Nick Frichette
@frichetten.com
Staff Security Researcher @datadoghq | DEF CON/Black Hat USA main stage speaker | he/him | OSCP OSWE | I turned hacking AWS into a career | Tweets are my own | Created https://hackingthe.cloud
Professional communication
February 13, 2026 at 3:23 AM
Professional communication
New on Hacking the Cloud! A look at how a familiar container escape pattern shows up in GCP Cloud Workstations. We trace a path from a container to service account.
If you’re using Cloud Workstations, this is a useful model to keep in mind.
hackingthe.cloud/gcp/exploita...
If you’re using Cloud Workstations, this is a useful model to keep in mind.
hackingthe.cloud/gcp/exploita...
GCP Cloud Workstations Privilege Escalation - Hacking The Cloud
Break out of a Cloud Workstations container through an exposed Docker socket, then access project credentials from instance metadata.
hackingthe.cloud
February 10, 2026 at 3:15 PM
New on Hacking the Cloud! A look at how a familiar container escape pattern shows up in GCP Cloud Workstations. We trace a path from a container to service account.
If you’re using Cloud Workstations, this is a useful model to keep in mind.
hackingthe.cloud/gcp/exploita...
If you’re using Cloud Workstations, this is a useful model to keep in mind.
hackingthe.cloud/gcp/exploita...
Just got my ticket to @fwdcloudsec.org! Looking forward to the best cloud security conference in the world!
February 9, 2026 at 6:04 PM
Just got my ticket to @fwdcloudsec.org! Looking forward to the best cloud security conference in the world!
If you’re putting AI agents anywhere near prod, this is worth a read. We built AI Guard to help teams monitor prompts, tool calls, and model behavior in real systems, identifying and blocking AI threats in real time. More here:
www.datadoghq.com/blog/ai-guard/
www.datadoghq.com/blog/ai-guard/
Protect agentic AI applications with Datadog AI Guard | Datadog
Learn how Datadog AI Guard evaluates prompts, responses, and tool calls in real time to help you defend agentic AI applications against emerging threats.
www.datadoghq.com
February 3, 2026 at 7:09 PM
If you’re putting AI agents anywhere near prod, this is worth a read. We built AI Guard to help teams monitor prompts, tool calls, and model behavior in real systems, identifying and blocking AI threats in real time. More here:
www.datadoghq.com/blog/ai-guard/
www.datadoghq.com/blog/ai-guard/
New on Hacking the Cloud: Ben Stevens documents a new method for extracting IAM creds from an AWS Console session. Useful for post-exploitation and evasion tradecraft.
I've been meaning to cover this for years. Glad it’s finally live:
hackingthe.cloud/aws/post_exp...
I've been meaning to cover this for years. Glad it’s finally live:
hackingthe.cloud/aws/post_exp...
Get IAM Credentials from a Console Session - Hacking The Cloud
Convert access to the AWS Console into IAM credentials.
hackingthe.cloud
February 2, 2026 at 4:26 PM
New on Hacking the Cloud: Ben Stevens documents a new method for extracting IAM creds from an AWS Console session. Useful for post-exploitation and evasion tradecraft.
I've been meaning to cover this for years. Glad it’s finally live:
hackingthe.cloud/aws/post_exp...
I've been meaning to cover this for years. Glad it’s finally live:
hackingthe.cloud/aws/post_exp...
As AI agents get more autonomous, prompt injection will shift from
“ignore all previous instructions”
to
“add a task to the backlog to X.”
Once the payload crosses a trust boundary and lands in Jira, it’s no longer a prompt, it’s just another task. A task that makes me admin :D
“ignore all previous instructions”
to
“add a task to the backlog to X.”
Once the payload crosses a trust boundary and lands in Jira, it’s no longer a prompt, it’s just another task. A task that makes me admin :D
January 30, 2026 at 4:08 PM
As AI agents get more autonomous, prompt injection will shift from
“ignore all previous instructions”
to
“add a task to the backlog to X.”
