Security

Agent Plugins Are the Future. But You Might Be Giving Away Your Best Engineering.

Agent Plugins Are the Future. But You Might Be Giving Away Your Best Engineering.

A few weeks ago AWS dropped Agent Plugins, a packaging model that bundles skills, MCP servers, hooks, and reference docs into installable units for AI coding agents. Two commands and your Claude Code or Cursor agent knows how to deploy to AWS, estimate costs, and generate IaC.

Read More
AWS ACM Certificate Validity Change: 198-Day Certificates & the Road to 47 Days

AWS ACM Certificate Validity Change: 198-Day Certificates & the Road to 47 Days

On 18 February 2026, AWS quietly updated ACM to reduce the default validity of public certificates from 395 days to 198 days. If you’re running anything on AWS that terminates TLS — CloudFront distributions, Application Load Balancers, API Gateway endpoints, Elastic Beanstalk — this affects you.

Read More
AWS STS Identity Provider Claims Validation: Secure OIDC Trust Policies

AWS STS Identity Provider Claims Validation: Secure OIDC Trust Policies

If you’ve ever written an IAM trust policy for GitHub Actions OIDC federation, you’ve probably done the thing we all did. You set the sub condition to repo:my-org/my-repo:*, told yourself “that’s scoped enough,” and moved on with your day.

Read More
LLM Prompt Injection Attacks: Types, Examples & Mitigation Strategies

LLM Prompt Injection Attacks: Types, Examples & Mitigation Strategies

If you’ve been building with LLMs lately, you’re probably as excited as I am about the possibilities! But let me tell you about something that’s been keeping security folks up at night… prompt injection vulnerabilities.

Read More
AWS Root User Security: Best Practices for IAM & Root Account Lockdown

AWS Root User Security: Best Practices for IAM & Root Account Lockdown

Hey there, tech enthusiasts! Ever felt that little thrill of power when you get root access on a system? It’s like holding the keys to the kingdom, right?

Read More
A Reminder of the Power of AWS Config

A Reminder of the Power of AWS Config

Today, I was reminded of the rich content stored in AWS Config and how easily it can reveal so much about an AWS Organisation across one or many accounts.

Read More
HashiCorp Vault Production Hardening Guide: Security Best Practices (2026)

HashiCorp Vault Production Hardening Guide: Security Best Practices (2026)

So, you’ve got Vault up and running, and you’re feeling pretty good about storing and managing secrets. But here’s the thing—running Vault in production is a whole different game. It’s not just about turning it on; it’s about hardening it to ensure that your Vault instance is secure, reliable, and resilient against attacks.

Read More
HashiCorp Vault Secrets Management: Best Practices, Rotation & Dynamic Secrets

HashiCorp Vault Secrets Management: Best Practices, Rotation & Dynamic Secrets

What is HashiCorp Vault? HashiCorp Vault is a secrets management platform that centralises how your organisation stores, accesses, and distributes sensitive data — API keys, database credentials, certificates, encryption keys, and more. Rather than scattering secrets across config files, environment variables, and shared spreadsheets, Vault gives you a single source of truth with fine-grained access control, automatic rotation, and a full audit trail.

Read More
Security Hub now supports Custom AWS Config Rules

Security Hub now supports Custom AWS Config Rules

AWS recently announced an integration that I’m a little excited about!

Read More