Blog
Cloud security lessons, Zero Trust insights, and the occasional cat joke.
Detecting OAuth Redirect Abuse with Microsoft Sentinel and Entra ID
On March 2, 2026, Microsoft published an advisory on OAuth redirection abuse enabling phishing and malware delivery. Microsoft described phishing-led campaigns where attackers register OAuth apps with attacker-controlled redirect URIs, then send β¦
The February 2026 Microsoft Sentinel Drop: UEBA Essentials, Copilot Connector, and 9 New GA Connectors
February 2026 brought one of the more substantial Sentinel drops in recent memory. UEBA Essentials hit v3.0.6 with a refined workbook and more than 30 hunting queries (including multi-cloud detections shipped in earlier releases), the M365 Copilot β¦
March 2026 Entra ID Changes: Passkey Auto-Enablement and Conditional Access Enforcement
Microsoft is shipping two Entra ID changes in March 2026 that will change how your users authenticate. Neither change requires administrator action to take effect, and that is precisely the risk. If you do not act before the deadlines, Microsoft β¦
Just-In-Time Access for AI Agents: Building a ZSP Gateway in Azure
AI coding assistants need Contributor access to deploy infrastructure. Backup automation needs Key Vault secrets at 2 AM. Security scanners need Reader access on a schedule. The easy answer is standing permissions-give each service principal what it β¦
Building an LLM Prompt Injection Firewall with AWS Lambda
AWS continues to enhance its generative AI security capabilities, with improved prompt attack filtering now available in Amazon Bedrock Guardrails. Despite these advances, a significant gap remains: organizations are deploying LLM capabilities faster β¦
Sentinel MCP Server: Securing Your SOC's New AI Attack Surface
In September 2025, Microsoft announced the Sentinel MCP Server, a Model Context Protocol implementation that lets MCP-compatible AI assistants query your Sentinel data using natural language. Microsoft highlights GitHub Copilot, Copilot Studio, and β¦
Secure Your Container Supply Chain: SBOM, Signing & Attestation with GitHub Actions
Over the last couple of weeks, Iβve been diving deep into container supply chain security. Between high-profile incidents like SolarWinds, Log4Shell, and the xz Utils backdoor, itβs clear that securing the build pipeline is just as critical as β¦
Terraform 1.11's Game-Changer: Keep Secrets Out of State for Good
If youβve worked with Terraform and secrets, youβve probably wondered: βWait, is my password actually in that state file?β The answer has historically been: yes. The sensitive = true flag does a great job hiding values from CLI output, but the state β¦
Securing the Agentic Workforce: Microsoft's Zero Trust for AI Agents
The enterprise is entering uncharted territory. AI agents, autonomous systems that can browse the web, execute code, access databases, and interact with third-party services, are no longer experimental. Theyβre being deployed at scale. And theyβre β¦
Welcome to Nine Lives, Zero Trust
If youβve found your way here, welcome. Pull up a chair. Let me explain what this is all about. Why βNine Livesβ? The old saying goes that cats have nine lives. They fall off things, get into trouble, and somehow always land on their feet. Cloud β¦