Reposted by Anton Chuvakin
"The Big Idea: Security Assurance is NOT Just QA for AI!" security.googlecloudcommunity.com/ciso-blog-77... <- this has the Cliff's notes; full paper if you can handle it: research.google/pubs/securit...
The Big Idea: Security Assurance is NOT Just QA for AI! | Community
Think of quality assurance (QA) for products. Security assurance plays a similar, yet distinct, role for systems and applications and, yes, now also for AI. It's all about building high confidence…
security.googlecloudcommunity.com
November 8, 2025 at 10:19 AM
"The Big Idea: Security Assurance is NOT Just QA for AI!" security.googlecloudcommunity.com/ciso-blog-77... <- this has the Cliff's notes; full paper if you can handle it: research.google/pubs/securit...
"The Big Idea: Security Assurance is NOT Just QA for AI!" security.googlecloudcommunity.com/ciso-blog-77... <- this has the Cliff's notes; full paper if you can handle it: research.google/pubs/securit...
The Big Idea: Security Assurance is NOT Just QA for AI! | Community
Think of quality assurance (QA) for products. Security assurance plays a similar, yet distinct, role for systems and applications and, yes, now also for AI. It's all about building high confidence…
security.googlecloudcommunity.com
November 8, 2025 at 10:19 AM
"The Big Idea: Security Assurance is NOT Just QA for AI!" security.googlecloudcommunity.com/ciso-blog-77... <- this has the Cliff's notes; full paper if you can handle it: research.google/pubs/securit...
"250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC" medium.com/anton-on-sec... (cc @CloudSecPodcast)
250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC
So this may suck, but I am hoping to at least earn some points for honesty here. I wanted to write something pithy and smart once I…
medium.com
November 6, 2025 at 10:19 AM
"250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC" medium.com/anton-on-sec... (cc @CloudSecPodcast)
"How Google Does It: Threat modeling, from basics to AI" cloud.google.com/transform/ho... <- another HGD blog, very fun, and yes, with some details omitted :-)
How Google Does It: Threat modeling, from basics to AI | Google Cloud Blog
Threat modeling plays a critical role at Google in how we detect and respond to threats — and secure our use of the public cloud.
cloud.google.com
November 1, 2025 at 10:19 AM
"How Google Does It: Threat modeling, from basics to AI" cloud.google.com/transform/ho... <- another HGD blog, very fun, and yes, with some details omitted :-)
Reposted by Anton Chuvakin
"Simple to Ask: Is Your #SOC #AI Ready? Not Simple to Answer!" medium.com/anton-on-sec... <- How to tell if your SOC is ready for AI? A simple 5 point framework :-)
Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!
In early 1900s, factory owners bolted the new electric dynamo onto their old, central-shaft-and-pulley systems. They thought they were…
medium.com
October 21, 2025 at 9:19 AM
"Simple to Ask: Is Your #SOC #AI Ready? Not Simple to Answer!" medium.com/anton-on-sec... <- How to tell if your SOC is ready for AI? A simple 5 point framework :-)
Reposted by Anton Chuvakin
"How Google Does It: Building #AI agents for cybersecurity and defense" cloud.google.com/transform/ho... <- another fun blog in our series on how Google does security; this time ... AI AGENTS! Enjoy!
How Google Does It: Building AI agents for cybersecurity and defense | Google Cloud Blog
At Google, we’ve moved from talking about AI agents to actively using them for security. Here are four critical lessons that helped shape our approach.
cloud.google.com
October 24, 2025 at 9:19 AM
"How Google Does It: Building #AI agents for cybersecurity and defense" cloud.google.com/transform/ho... <- another fun blog in our series on how Google does security; this time ... AI AGENTS! Enjoy!
"10+ Tips for Governing #AI Agents" security.googlecloudcommunity.com/community-bl... <- this is a bit dense (so perhaps not fun?) but kinda useful and stems from MANY painful conversations on this topic....
10 Tips for Governing AI Agents | Community
Co-Author: Marina KaganovichThe rapid evolution from generative artificial intelligence, commonly known as genAI, to agentic AI is a stark reminder to organizations to prioritize “going back to…
security.googlecloudcommunity.com
October 30, 2025 at 10:19 AM
"10+ Tips for Governing #AI Agents" security.googlecloudcommunity.com/community-bl... <- this is a bit dense (so perhaps not fun?) but kinda useful and stems from MANY painful conversations on this topic....
"How Google Does It: Building #AI agents for cybersecurity and defense" cloud.google.com/transform/ho... <- another fun blog in our series on how Google does security; this time ... AI AGENTS! Enjoy!
