Archive - RockCyber Musings

Claude Secure Coding Rules: Open Source Security That Scales

Stop detecting vulnerabilities after the fact. Prevent them during code generation with 100+ open source rule sets.

Dec 2, 2025 • Rock Lambros

It's Here!!! The OWASP Top 10 for Agentic Applications Just Dropped. What you need to know.

Deep dive into the new OWASP Top 10 for Agentic Applications covering AI agent security risks, attack scenarios, and practical mitigations for…

Dec 10, 2025 • Rock Lambros

NIST AI Agent RFI (2025-0035): Human Oversight Is the Wrong Fix

I responded to NIST's AI agent security RFI. Here's why authorization scope matters more than human oversight and what the data shows about…

Jan 20 • Rock Lambros

NIST CSF 2.0 MCP Server: shipping an open source engine that turns framework into action

Launch an open source engine that turns NIST CSF 2.0 into assessments, plans, and executive reports. Built by RockCyber.

Sep 2, 2025 • Rock Lambros

NIST’s New Cyber AI Profile: A Solid Foundation with Critical Gaps Your Security Team Can’t Ignore

NIST's Cyber AI Profile maps AI security to CSF 2.0. Here's what it covers, where it falls short on agentic AI, and how OWASP fills the gaps.

Dec 30, 2025 • Rock Lambros

Training vs Inference: Where Your Data Actually Leaks in LLM Systems

13% of GenAI prompts leak sensitive data at inference while training extraction hits 0.00001%. Evidence-based analysis of where to focus your AI…

Feb 17 • Rock Lambros

Behold the Zerg! Parallel Claude Code Orchestration for the Swarm

Spawn workers. Ship code. Skip the chaos.

Feb 10 • Rock Lambros

Anthropic Just Published Claude's Decision-Making Playbook. Here's What That Means for Your Security Program.

Anthropic published Claude's 23,000-word decision playbook. Learn the security gaps OWASP and NIST frameworks don't cover yet. Action plan inside.

Jan 27 • Rock Lambros

AI Vendor Lock-In: What the Pentagon Taught Every CISO This Week

The DoD's Anthropic supply chain risk designation exposed every enterprise's embedded AI architecture gap. Here's what your vendor contracts are…

Mar 10 • Rock Lambros

AI Vulnerability Discovery: Mythos Is the Headline. Not the Story.

Mythos gets the press. Open-weights models find the same bugs for 11 cents. Five steps defenders should take this week to close the gap.

Apr 14 • Rock Lambros

Agentic AI Governance: Singapore Built the Skeleton, Not the Immune System

Singapore's agentic AI governance framework is a global first. It also has three critical gaps that create false confidence for CISOs. Here's what to…

Feb 24 • Rock Lambros

AAGATE: Governing the Ungovernable AI Agent

Zero-Trust Service Mesh with Shadow Monitoring and Millisecond Kill Switch for Autonomous Agents

Nov 5, 2025 • Rock Lambros

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts