Use Your App. They Hit the API.
A conversation with Darren Shelcusky on what changes when the caller isn't a person — and why a decade of security investment sits at the wrong layer.
MAY 18, 2026Two AI Attacks in One Week. The Defensive Playbook Just Broke.
Apple's MIE walked around in five days. The first AI-built zero-day shipped against a real target. The disclosure-and-patch cycle was calibrated to an attacker that doesn't exist anymore.
MAY 12, 2026MCP Just Got Its First Real Attacks. The Pattern Behind Them Is Worse.
Two pieces of MCP attack research landed this week. Both reproducible. Both pointing at the same design flaw in how agentic coding tools handle trust.
AI security, in your inbox weekly
Session recaps, new course drops, and the week's most important AI-security research — no noise.