Hey AI-CSL, The community is closing on June 25. Honestly: work and family need more of me right now. I'm spread too thin, and the community is one of the pieces stepping back, unfortunately. This was never my intention for the community and I ask for your forgiveness and patience through the transition. Before you go, here's what stays and what to do: The Wazuh AI SOC Lab is yours, free, public, on GitHub. Find it at https://github.com/joshbotz/wazuh-ai-soc-lab. It's yours to use, fork, or build on - no login, no paywall. If learning AI + security hands-on is what brought you here, this is the part worth keeping. An AI-agent (Mateo) leads you through the whole thing! Pretty cool stuff. Drop any questions in the community by June 20 and they'll get a real answer. Stay loosely in touch on LinkedIn. https://linkedin.com/in/joshbotz - that's the easiest way to reach me. Thanks for being part of this. If the lab helped you, drop a quick note below - I'd love to read it. Keep building! ~ Josh

Today’s Q & A call has been moved up by one hour to 9 AM MST. This is a great opportunity to ask about labs, show your work and request feedback from the group, and talk about career moves. Looking forward to seeing you there.

Given the wide the adoption of Agentic AI, I have found have that you can adopt those aspects you learn from the Josh's project that you can actually utilize what you learned across all popular cloud providers. I am planing on utilizing something similar, but instead of claude code I am utilizing N8N which is a great alternative that you can apply to something like this. Otherwise, they are both great tools for your purposes in cloud security. I am also using the GCP Cli to integrate with this as well with wazuh, firewalls, virus total api, and self healing for the host machine. I give credit to Josh is community and I think he is an excellent resource to learn on your cyber security journeys you embark on towards cloud security. 🙂 Thank you

Quick PSA for anyone here using GitHub Copilot in Visual Studio: there's a real CVE out as of yesterday and you should go patch. CVE-2026-41109. CVSS 8.8. The short version: an attacker can get Copilot to silently inject code into your editor, with the Accept/Reject prompt suppressed and any policy filters skipped. You don't see the suggestion. It just lands. Microsoft already shipped the patch. Update Visual Studio and the Copilot extension and you're good. If you manage other devs' machines, nudge them too. Now the part that's actually interesting for this group. This is the textbook indirect prompt injection pattern we've been talking about. Untrusted content goes into the model's context. Model emits something downstream. Downstream component (in this case, the editor's auto-apply path) trusts the output and acts on it. What's new is that this one has a CVE number, a CVSS, and a Patch Tuesday entry. So now it's not a research curiosity. It's a thing your AppSec team is on the hook for. A few things worth thinking about beyond just patching: Where else in your stack does model output cross into something that acts? File writes, terminal exec, commit hooks, CI runners, MCP tools. Anywhere model output gets trusted by the next link in the chain is the same bug class waiting to happen. Do you actually have an inventory of the AI dev tools running on your engineers' machines? Not just "Copilot is approved." The extensions, the MCP servers, the local agents, the model endpoints they reach. If you've been doing the labs in the workbench, you've already built the muscle for thinking about this. This CVE is just the same threat model you've been practicing on, with a real product name attached. Patch first, then come back and tell me: where in your environment is model output crossing a trust boundary you haven't drawn yet? Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41109

Welcome to the AI Cloud Security Lab. This community is for cloud security practitioners who want to use AI to work faster, build real infrastructure, and stand out in their careers. Here's exactly what to do: 1️⃣ Go to the Classroom → START HERE Set up Claude Code, configure your AI workspace, and run your first AI-powered security analysis on a live dataset. Takes about 45 minutes. You'll have real findings documented by the end. 2️⃣ Introduce yourself Drop a post in the #👋 General community with this template: 👋 Hey, I'm [Name]. I work as a [role] at a [type of company]. I'm here because I want to [your goal]. One skill I want to build: [specific skill]. 3️⃣ Post your first results in #🚀 Wins After you finish the START HERE course, share what you found. What did Claude Code flag in the CloudVault Financial data? What surprised you? That's it. Don't overthink it. Just start.