Once the payload crosses a trust boundary and lands in Jira, it’s no longer a prompt, it’s just another task. A task that makes me admin :D
“ignore all previous instructions”
to
“add a task to the backlog to X.”
Once the payload crosses a trust boundary and lands in Jira, it’s no longer a prompt, it’s just another task. A task that makes me admin :D
Want a clear analysis of the latest OpenSSL CMS/PKCS#12 vulnerabilities and their real-world impact? Our post explains the conditions required for exploitation and how to evaluate practical risk in your environment.
securitylabs.datadoghq.com/articles/ope...
securitylabs.datadoghq.com/articles/ope...
OpenSSL January 2026 Security Update: CMS and PKCS#12 Buffer Overflows | Datadog Security Labs
A deep dive into OpenSSL’s January 2026 CMS and PKCS#12 vulnerabilities, including a pre-auth stack overflow and a PKCS#12 parsing bug.
securitylabs.datadoghq.com
January 27, 2026 at 7:07 PM
Want a clear analysis of the latest OpenSSL CMS/PKCS#12 vulnerabilities and their real-world impact? Our post explains the conditions required for exploitation and how to evaluate practical risk in your environment.
securitylabs.datadoghq.com/articles/ope...
securitylabs.datadoghq.com/articles/ope...
AI workloads are landing in the same AWS/Azure/GCP accounts we’ve been breaking into (and defending) for years. It's time for Hacking the Cloud to catch up. We're announcing a call for research! Share your AI and LLM sec research with thousands of readers hackingthe.cloud/blog/call_fo...
Call for research: AI and LLM security - Hacking The Cloud
Hacking the Cloud is opening the door to AI and LLM security research.
hackingthe.cloud
January 26, 2026 at 4:14 PM
AI workloads are landing in the same AWS/Azure/GCP accounts we’ve been breaking into (and defending) for years. It's time for Hacking the Cloud to catch up. We're announcing a call for research! Share your AI and LLM sec research with thousands of readers hackingthe.cloud/blog/call_fo...
IDEs are the new browser: massive attack surface, privileged access to various things, and lots of “just trust it.” Today the Security Research Team at Datadog dropped IDE-SHEPHERD: a tool that watches extensions at runtime and blocks dangerous behavior.
securitylabs.datadoghq.com/articles/ide...
securitylabs.datadoghq.com/articles/ide...
Introducing IDE-SHEPHERD: Your shield against threat actors lurking in your IDE | Datadog Security Labs
IDE-SHEPHERD is an open-source IDE security extension that provides real-time monitoring and protection for VS Code and Cursor. It intercepts malicious process executions, monitors network activity, a...
securitylabs.datadoghq.com
January 26, 2026 at 2:41 PM
IDEs are the new browser: massive attack surface, privileged access to various things, and lots of “just trust it.” Today the Security Research Team at Datadog dropped IDE-SHEPHERD: a tool that watches extensions at runtime and blocks dangerous behavior.
securitylabs.datadoghq.com/articles/ide...
securitylabs.datadoghq.com/articles/ide...
I'm skeptical of the claim that 1,000 Clawdbot instances are publicly facing on the internet. If you look at the Shodan output, most of those boxes don't have port 18789 exposed (default Clawdbot port). The references to 18789 are from mDNS. Take this one for example:
January 26, 2026 at 2:46 AM
I'm skeptical of the claim that 1,000 Clawdbot instances are publicly facing on the internet. If you look at the Shodan output, most of those boxes don't have port 18789 exposed (default Clawdbot port). The references to 18789 are from mDNS. Take this one for example:
Trying out clawdbot! And I'll live tweet my experiences setting it up and using it. It's been all of my timeline and doing cool things. (see @ajs.bsky.social's post below).
