Teri Radichel
@teriradichel.bsky.social
2nd Sight Lab. Cloud, SAAS, and App Pentesting. Security Research. AWS Security Hero . Author on Amazon. Former IANS, SANS faculty. GSE. Masters Software & Infosec.
Pinned
Artificial Intelligence
Generating Code and Content With AI
medium.com
Chronicling my venture into AI here. 🤖 Sept 25 was key post. Started exploring production ready code. Immediately saw the pitfalls and wrote a framework and better context. A month later….have accomplished a lot. No time to write. Follow for updates.
medium.com/cloud-securi...
medium.com/cloud-securi...
The /knowledge feature of AWS Q CLI is interesting. The problem is the things Q or Claude gets wrong that I would add to it are already in Q’s instructions.
November 12, 2025 at 4:38 PM
The /knowledge feature of AWS Q CLI is interesting. The problem is the things Q or Claude gets wrong that I would add to it are already in Q’s instructions.
Reposted by Teri Radichel
Google launches a dedicated AI bug bounty program that offers security researchers up to $30,000 for finding vulnerabilities in its AI products (Elissa Welle/The Verge)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
October 6, 2025 at 10:45 PM
Google launches a dedicated AI bug bounty program that offers security researchers up to $30,000 for finding vulnerabilities in its AI products (Elissa Welle/The Verge)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
Reposted by Teri Radichel
Apple’s Bug Bounty Program
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers…
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers…
Apple’s Bug Bounty Program
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards. We’re doubling our top award to $2 million for exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks.
www.schneier.com
October 15, 2025 at 11:03 AM
Apple’s Bug Bounty Program
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers…
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers…
One of the best tips I’ve seen for the AWS Q CLI is the ability to use ! to run a command and pass it directly to the OS so you aren’t having Q and the model do that work. Like !cat somefile.txt
November 12, 2025 at 3:33 PM
One of the best tips I’ve seen for the AWS Q CLI is the ability to use ! to run a command and pass it directly to the OS so you aren’t having Q and the model do that work. Like !cat somefile.txt
Happy Veteran’s Day. 🇺🇸
Thank you. ❤️🤍💙
Thank you. ❤️🤍💙
November 11, 2025 at 6:05 PM
Happy Veteran’s Day. 🇺🇸
Thank you. ❤️🤍💙
Thank you. ❤️🤍💙
AI journey update: what my framework does now and how I leveraged AI to do it.
infosec.exchange/@teriradiche...
infosec.exchange/@teriradiche...
Teri Radichel (@teriradichel@infosec.exchange)
AI journey update: 🤖 I have some scripts that create a new rust project, git repo, and AWS Q CLI agent to go with it. More on that in my pinned blog.
As I was creating my last new project I pondered ...
infosec.exchange
November 11, 2025 at 2:48 PM
AI journey update: what my framework does now and how I leveraged AI to do it.
infosec.exchange/@teriradiche...
infosec.exchange/@teriradiche...
Two things I want most at AWS re:Invent:
Q CLI to work with AWS IAM - so ability to use app code not browser for MFA to start a session using an IAM role using CLI credentials which can be stored in Secrets Manager as demonstrated over and over on my blog and in my GitHub repository.
Q CLI to work with AWS IAM - so ability to use app code not browser for MFA to start a session using an IAM role using CLI credentials which can be stored in Secrets Manager as demonstrated over and over on my blog and in my GitHub repository.
November 10, 2025 at 5:07 PM
Two things I want most at AWS re:Invent:
Q CLI to work with AWS IAM - so ability to use app code not browser for MFA to start a session using an IAM role using CLI credentials which can be stored in Secrets Manager as demonstrated over and over on my blog and in my GitHub repository.
Q CLI to work with AWS IAM - so ability to use app code not browser for MFA to start a session using an IAM role using CLI credentials which can be stored in Secrets Manager as demonstrated over and over on my blog and in my GitHub repository.
So much to do, so little time. If you have not tried Q CLI with a custom agent and proper permissions boundaries I suggest you try it. I wrote about how to do that in my pinned posts.