How Google Does It: Building AI agents for cybersecurity and defense | Google Cloud Blog
At Google, we’ve moved from talking about AI agents to actively using them for security. Here are four critical lessons that helped shape our approach.
cloud.google.com
October 24, 2025 at 9:19 AM
"How Google Does It: Building #AI agents for cybersecurity and defense" cloud.google.com/transform/ho... <- another fun blog in our series on how Google does security; this time ... AI AGENTS! Enjoy!
"Simple to Ask: Is Your #SOC #AI Ready? Not Simple to Answer!" medium.com/anton-on-sec... <- How to tell if your SOC is ready for AI? A simple 5 point framework :-)
Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!
In early 1900s, factory owners bolted the new electric dynamo onto their old, central-shaft-and-pulley systems. They thought they were…
medium.com
October 21, 2025 at 9:19 AM
"Simple to Ask: Is Your #SOC #AI Ready? Not Simple to Answer!" medium.com/anton-on-sec... <- How to tell if your SOC is ready for AI? A simple 5 point framework :-)
Reposted by Anton Chuvakin
It's actually really fucked to sell a pet feeder that doesn't even have the schedule stored on the device.
Oh so they nuke Virginia and thousands of animals around the world just starve? That was your plan here?
Oh so they nuke Virginia and thousands of animals around the world just starve? That was your plan here?
October 20, 2025 at 11:09 PM
It's actually really fucked to sell a pet feeder that doesn't even have the schedule stored on the device.
Oh so they nuke Virginia and thousands of animals around the world just starve? That was your plan here?
Oh so they nuke Virginia and thousands of animals around the world just starve? That was your plan here?
Reposted by Anton Chuvakin
"#SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025" medium.com/anton-on-sec... <- kinda what it says in the title; warning: this is a tepid take, NOT a hot take :-)
SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025
It’s not every day you get to reflect on a journey that started as an odd “googley” startup and culminates in a shiny Leaders placement on…
medium.com
October 17, 2025 at 9:19 AM
"#SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025" medium.com/anton-on-sec... <- kinda what it says in the title; warning: this is a tepid take, NOT a hot take :-)
"#SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025" medium.com/anton-on-sec... <- kinda what it says in the title; warning: this is a tepid take, NOT a hot take :-)
SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025
It’s not every day you get to reflect on a journey that started as an odd “googley” startup and culminates in a shiny Leaders placement on…
medium.com
October 17, 2025 at 9:19 AM
"#SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025" medium.com/anton-on-sec... <- kinda what it says in the title; warning: this is a tepid take, NOT a hot take :-)
Reposted by Anton Chuvakin
"#AI Adoption: Learning from the Cloud's Early Days" security.googlecloudcommunity.com/community-bl... <- this is NOT new, but I end up seeing more and more lessons for current AI adoption wave in the previous cloud adoption wave. It definitely rhymes!
AI Adoption: Learning from the Cloud's Early Days | Community
In the early days of cloud computing around the mid-2010s, many organizations began informally experimenting with the cloud. Cloud was new and exciting, cloud was free (at times and in small doses),…
security.googlecloudcommunity.com
October 1, 2025 at 9:19 AM
"#AI Adoption: Learning from the Cloud's Early Days" security.googlecloudcommunity.com/community-bl... <- this is NOT new, but I end up seeing more and more lessons for current AI adoption wave in the previous cloud adoption wave. It definitely rhymes!
"#AI Adoption: Learning from the Cloud's Early Days" security.googlecloudcommunity.com/community-bl... <- this is NOT new, but I end up seeing more and more lessons for current AI adoption wave in the previous cloud adoption wave. It definitely rhymes!
AI Adoption: Learning from the Cloud's Early Days | Community
In the early days of cloud computing around the mid-2010s, many organizations began informally experimenting with the cloud. Cloud was new and exciting, cloud was free (at times and in small doses),…
security.googlecloudcommunity.com
October 1, 2025 at 9:19 AM
"#AI Adoption: Learning from the Cloud's Early Days" security.googlecloudcommunity.com/community-bl... <- this is NOT new, but I end up seeing more and more lessons for current AI adoption wave in the previous cloud adoption wave. It definitely rhymes!
Reposted by Anton Chuvakin
"3 new ways to use #AI as your security sidekick" cloud.google.com/transform/3-... <- this is NOT new, but this use cases do help today even though they are so old (meh ... April 2025); bonus: nothing to buy to do this!
3 new ways to use AI as your security sidekick | Google Cloud Blog
Generative AI is already providing clear and impactful security results. Here’s three decisive examples that organizations can adopt right now.
cloud.google.com
September 24, 2025 at 12:01 PM
"3 new ways to use #AI as your security sidekick" cloud.google.com/transform/3-... <- this is NOT new, but this use cases do help today even though they are so old (meh ... April 2025); bonus: nothing to buy to do this!
