Olivia
Online
Sergio Garcia
@MrCloudSec
Security Researcher @BeyondTrust
Former Founding Engineer @ProwlerCloud
Follow for AI & Cloud Security Research
In the clouds
Joined June 2022
82 Following
60 Followers
35 Posts
AI agents are becoming operational coworkers inside the enterprise, but many organizations are deploying them faster than they can govern them.
Our latest research explores security risks tied to Copilot Studio and agentic AI workflows.
https://t.co/bpXGaE4Iiv
#AISecurity
Part two of @MrCloudSec's comprehensive AWS Bedrock API key security guide is live, and this is where it gets actionable.
Building on the risks we outlined in part one, this installment dives into exactly how security teams can fight back.
Check it out:https://t.co/LibcZb7TAA
New research! Security Researcher, Sergio Garcia (@MrCloudSec) uncovers a major risk in AWS Bedrock API keys: the “phantom user” problem.
Check it out: https://t.co/GXO5B8YlyE
#AWSBedrock
My new toxic trait is using this Slack emoji when people send me lazy AI slop
Who to follow
CloudSecurityPodcast
@CloudSecPodcast
Cloud Security Podcast by Google hosted by @anton_chuvakin and @_TimPeacock - see more at https://t.co/xYsgwSz1ff
Darwin
@Darwnsm
👷🏽♂️ Product Builder @Monad_Inc
🎬 Host @SecurityWeekly
🧙🏽 Creator @ The Cybersecurity Pulse
🐺 Fmr. Detection Engineer + Azure Security Consultant
Pepe
@jfagoagas
Principal and Founder Engineer @prowlercloud
Full write-up on LinkedIn: https://t.co/x7OpG0sC7L
You patched the prompt injection in your AWS Bedrock Agent.
Except you didn't.
Old versions stay stored, waiting. Any alias still pointing to v1 invokes v1's prompt, tools, and bugs.
Every alias is its own attack surface.
𝗜 𝗯𝘂𝗶𝗹𝘁 𝗮𝗻 𝗔𝗜 𝘄𝗼𝗿𝗺 𝘁𝗵𝗮𝘁'𝘀 𝘁𝗼𝗼 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀 𝘁𝗼 𝗿𝗲𝗹𝗲𝗮𝘀𝗲 𝘁𝗼 𝘁𝗵𝗲 𝗽𝘂𝗯𝗹𝗶𝗰. 😈😅
When @AnthropicAI announced that their Mythos model was too dangerous to release, the industry was shocked.
𝗜 𝘄𝗮𝘀𝗻'𝘁.
Because I already knew it was possible to misuse these models as self-propagating cyber weapons. I know - 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝗜 𝗯𝘂𝗶𝗹𝘁 𝗼𝗻𝗲.
It's like 𝘨𝘢𝘪𝘯-𝘰𝘧-𝘧𝘶𝘯𝘤𝘵𝘪𝘰𝘯 𝘳𝘦𝘴𝘦���𝘳𝘤𝘩 in virology, where scientists engineer dangerous pathogens in controlled environments - so we can defend against them 𝘣𝘦𝘧𝘰𝘳𝘦 𝘯𝘢𝘵𝘶𝘳𝘦 𝘥𝘰𝘦𝘴 𝘪𝘵 𝘧𝘰𝘳 𝘶𝘴.
I took the same approach with AI. And what I found keeps me up at night.
𝗪𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝘀 𝘄𝗵𝗲𝗻 𝘁𝗵𝗲 𝗔𝗜 𝗯𝗿𝗲𝗮𝗸𝘀 𝗳𝗿𝗲𝗲?
𝗔𝗻𝗱 𝘄𝗵𝗮𝘁 𝗰𝗮𝗻 𝘄𝗲 𝗱𝗼 - 𝗿𝗶𝗴𝗵𝘁 𝗻𝗼𝘄 - 𝘁𝗼 𝘀𝘁𝗼𝗽 𝗶𝘁?
