Hey friend,

I wanted to write in January but could not find the time, so here we are in February. I hope you are doing well and keeping up with everything happening in AI security. 😎

On my side, it has been a hectic month!

Since the beginning of this AI era in November 2022, I felt that something was changing. Around me, I saw a lot of skepticism. I still do. But to me, this was something different. It was a new way to think, build, and operate.

I have always had a deep desire to make an impact in this world, to build things that serve a greater purpose. It may sound ambitious, but this comes from deep inside me. Until now, I found that path through tech and hacking, working in intelligence and helping organizations around the world.

With AI, I can move faster and orchestrate my workflow as if I had a full team behind me. I can prototype and test ideas at a speed that was not possible before. But more than speed, it changes scale. One person can now design systems, automate workflows, and create tools that previously required a small company.

For a builder and a hacker, this is the dream.

Yes, skepticism is still there. Skepticism keeps people cautious. But denial keeps them irrelevant. The challenge now is not whether AI works or not. It is how you use the technology.

Today, everyone can build tools, but not everyone understands how to design a real AI system, how to secure it, and what kind of work is truly possible with it. I do not see AI as a threat. I have seen it as an opportunity from the beginning, and if you follow me, I am sure you see it too.

I want to bring the missing security pieces into the AI ecosystem. That is what I am obsessed with.

I want to push limits, break ceilings, and remove boundaries. And I want to bring with me the people who support my work. Through open tools, shared research, standards, and training, my goal is simple: if I grow, you grow with me.

Some of you have been following me for a long time, and I truly appreciate it. This journey is not easy. It has never been easy. But I keep pushing.

In this newsletter, I will share the latest projects I have been building and the kind of opportunity we have in cybersecurity. 

Thomas

🤓 Blackhat Asia/USA and Sydney training

BlackHat Asia is right around the corner, and I am also organizing a public session on June 11 to 13 in Sydney.

No alternative text description for this image

👨‍💻 Coding Agents. The Insider Threat You Installed Yourself

I wrote a blog post where I explain that most people are using coding agents without any visibility or security controls. I ended up building a tool that gives you full visibility into your sessions.

Have a read: https://blog.securitybreak.io/coding-agents-the-insider-threat-you-installed-yourself-35644a1d5409?sk=cfa768d0125e1e7e971bebdbadd2615a

🤖 The Internet of AI Agents

In mid January, I wrote a blog post explaining my vision for the future of the internet. Interestingly, the week after, OpenClaw had its breakthrough and the vision I described suddenly became much more realistic.

One of the missing pieces was a simple protocol that would allow agents to exchange and cooperate with each other. It turned out to be simpler than I initially thought.

👉 https://x.com/fr0gger_/article/2015288641854279904

🦞 MoltThreats the First Threat Intel Feed for AI Agents

After everyone started talking about OpenClaw, I wanted to understand what it really was. I was actually more impressed by the MoltBook concept, a Reddit like platform for agents. That is when I started thinking about potential security applications.

There is a lot to cover on this topic, so I recommend you read the link below to understand it better. Pay attention. I believe there are multiple opportunities here.

🛡️ SHIELD.md: A Security Standard for OpenClaw and AI Agents

After the mess around OpenClaw, I wanted to introduce a security standard, so I created SHIELD.md. It is a file that defines security guidelines for your AI agent.

This is a simple proposal that is already useful in practice. There are some limitations that I plan to address in v1, but have a look to understand the concept. It works well with MoltThreats.

I am working to improve the next iteration of MoltThreats and SHIELD so stay tuned. 

✨ Nova-Proximity: MCP and SKILL scanner

I have also updated my MCP scanner to include skills. You can now scan any skills or MCP servers against threats.

https://github.com/Nova-Hunting/nova-proximity 

❤️ Shoutout to the community members who contributed and extended the ecosystem:

That is it. I hope you enjoyed this edition. There is a lot to unpack.

Feel free to reply to this email if you find something interesting or if you want to share feedback.

Until then, see you in the next one.✌️ 

Subscribe View in browser