"Decoupled SIEM: Where I Think We Are Now?" medium.com/anton-on-sec... <- well, you wanted this, and here is ... NOT this, but more of an incomplete thought / rambling on decoupled #SIEM
Decoupled SIEM: Where I Think We Are Now?
In the world of security operations, there is a growing fascination with the concept of a “decoupled SIEM,” where detection, reporting…
medium.com
September 26, 2025 at 9:19 AM
"Decoupled SIEM: Where I Think We Are Now?" medium.com/anton-on-sec... <- well, you wanted this, and here is ... NOT this, but more of an incomplete thought / rambling on decoupled #SIEM
"3 new ways to use #AI as your security sidekick" cloud.google.com/transform/3-... <- this is NOT new, but this use cases do help today even though they are so old (meh ... April 2025); bonus: nothing to buy to do this!
3 new ways to use AI as your security sidekick | Google Cloud Blog
Generative AI is already providing clear and impactful security results. Here’s three decisive examples that organizations can adopt right now.
cloud.google.com
September 24, 2025 at 12:01 PM
"3 new ways to use #AI as your security sidekick" cloud.google.com/transform/3-... <- this is NOT new, but this use cases do help today even though they are so old (meh ... April 2025); bonus: nothing to buy to do this!
"Anton’s Security Blog Quarterly Q3 2025" medium.com/anton-on-sec... <- my usual semi regular list of my top blogs and podcasts, enjoy!
Anton’s Security Blog Quarterly Q3 2025
Amazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my…
medium.com
September 23, 2025 at 9:19 AM
"Anton’s Security Blog Quarterly Q3 2025" medium.com/anton-on-sec... <- my usual semi regular list of my top blogs and podcasts, enjoy!
"The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It?" medium.com/@anton.chuva... <- long simmering debate on tech changing broken/missing process and #AI role in it...
The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It?
Let’s tackle the age old question: can new technology fix broken or missing processes?
medium.com
September 16, 2025 at 9:19 AM
"The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It?" medium.com/@anton.chuva... <- long simmering debate on tech changing broken/missing process and #AI role in it...
Reposted by Anton Chuvakin
The IT industry has already prepared for thousands of AI-driven job losses and will likely see more, though we could reach a point where AI will be something that everyone in IT will have to become familiar with in one way or another.
AI will consume all of IT by 2030—but not all IT jobs, Gartner says
AI still threatens entry-level IT jobs.
arstechnica.com
September 8, 2025 at 10:03 PM
The IT industry has already prepared for thousands of AI-driven job losses and will likely see more, though we could reach a point where AI will be something that everyone in IT will have to become familiar with in one way or another.
Reposted by Anton Chuvakin
"#SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025" medium.com/anton-on-sec...
August 5, 2025 at 6:43 PM
"#SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025" medium.com/anton-on-sec...
"#SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025" medium.com/anton-on-sec...
August 5, 2025 at 6:43 PM
"#SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025" medium.com/anton-on-sec...
Reposted by Anton Chuvakin
"Google Cloud Security Threat Horizons Report #12 Is Out!" medium.com/@anton.chuva... <- lots of fun cloud intrusions, some old ... some really old :-)
Google Cloud Security Threat Horizons Report #12 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat…
medium.com
July 31, 2025 at 9:19 AM
"Google Cloud Security Threat Horizons Report #12 Is Out!" medium.com/@anton.chuva... <- lots of fun cloud intrusions, some old ... some really old :-)
"Google Cloud Security Threat Horizons Report #12 Is Out!" medium.com/@anton.chuva... <- lots of fun cloud intrusions, some old ... some really old :-)
Google Cloud Security Threat Horizons Report #12 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat…
medium.com
July 31, 2025 at 9:19 AM
"Google Cloud Security Threat Horizons Report #12 Is Out!" medium.com/@anton.chuva... <- lots of fun cloud intrusions, some old ... some really old :-)
Reposted by Anton Chuvakin
"The Modern Security and Governance Stack Isn’t Ready for #AI Agents" securetrajectories.substack.com/p/the-modern... <- a very fun read, a perfect balance of sad and useful :-)
The Modern Security and Governance Stack Isn’t Ready for AI Agents
Agents aren’t users, non-human identities, APIs, or service accounts that our current tooling covers
securetrajectories.substack.com
July 17, 2025 at 9:19 AM
"The Modern Security and Governance Stack Isn’t Ready for #AI Agents" securetrajectories.substack.com/p/the-modern... <- a very fun read, a perfect balance of sad and useful :-)