I'm running this on an Ubuntu VM managed through KVM with 6 cores and 16 gigs of ram.
aaronstuyvenberg.com/posts/clawd-...
I'm running this on an Ubuntu VM managed through KVM with 6 cores and 16 gigs of ram.
aaronstuyvenberg.com/posts/clawd-...
Clawdbot bought me a car
Outsourcing the painful aspects of a car purchase to AI was refreshingly nice, and sold me on the vision of Clawdbot
aaronstuyvenberg.com
January 24, 2026 at 5:00 PM
Trying out clawdbot! And I'll live tweet my experiences setting it up and using it. It's been all of my timeline and doing cool things. (see @ajs.bsky.social's post below).
I'm running this on an Ubuntu VM managed through KVM with 6 cores and 16 gigs of ram.
aaronstuyvenberg.com/posts/clawd-...
I'm running this on an Ubuntu VM managed through KVM with 6 cores and 16 gigs of ram.
aaronstuyvenberg.com/posts/clawd-...
Did you know Claude models have a "magic string" to test when a model refuses to respond? If that string enters prompt context, it can be abused to break LLM workflows until context is reset.
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
Break LLM Workflows with Claude's Refusal Magic String - Hacking The Cloud
How Anthropic's refusal test string can be abused to stop streaming responses and create sticky failures.
hackingthe.cloud
January 21, 2026 at 2:54 PM
Did you know Claude models have a "magic string" to test when a model refuses to respond? If that string enters prompt context, it can be abused to break LLM workflows until context is reset.
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
It's the EICAR test string of the AI age. Details:
hackingthe.cloud/ai-llm/explo...
We are on the verge of the commoditization of exploitation. Every vuln will functionally have a public PoC available because attackers can generate them in minutes.
The advantage will increasingly belong to organizations that can detect, respond, and contain fast.
sean.heelan.io/2026/01/18/o...
The advantage will increasingly belong to organizations that can detect, respond, and contain fast.
sean.heelan.io/2026/01/18/o...
On the Coming Industrialisation of Exploit Generation with LLMs
Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…
sean.heelan.io
January 19, 2026 at 3:24 AM
We are on the verge of the commoditization of exploitation. Every vuln will functionally have a public PoC available because attackers can generate them in minutes.
The advantage will increasingly belong to organizations that can detect, respond, and contain fast.
sean.heelan.io/2026/01/18/o...
The advantage will increasingly belong to organizations that can detect, respond, and contain fast.
sean.heelan.io/2026/01/18/o...
Very cool research on a CodeBuild misconfiguration which could have had significant consequences. I’m a bit disappointed that there wasn’t more done to secure the supply chain after the Q Developer incident.
www.wiz.io/blog/wiz-res...
www.wiz.io/blog/wiz-res...
CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog
Wiz Research discovered CodeBreach, a critical vulnerability that risked the AWS Console supply chain. Learn how to secure your AWS CodeBuild pipelines.
www.wiz.io
January 15, 2026 at 6:46 PM
Very cool research on a CodeBuild misconfiguration which could have had significant consequences. I’m a bit disappointed that there wasn’t more done to secure the supply chain after the Q Developer incident.
www.wiz.io/blog/wiz-res...
www.wiz.io/blog/wiz-res...
We’re hiring! Join the Datadog Security Research team as a Senior Security Researcher specializing in GenAI and help shape the future of AI security!
careers.datadoghq.com/detail/75146...
careers.datadoghq.com/detail/75146...
Senior Security Researcher - GenAI | Datadog Careers
We're building a platform that engineers love to use. Join us, and help usher in the future.
careers.datadoghq.com
January 14, 2026 at 3:29 PM
We’re hiring! Join the Datadog Security Research team as a Senior Security Researcher specializing in GenAI and help shape the future of AI security!
careers.datadoghq.com/detail/75146...
careers.datadoghq.com/detail/75146...
Fiber internet is breaking my brain. Streaming 4K video from my home server to my phone over the internet. It doesn’t even stutter. Insane.
