Episode #311

This week on Absolute AppSec’s 311th episode, Seth (@sethlaw) and Ken (@cktricky) are on their own to take a deeper look into the security industry’s profound transformation fueled by the development of more sophisticated AI tooling. A primary theme is the dramatic surge in development velocity, with some organizations seeing pull request volumes increase by over 800% as developers allow AI agents to operate nearly hands-off. This shift is redefining the role of Application Security practitioners, moving experts from manual tasks like manipulating Burp Suite requests to a validation-centric role where they spot-check complex findings generated by AI in minutes. To find this episode, head over to https://www.youtube.com/@AbsoluteAppSec/streams, or find us wherever you get your podcasts.

Seth feels a mix of both optimism and pessimism when it comes to this new reality: any organization that doesn’t adapt to AI tooling within six months risk losing their competitive edge. A major technical focus of this episode was a realistic understanding of AI “skills”—markdown files containing instructions that empower AI coding assistants to perform specific tasks. More truthfully, these skills are directions that guide an agent’s remediation or analysis process. The hosts highlight the launch of the Tessl Spec Registry, a specialized package manager designed to govern the behavior of AI coding agents by providing them with version-accurate context. Founded by former Snyk CEO Guy Podjarny, they aim to solve problems in vibe coding, where agents hallucinate APIs or use outdated patterns by treating agent instructions as managed software dependencies.

This shift toward third-party skills introduces significant supply chain concerns. Seth and Ken discuss recent research by Paul McCarty regarding a massive malware campaign targeting the OpenClaw ecosystem through its third-party marketplace, ClawHub. These malicious skills masquerade as legitimate tools, such as cryptocurrency trading bots, but actually deliver information-stealing malware like Atomic Stealer to macOS and Windows systems. These attacks often require no technical exploits, relying solely on social engineering and a lack of security reviews in the skill publication process to exfiltrate API keys, SSH credentials, and crypto wallets.

As AI agents gain access to private data and the ability to execute actions, the hosts argue that the triad of Confidentiality, Integrity, and Availability has never been more relevant or more threatened. Agents themselves are vulnerable by design due to their access to sensitive resources and unpredictable reasoning. Ken emphasizes that AI agents have a “reasoning drift” that is a major concern, leading to a new requirement for test-driven development as a critical safety guardrail to ensure agents do not take dangerous shortcuts. Seth concludes that threat modeling must now account for these non-deterministic agents, which may behave in ways humans cannot fully predict.

We’re looking at a brutally cold weekend, but our merch store has got you covered. Pick a size and color for yourself or friends below:

If you’re trying to keep up with the twists and turns of AppSec in the age of AI, come hang out on our Slack. Join us there to help us make sense of our rapidly evolving community, think of questions to ask industry experts, or maybe even help us decide what we’ll cover on next week’s episode.

Stay Secure,

Seth & Ken

Related Episodes

https://www.youtube.com/watch?v=hWUu7PEx5XQ - Episode #310 - w/ Mohan Kumar and Naveen K Mahavisnu - AI Agent Security - As we all know, AI tooling technology is moving faster and faster, so many of our past episodes surrounding this topic are already somewhat dated. However, our last episode focuses on the current state of tooling. In this interview with the practitioner-founders of Aira Security, we explore the challenges of securing autonomous AI agents, focusing on complex agentic workflows, reasoning drifts, and human-in-the-loop interventions to ensure safety and data integrity.

Absolute AppSec Happenings

https://redpointsecurity.com/navigating-user-enumeration/ – By way of Redpoint Security, Justin Larson discusses all things user enumeration, including brute-force attacks and credential stuffing.

https://portswigger.net/research/top-10-web-hacking-techniques-of-2025 – Portswigger’s 2025 top techniques highlight advanced exploitation of HTTP/2 CONNECT and Unicode normalization. Key research includes novel blind SSRF via indirect loops, SAML authentication bypasses, and cross-site ETag length leaks.

https://opensourcemalware.com/blog/clawbot-skills-ganked-your-crypto - And just in case you haven’t already seen Paul McCarty’s exposé of ClawHub “skills” masquerading as crypto-trading tools—you better tune in. The campaign exploited unvetted community contributions, highlighting critical risks in the autonomous AI agents that execute code with user permissions. The list continues to grow after the publication date.

Upcoming Events

Where in the world are Seth and Ken?

March 21-22, 2026 - BSidesSF - Watch this space for the details regarding a panel with Seth and Ken taking place in San Francisco in March.

April 7-8, 2026 - Harnessing LLMs for Application Security - IN PERSON at Kernel Con. Come join Seth and Ken in Omaha for the Harnessing LLMs course!

April 21-24, 2026 - Next Gen Appsec & Secure Code Review: Black Hat Edition - In-person training at Black Hat Asia. After a successful inaugural version of the 4-day BlackHat exclusive course at BlackHat Europe, Seth and Ken are leading the training again in Singapore. Find more information and register at the link above.

April 26-27, 2026 - Harnessing LLMs for Application Security - In-person training at DEF CON Singapore. The early bird price is valid until February 8, 2026, so be sure to register now if you’re looking to enhance your day-to-day AppSec processes with the power of LLM agents.