AI is transforming Security

AI is transforming Security

Supply chain attacks, AWS CodeArtifact, agentic workflows, auto mode sandboxing, and local memory systems with Hermes agent.

Claude Dynamic Workflows 🤑

Otw to AI Native devcon, you can view the videos @tessl-ai

BAU is fun with AI

Chapters 00:00 Coffee and Casual Conversations 02:53 Automation in Cloud Infrastructure 06:07 Navigating Complex Repositories 08:58 The Role of Jira in Development 11:58 Ad Hoc Workflows and Planning 15:01 Using Work Trees for Parallel Development 17:55 Attribution and AI in Development 21:02 Managing PRs and Workflows 24:06 Productivity with Cloud Code and AWS Vault 27:17 Exploring AWS CLI and Vault Integration 30:51 AI in Workflow Automation 32:49 The Cost of AI and Token Management 36:01 Enhancements in Cloud Tools and Features 39:48 Spec-Driven Development and Code Review Dynamics 51:25 Reflections on Spec-Driven Development Challenges

Where does Spec Driven Development fit?

My first spec kit (SDD) project: https://github.com/kaihendry/ai-check-guardrails https://github.com/github/spec-kit 0:00 - Introduction to Certification Challenges 0:20 - Experience with Microsoft SQL Server Certification 0:46 - Discussion on Corporate Certification Requirements 1:06 - Trust Issues with Certifications 1:35 - Learning from Exam Questions 1:59 - Security Events Data Management 2:26 - Setting Up Kinesis Stream Endpoints 2:51 - Slack Notification for Unusual Activity 3:14 - Security Tooling and AWS Organizations 3:44 - Shared Services Account and Control Tower 4:45 - Root Account Access and Security 5:44 - New Role in Security Administration 6:08 - Spec Driven Development Concerns 6:40 - Changes in SpecKit and Skills 7:24 - Commands and Skills in Anthropic 8:11 - Handoffs in Cloud Code 9:04 - Onboarding Flow in SpecLedger 10:06 - Spec Driven Development Workflow 11:09 - Bug Fixing and Workflow Efficiency 12:20 - Impact Assessment and Planning 13:29 - Feature Branch Management 14:35 - AI Agents and Process Flexibility 15:51 - Expertise and Process Adaptation 16:43 - Git Commit Hooks and History 17:26 - SpecKit Documentation and Maintenance 18:14 - Spec Drift and Project Principles 19:25 - Documentation and End-to-End Tests 20:44 - Quick Start and CLI Testing 21:15 - Constitution and Process in SpecLedger 22:21 - Monorepos and Hexagonal Architecture 23:13 - Alignment Driven Development 24:22 - Workspaces and Debugging in VS Code 25:43 - SpecKit Archive Command 26:24 - Task Management in SpecLedger 27:32 - GitHub App and Task Visualization 28:21 - Beats and Task List Management 29:52 - Multiplayer Development Vision 30:34 - Shared Group Chat and User Stories 31:47 - Clarify Command in SpecLedger 32:15 - Metadata and Comments in SpecLedger 33:05 - Visualization of Development Phases 34:10 - Mockup UI and Design in SpecLedger 35:17 - UI Changes and Future Plans 36:27 - Comments and Collaboration in SpecLedger 37:04 - Open Source and SuperBase Architecture 38:08 - SQLite and Database Management 39:25 - Distributed SQL Database at the Edge 40:44 - Security and Package Management 41:29 - Local Privilege Escalation and Patching 42:30 - Zero Day Exploits and Remediation 43:37 - Defense in Depth and Security Tools 44:41 - AWS Inspector and Wiz.io 45:42 - Public IPs and Security Risks 46:27 - Nginx and Web Server Security 47:13 - Security Chat Groups and Risk Assessment 48:05 - 10stack Hack and Package Verification 49:12 - OIDC and Security Posture 50:11 - Caching Techniques and Security Risks 51:31 - Poisoned Package and Cache Exploits 52:07 - AI and Repository Misconfigurations 53:22 - Dependency Management and Security Scans 54:18 - Dependabot and Security Vulnerabilities https://dabase.com/podcast/

Checking for AI guard rails

https://dabase.com/podcast/ https://link.excalidraw.com/l/cQESkNUilU/9R9YETcpHcG