Archive - RockCyber Musings

NIST’s New Cyber AI Profile: A Solid Foundation with Critical Gaps Your Security Team Can’t Ignore

NIST's Cyber AI Profile maps AI security to CSF 2.0. Here's what it covers, where it falls short on agentic AI, and how OWASP fills the gaps.

11 hrs ago • Rock Lambros

Why Do Boards Ignore Your Cyber Risk Reports? NIST IR 8286r1 Has the Fix

Inside the revision that puts a 38% loss probability in front of your board

Dec 23 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 24 December 12, 2025 - December 18, 2025

How AI IDEs, Federal Power Plays, and Deepfake Fraud Are Redefining Your 2026 Security Roadmap

Dec 19 • Rock Lambros

White House Issues Executive Order – Ensuring a National Policy Framework for Artificial Intelligence

Federal Preemption, State Enforcement, and What AI Governance Means for Your Business in 2026 - By Daniel Pietragallo and Rock Lambros

Dec 16 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 23 December 5, 2025 - December 11, 2025

GPT Agents, Black Hat London, And The Week Agentic AI Got A Rulebook

Dec 12 • Rock Lambros

It's Here!!! The OWASP Top 10 for Agentic Applications Just Dropped. What you need to know.

Deep dive into the new OWASP Top 10 for Agentic Applications covering AI agent security risks, attack scenarios, and practical mitigations for…

Dec 10 • Rock Lambros

React2Shell CVE-2025-55182: What I Learned Battling This Beast for a Week

This recovering CISO shares hard-won lessons hunting React2Shell CVE-2025-55182. Why your SIEM missed it, evolving IOCs, and AWS detection approaches…

Dec 9 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 22 November 21, 2025 - December 4, 2025

Global OT Guidance, Failing Safety Scores, Teen Chatbot Fallout, And The Coming AI Disclosure Crunch

Dec 5 • Rock Lambros

Claude Secure Coding Rules: Open Source Security That Scales

Stop detecting vulnerabilities after the fact. Prevent them during code generation with 100+ open source rule sets.

Dec 2 • Rock Lambros

November 2025

GTG-1002: What Anthropic’s First AI-Orchestrated Espionage Campaign Reveals About Autonomous Threats

Technical analysis of GTG-1002, the first AI-orchestrated cyber espionage campaign. Learn MCP infrastructure exploitation, MITRE ATT&CK mapping, and…

Nov 25 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 21 November 14, 2025 - November 20, 2025

When AI Guardrails Fail, Nation-States Strike, and Copy-Paste Code Threatens the Entire Stack

Nov 21 • Rock Lambros

The Context Window Trap: Why 1M Tokens Won’t Save Your AI Agent

1M token context windows are making agents dumber and costlier. Learn why context engineering beats context inflation for production AI systems.

Nov 18 • Rock Lambros

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts