Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Detection, endpoint isolation, and ticketing with one AI prompt

Most current demonstrations of AI in security operations are lackluster. You ask a chat interface a question, get a summary, and maybe a suggested next step. The operator still does all the work, at human speed. Meanwhile, adversaries are already deploying AI offensively against their targets. AI in SecOps must ultimately be an operator. Otherwise, the gap between adversary and defender will become too wide to bridge. LimaCharlie Co-founder, Christopher Luft, demonstrates a simple way to get started.

Agentic AI Security: Tune Detections with Threat Intel

Most AI detection engineering puts a human in the loop at every step. David Burkett envisions an efficient and effective pipeline architecture that does not. David is a security researcher at Corelight Labs and a longtime LimaCharlie community member. He appeared on a recent episode of Defender Fridays to walk through his vision of a fully agentic detection engineering pipeline. His system uses LimaCharlie as its operational backbone.

The AI attack surface with Katherine McNamara

Join us for this week's Defender Fridays as Katherine McNamara, Cybersecurity Technical Solutions Architect at Cisco, breaks down the expanding attack surface of AI and ML systems and what organizations need to do to secure them before it's too late. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Detection Engineering with LimaCharlie and Claude Code

Detection engineering is fundamentally a translation problem: rules need to be converted between formats, IOCs need to be converted into detection logic, and noisy alerts need to be converted into precise suppressions. That translation work is what consumes analyst time, and it's what Claude Code handles well.

How multi-agent systems work in LimaCharlie

This video walks through how single agents and multi-agent systems are built and run inside the LimaCharlie platform. Agents in LimaCharlie are defined declaratively. Each agent specifies the model it runs, its instructions, the tools it can access, what events trigger it, and the guardrails it operates under. This approach makes agents version controllable, reviewable, and portable across tenants.

Are we blindly giving AI access to everything?

Users are connecting AI tools without understanding the security implications. In this week's Intel Chat, Chris Luft and Matt Bromiley discuss a security breach at Vercel that originated from a compromised third-party AI tool used by one of its employees. The attacker gained control of the employee's Google Workspace account, which provided access to Vercel's internal environment.

AI SecOps Worskhop Series: Detection Engineering with LimaCharlie and Claude Code

This hands-on workshop is designed for security professionals interested in learning how to integrate advanced AI capabilities into their detection and response workflows. Attendees will receive practical, step-by-step instruction on leveraging the power of Claude Code, a sophisticated AI agent, to significantly enhance security operations within the LimaCharlie platform for detection engineering use cases.

Crypto theft, Vercel breach, Mastodon attack, North Korean IT in US & cyber negotiator guilty [316]

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.

Agentic SecOps: Build a security AI agent that automatically investigates detections

A credential access event fired. An AI agent investigated it, correlated it against running processes, assessed the risk, and closed the ticket. No analyst touched it. The entire loop ran in minutes. This is what security operations look like when AI can actually operate in the environment rather than advise from outside it. Security operations have always required a special kind of person.