I was reminded of something recently that I have been aware of for a long time. The first time it was explained clearly to me was many years ago during a presentation on profit strategies for video game arcades. The core idea is simple. People behave differently when they feel like they are spending money.… Read More »
I see a growing amount of chatter about “securing AI,” but that phrase is so broad that it almost loses meaning. Securing what exactly? Most of these conversations are really about large language models (LLMs). And even then, the security discussion is very different depending on whether you are talking about public LLMs, enterprise LLMs,… Read More »
I recently worked with a customer who had done the right thing from a security perspective. They followed the best practice of separating standard user accounts from privileged admin accounts. Day-to-day work was done with a normal account, and elevated tasks required a separate admin identity. What they chose not to do was record the… Read More »
I recently built an Azure Monitor workbook to help customers who are struggling to verify that all Azure virtual machines are fully onboarded to Microsoft Defender for Endpoint (MDE). Repo: AndrewBlumhardt/workbooks In theory, this should be straightforward. When Defender for Servers is enabled as part of Microsoft Defender for Cloud, Azure VMs are automatically onboarded… Read More »
Vibe coding is an informal term used to describe a style of development where a large language model writes most of the code interactively. Instead of starting with detailed designs or carefully planned implementations, you describe intent. You explain what you want to build, how it should behave, or what needs to change, and the… Read More »
I recently ran into confusion around Azure Logic Apps that came from viewing them through a Power Automate lens. On the surface the two platforms look nearly identical. They share connectors, workflows, and even the same HTTP action. But applying Power Automate’s security assumptions to Logic Apps leads to incorrect conclusions about risk, governance, and… Read More »
I recently responded to a customer who had questions about device compliance policies and how they interact with Conditional Access. While researching my response, I was reminded how often Microsoft Intune is overlooked as a security solution, even though it now sits at the center of Microsoft’s cloud security and zero trust strategy. That disconnect… Read More »
I had a bit of downtime this week and decided to do some light vibe coding around an idea I have been curious about for a while: using Azure Maps as a way to visualize high-level security intelligence. Most threat intelligence lives in tables, reports, and long write-ups. That format works well for analysts, but… Read More »
AI agents are often marketed as the natural evolution of large language models. The implication is that agents are smarter, more capable, and more useful than a standard chat interface. In reality, many so-called agents fail to add meaningful value and instead introduce friction, duplication, and confusion. To understand why this keeps happening, it helps… Read More »
As we enter the winter months and holiday season, when many of us will struggle to maintain or lose weight due to colder weather, a natural inclination to hibernate, and all those tempting holiday meals, I wanted to share my weight loss journey. This is not my typical post on AI, security, or career, but… Read More »
I have been making my way through a lot of long book series over the last few years, and once you fall into the right one, the books disappear faster than you expect. Joe Ledger is the one I am deep into right now, and that reminded me how many great multi-book runs I have… Read More »
Over the past several months I have written several articles about AI as part of my own learning journey. Each time I dig deeper, I find new ways to explain how these systems work in a way that makes sense to people who are curious but not technical. This article continues that effort by covering… Read More »
Artificial intelligence is often said to be grown, not built. The phrase, often attributed to thinkers in AI safety circles, captures the idea that modern AI systems are not engineered like traditional software. They are cultivated through data and experience, shaped by feedback, and refined through countless iterations until patterns begin to emerge. AI did… Read More »
If someone walked you through what they did to “create an AI,” you might be surprised, or even a little disappointed, by how simple it actually was to bring it to life. AI coding often sounds far more mysterious than it really is. When people hear “AI development,” they tend to imagine complex systems being… Read More »
Traditional SIEMs follow a predictable model: collect logs from many sources, ingest them into a central store, normalize them into a readable schema, index them, and then use queries, dashboards, and alerts to investigate and respond. This design exists because data is scattered, inconsistent, and hard to retrieve. Centralization solves those problems but introduces challenges… Read More »
During a recent Security Copilot demo, a customer asked an excellent question: “Can these agents run PowerShell?” The short answer is not directly. Security Copilot does not execute arbitrary PowerShell commands like a runbook or automation platform would. However, it appears technically feasible to accomplish similar outcomes by triggering automation through existing Microsoft services. It… Read More »
KQL is easy to learn, efficient, readable, and perfect for daily hunting and incident response. It powers queries across Microsoft Sentinel, Azure Monitor Logs, and the Advanced Hunting experience in Microsoft XDR. Every time you open the Logs blade or run a query in the portal, you are using KQL to explore the Analytics Tier.… Read More »
What It Really Looks Like to Study Artificial Intelligence Online A decade ago, most universities treated artificial intelligence as a single elective buried deep inside computer science. It was the kind of class you took after surviving data structures, algorithms, and a heavy dose of calculus. That began to change in 2018, when Carnegie Mellon… Read More »
Another Unforgettable Black Hat & DEF CON Week I landed in Las Vegas and checked into Circus Circus, a no-frills spot but close enough to DEF CON to make the walk easy. It felt like the right basecamp for a packed week. My 4th hacker summer camp! Tuesday was about arrivals, badges, and parties. I… Read More »
With so many Large Language Models (LLMs or GPTs) available today, how do you know which one to use? The truth is, there isn’t a single “best” model. Instead, the right choice depends on your specific needs and the tools you have at hand. General-Purpose LLMs Text-based LLMs like ChatGPT, Gemini, and Microsoft Copilot are… Read More »