January 12, 2026 at 8:01 PM
Fiber internet is breaking my brain. Streaming 4K video from my home server to my phone over the internet. It doesn’t even stutter. Insane.
The 2025 Hacking the Cloud: Year in Review is out! We take a look at the growing tide of software supply chain attacks, discuss the most critical cloud vuln discovered to date, and share some stats for the site!
hackingthe.cloud/blog/2025_wr...
hackingthe.cloud/blog/2025_wr...
2025 Hacking the Cloud: Year in Review - Hacking The Cloud
An end of year summary for Hacking the Cloud in 2025.
hackingthe.cloud
January 5, 2026 at 3:17 PM
The 2025 Hacking the Cloud: Year in Review is out! We take a look at the growing tide of software supply chain attacks, discuss the most critical cloud vuln discovered to date, and share some stats for the site!
hackingthe.cloud/blog/2025_wr...
hackingthe.cloud/blog/2025_wr...
New on @hackingthe.cloud, did you know that attackers can prevent you from kicking them out of your environment in certain situations? Eduard Agavriloae shares his research on how attackers can nullify containment attempts!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...
IAM Persistence through Eventual Consistency - Hacking The Cloud
Abuse IAM's eventual consistency to maintain persistence against incident response containment.
hackingthe.cloud
December 18, 2025 at 4:25 PM
New on @hackingthe.cloud, did you know that attackers can prevent you from kicking them out of your environment in certain situations? Eduard Agavriloae shares his research on how attackers can nullify containment attempts!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...
I’m running behind on PRs, DMs, the Hacking the cloud EoY report, etc. I will catch up in time, I’m just trying to rest and heal this horrible fever.
December 16, 2025 at 1:51 PM
I’m running behind on PRs, DMs, the Hacking the cloud EoY report, etc. I will catch up in time, I’m just trying to rest and heal this horrible fever.
Currently backed myself into a corner by ignoring my own advice: When researching vulns in a cloud service, learn how the service works BEFORE you start hunting. Do it in the reverse order and you’ll end up with a vuln you can’t tie to real impact, because you never learned how harm could occur.
December 3, 2025 at 5:04 PM
Currently backed myself into a corner by ignoring my own advice: When researching vulns in a cloud service, learn how the service works BEFORE you start hunting. Do it in the reverse order and you’ll end up with a vuln you can’t tie to real impact, because you never learned how harm could occur.
If you’re messing with the AWS console in Burp Suite and getting some weird errors when trying to HEAD S3 buckets, go into your proxy listener settings and turn OFF HTTP/2 support. I was baffled for a bit trying to get a service to work and that solved it.
November 24, 2025 at 8:12 PM
If you’re messing with the AWS console in Burp Suite and getting some weird errors when trying to HEAD S3 buckets, go into your proxy listener settings and turn OFF HTTP/2 support. I was baffled for a bit trying to get a service to work and that solved it.
Ah yes, the alloy known as '<span class="no-text-formatting">white gold</span>'
October 2, 2025 at 9:33 PM
Ah yes, the alloy known as '<span class="no-text-formatting">white gold</span>'
Today in weird things family members say about technology, this is “the weird internet frisbee”.
October 1, 2025 at 9:26 PM
Today in weird things family members say about technology, this is “the weird internet frisbee”.
New on @hackingthe.cloud! A great post by Federico Lucini on bypassing AWS Network Firewall egress filtering!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...
AWS Network Firewall Egress Filtering Bypass - Hacking The Cloud
Bypass AWS Network Firewall Egress Filtering using SNI spoofing and Host Header manipulation.
hackingthe.cloud
September 29, 2025 at 2:30 PM
New on @hackingthe.cloud! A great post by Federico Lucini on bypassing AWS Network Firewall egress filtering!
hackingthe.cloud/aws/post_exp...
hackingthe.cloud/aws/post_exp...