Air Canada's chatbot invented a bereavement refund policy. A tribunal made them honor it. A Chevy dealer's bot got prompt-injected into appearing to agree to sell a Tahoe for $1, and the screenshots were on every tech feed by dinner. Those were the public ones. The customer-facing ones. The ones we laughed at. The agents getting wired into your cloud right now have a much bigger blast radius: – A Slack bot with read access to S3 that summarizes "any file a teammate drops in #ops" – A Jira agent with an IAM role that can spin up infra to "help triage tickets" – A Copilot-style assistant with Graph API scopes across SharePoint, Outlook, and Teams – An IR copilot reading raw CloudTrail and GuardDuty findings into its context window Every one of those is a prompt-injection sink. And the version that bites cloud teams isn't the direct kind — it's indirect injection: the attacker never talks to your agent. They leave a string somewhere your agent will read. A malicious filename in a bucket. A poisoned Jira description. A calendar invite with hidden instructions. A log line crafted to look like a system prompt. Microsoft already shipped a CVE this year for exactly this — EchoLeak / CVE-2025-32711, zero-click data exfil out of Microsoft 365 Copilot. That's the category, not an outlier. The control surface most people skip: the agent's IAM role and OAuth scopes are the actual blast radius — the prompt layer is just where the attacker pulls the trigger. If you're a Terraform shop, that means scoped roles, tight trust policies (ExternalId, condition keys, session tags), no * on the resource side, and tool allowlists that are deny-by-default with an audit log on every call. The prompt-side filters are a backstop, not the perimeter. This is what "we'll figure out AI security later" actually costs in a cloud shop: – An agent with an over-scoped IAM role does something that lights up a SOC 2 CC6.1 finding – Customer data leaves through a model context window instead of an S3 bucket policy – Your detection stack never fires because the "attack" is just text.

Your CFO pastes a forecast into ChatGPT. Your PM runs customer tickets through Claude. Your engineer drops code into a coding assistant with an API key still in the config. None of it is malicious. All of it is happening. What we want to know from you: – Are you trying to detect it, block it, or govern it? – What's actually working? – What question keeps coming back that nobody has answered well? Drop it here and I'll bring the sharpest ones into the next session: https://pillar-security.notion.site/39b698e30aae46419df70838da036cd9?pvs=105

If you’re feeling overwhelmed choosing a path… this will help. You don’t need to decide everything yet. 👉 You just need to narrow it down. 🔹 The 3 Core Categories 🛠️ Builders For people who like: - Coding - Automation - Building systems Example roles: - Cloud Security Engineer - Security Automation Engineer - AppSec Engineer 🚨 Defenders For people who like: - Investigating incidents - Threat hunting - Fast-paced environments Example roles: - Detection Engineer - Incident Response - Threat Intelligence - Cloud Pen Tester 🧭 Strategists / Frontier For people who like: - Big picture thinking - Risk & compliance - Designing systems Example roles: - GRC Analyst - Cloud Security Architect - AI Security Specialist 🔎 How to Use This Don’t treat this like a final decision. Use it as a filter: ✔ Pick 2–3 paths ✔ Explore those deeper ✔ Ignore everything else (for now) ⚡ Clarity comes from focusing — not from trying to learn everything.

One of the most common questions we get in this community is: "Where do I actually fit in cloud security?" That question now has a real answer. The Cloud Security Career Roadmap course is officially live in the Classroom. 🎉 It covers 10 of the most in-demand cloud security specializations — from Cloud Security Engineers and DevSecOps pros to Threat Intelligence Analysts and Cloud Penetration Testers. Each path gets its own deep-dive page covering: → What you actually do day-to-day → Where AI is changing the role (and what it can't replace) → The skills, tools, and certs that move the needle → Realistic salary ranges for 2026 → A 30-day action plan to get started This isn't a "pick a certification and grind" guide. It's built for people who want to make a deliberate, informed decision about where to focus their energy — and then go build real things. Head to the Classroom tab and check out the Cloud Security Career Roadmap. Start with "Find Your Path" if you're not sure where to begin. Drop a comment below — which role are you exploring? 👇

I’m building out the next hands-on lab for Cloud Security Lab, and I’d love your input. The goal is to keep building labs that give you real experience, not just more theory. Vote for the one you’d most want next: 1. Launch Wazuh in AWS Set up a real security monitoring lab in AWS and start learning logging, detection, and visibility. 2. Launch Your Cloud Test Range Build a safe cloud environment you can use for testing, experimenting, and future labs. 3. Detect & Investigate in Your Test Range Use your tools and environment to explore detections, logs, and investigation workflows. 4. Build a GRC Lab with Eramba Explore risk registers, controls, policies, and security program documentation in a hands-on lab. If you want, comment too and tell me why you picked it or what you’d want to get out of that lab. Your feedback will help shape what gets built next. 🚀