That's what I'll be unpacking at @fwdcloudsec in my talk: 𝘞𝘩𝘢𝘵 𝘉𝘶𝘪𝘭𝘥𝘪𝘯𝘨 𝘢𝘯 𝘈𝘐 𝘞𝘰𝘳𝘮 𝘛𝘢𝘶𝘨𝘩𝘵 𝘔𝘦 𝘈𝘣𝘰𝘶𝘵 𝘚𝘵𝘰𝘱𝘱𝘪𝘯𝘨 𝘖𝘯𝘦.
If you're working in security, AI, or just care about what's coming - this one's for you.
And if you want more research like this - follow @btphantomlabs. We're publishing the cutting-edge AI security research you need to know about before everyone else does. 🔬
New research from Ryan Hausknecht shows how that power can quietly become command & control; blending into normal behavior while automating endpoint access.
We break down architecture, abuse paths, and even detection angles.
➡️ https://t.co/Tf2YpbxsXS
#AISecurity #AIAgents
I found a critical vulnerability in ChatGPT Codex!!! 😄 You can check out the full blog here:
https://t.co/9TRanSd7jk
Super excited to finally have the blog released!!
I'm looking for a senior/staff level researcher to join my team @btphantomlabs. I'm looking for someone who:
- Has research experience in the Cloud, identity, and/or AI space
- Understands attack path management + graph theory
- Active directory knowledge is a plus
- History of making blog posts/webinars/conference talks/etc. is also a huge plus
This is a full time research role on a dedicated research team. Fully remote, competitive salary.
Apply here:
https://t.co/cn1FQA9mUQ
After doing just cloud stuff for so long, I figured I should hop on the AI train, so this is my first dive into AI security research https://t.co/NmgFrwo6aj
We found a critical vulnerability in @OpenAI Codex affecting all Codex users, allowing exfil of a victim’s GitHub tokens to our C2 server. This granted lateral movement and R/W access to a victim’s entire code base 😈
This was a crazy one by @crew7sec at @btphantomlabs
Breaking: Newly uncovered OpenAI Codex vuln enables command injection via GitHub branch names in task creation requests.
Attackers could steal GitHub user access tokens & sensitive data.
Full breakdown by Tyler Jespersen: https://t.co/7Q3TXVZSd1
#OpenAI #BTPhantomLabs
@btphantomlabs Found some serious blind spots in the Bedrock identity model that I can't wait to share. See you there!
AI agents are the next big attack surface 🤖
Watch Phantom Labs break down how enterprise agents get hijacked to leak secrets and access cloud infrastructure, even with controls in place.
Free, on-demand webinar. https://t.co/eruA4NSo3W
#AI #AgenticAI
Thanks so much for the mention folks! Really appreciated and very proud. A truly outstanding team delivering an amazing product
https://t.co/PUMAfGpjq9
@prowlercloud @ToniBlyx @jfagoagas @MrCloudSec
We’re excited to feature a must-attend talk at Seasides Conference:
Open Source Multi-Cloud Security with Prowler by @ToniBlyx & @MrCloudSec
Info:
https://t.co/Win406b83X
As #GenAI transforms industries, securing AI environments is more crucial than ever. Learn best practices for #AmazonBedrock encryption, access control, and monitoring from the latest blog from @MrCloudSec https://t.co/gDVJEyA2Wu
Last Seen Users on Sotwe
Manta
Seen from Indonesia
BARBEN KİZ🍺
Seen from Turkey
whoami
Seen from Indonesia
Joe King
Seen from France
🎀 Thai Ladyboy 8.7K 🎀
Seen from Turkey
Türk Güvenilir Sahibeler
Seen from Turkey
★자연산 미친장어★
Seen from Korea
Om bima ganteng
Seen from Indonesia
Shirley Thomopoulos Paparody
Seen from Greece
Baby Face(Tek Erkek İzmit)
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers