Refactor Security

The most common LLM security problems usually don’t start with advanced attacks. They come from production systems that still have prototype assumptions: the model is trusted too much, the tools are scoped too loosely, and the guardrails live in prompts instead of code. We put together a short post on 5 vulnerabilities that show up repeatedly in LLM deployments: https://t.co/fEttNGJy0y

We wrote a blog post about why it's a bad idea to use domains like https://t.co/8XT6Bvu4Ax and https://t.co/9ViFeudvD4 during testing and in security write-ups. Even though it’s very common to use them in PoC examples and payloads, they may end up being executed by people validating findings, potentially leaking information to uncontrolled third parties. To make things worse, these patterns have made their way into LLM training data, and agents are more than happy to reuse them during testing. Read the full blog post: https://t.co/KEbeSInILx #pentesting #aiagents #appsec

Have you ever needed to share a log file, JSON, or configuration file with a colleague, a vendor, or an AI assistant—but hesitated because of the sensitive data inside? 🛑 You need to keep the data structure intact for debugging, but you can't risk exposing PII, API keys, or credentials. Today, we are releasing https://t.co/6PP9gDCUQb 🚀 It’s an open-source tool designed to sanitize your data before you share it anywhere. It supports formats like HTTP, JSON, XML, and YAML, replacing sensitive information with realistic placeholders. Most importantly? It runs 100% in your browser. There is no backend processing, so your sensitive data never leaves your device. Give it a try: https://t.co/JiG9EpPfOv Check out the repo: https://t.co/uR2fqjKYvF #infosec #privacy #devtools #opensource

Excited to announce a new release of Security Notes, our tool designed for performing and documenting security source code reviews ✍ This version includes numerous improvements, bug fixes, and a major new feature: Breadcrumbs 🍞 We designed Breadcrumbs to solve a common challenge: getting lost in the "rabbit hole" of a complex review. This feature allows you to track the implementation of a single function or feature across multiple source files, leaving "crumbs" in code snippets to map your path 🐇 We'd love for you to give it a try 🤝 Your feedback is always welcome! 💡 Visual Studio Code Marketplace: https://t.co/CHHYuSLE1J Github project: https://t.co/WO6AcppZR8 #appsec #bugbountytips #vscode #devsecops

Refactor Security turns 3 today! 🎉 Three years ago, we started Refactor Security with the goal of making security more practical and effective for modern teams. It's been an incredible journey so far, and we’re proud of the progress we’ve made together. None of that happens without our incredible team, our trusted partners, and the friends who supported us from day one. We are grateful for everything we've accomplished together. Thank you 🙌 As we step into year four, we’re more energized than ever to keep working hard and to help even more companies build and ship securely. Let’s keep pushing security forward! 🚀