Jerrad Dahlager
@nineliveszerotrust.com
Cloud Security Architect | Adjunct Instructor | Writing about cloud security for the curious 🐱 | CISSP | CCSP | MN Sports ⚾ | nineliveszerotrust.com
Service principals can't activate PIM roles. AI agents and CI/CD pipelines get standing privilege 24/7 for tasks that take minutes.
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
January 30, 2026 at 2:36 PM
Service principals can't activate PIM roles. AI agents and CI/CD pipelines get standing privilege 24/7 for tasks that take minutes.
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.
nineliveszerotrust.com/blog/zero-st...
#ZeroTrust #Azure #AgenticAI
New post: Building a serverless edge prompt filter for LLM security
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
January 13, 2026 at 4:27 PM
New post: Building a serverless edge prompt filter for LLM security
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.
Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/
#AISecurity #AWS
A common Terraform misconception: sensitive redacts output, not state.
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps
December 27, 2025 at 2:22 AM
A common Terraform misconception: sensitive redacts output, not state.
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps
sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.
Hands-on guide with AWS + Azure examples
nineliveszerotrust.com/blog/terrafo...
#CloudSecurity #DevSecOps