November 10, 2025 at 4:06 PM
So much to do, so little time. If you have not tried Q CLI with a custom agent and proper permissions boundaries I suggest you try it. I wrote about how to do that in my pinned posts.
What kind of bugs me is that q can’t fix the same error over and over and I run out of credits this month based on repeated failed attempts that didn’t work. That’s a bit frustrating. Not sure how to fix it. I accept the code to test it but the test fails. Repeat repeat repeat….
November 8, 2025 at 10:13 PM
What kind of bugs me is that q can’t fix the same error over and over and I run out of credits this month based on repeated failed attempts that didn’t work. That’s a bit frustrating. Not sure how to fix it. I accept the code to test it but the test fails. Repeat repeat repeat….
What am I doing wrong. The first bullet point in my custom context file for a Q CLI agent says never use sudo. I thought I also put that in the json file somehow. And yet Q CLI keeps trying to use sudo. Why?
November 8, 2025 at 8:25 PM
What am I doing wrong. The first bullet point in my custom context file for a Q CLI agent says never use sudo. I thought I also put that in the json file somehow. And yet Q CLI keeps trying to use sudo. Why?
Today I am running Q CLI with a custom agent. The agent’s context file explains the code the agent can edit and read. And yet, the agent’s context file is trying to access this for no apparent reason:
crates/chat-cli/src/cli/mod.rs
Put controls around your agents!
crates/chat-cli/src/cli/mod.rs
Put controls around your agents!
November 8, 2025 at 8:24 PM
Today I am running Q CLI with a custom agent. The agent’s context file explains the code the agent can edit and read. And yet, the agent’s context file is trying to access this for no apparent reason:
crates/chat-cli/src/cli/mod.rs
Put controls around your agents!
crates/chat-cli/src/cli/mod.rs
Put controls around your agents!
Just noticed Werner Vogels’ keynote is at a different time this year at AWS re:Invent if you plan your schedule around that like I do 😉
November 7, 2025 at 6:23 PM
Just noticed Werner Vogels’ keynote is at a different time this year at AWS re:Invent if you plan your schedule around that like I do 😉
Related to my last post… App that implements consistent code logging to screen and file in two tries…
infosec.exchange/@teriradiche...
infosec.exchange/@teriradiche...
Teri Radichel (@teriradichel@infosec.exchange)
Related to my last post… App that implements consistent code logging to screen and file in two tries…
After dinner I touched up the README for the app that tests the log router. I told it to configur...
infosec.exchange
November 7, 2025 at 6:00 AM
Related to my last post… App that implements consistent code logging to screen and file in two tries…
infosec.exchange/@teriradiche...
infosec.exchange/@teriradiche...
I think I’m hitting deadlocks running multiple Q CLI agents at the same time. Not sure if it is Q. May be cargo.
November 6, 2025 at 12:16 AM
I think I’m hitting deadlocks running multiple Q CLI agents at the same time. Not sure if it is Q. May be cargo.
Today’s AI test:
We are having work done on the foundation of our historic house and the noise, grinding, and shaking makes it hard to concentrate so my pup and I walked to the coffee shop to sit outside in the shade and work.
infosec.exchange/@teriradiche...
We are having work done on the foundation of our historic house and the noise, grinding, and shaking makes it hard to concentrate so my pup and I walked to the coffee shop to sit outside in the shade and work.
infosec.exchange/@teriradiche...
Teri Radichel (@teriradichel@infosec.exchange)
Today’s AI test:
We are having work done on the foundation of our historic house and the noise, grinding, and shaking makes it hard to concentrate so my pup and I walked to the coffee shop to sit out...
infosec.exchange
November 5, 2025 at 5:34 PM
Today’s AI test:
We are having work done on the foundation of our historic house and the noise, grinding, and shaking makes it hard to concentrate so my pup and I walked to the coffee shop to sit outside in the shade and work.
infosec.exchange/@teriradiche...
We are having work done on the foundation of our historic house and the noise, grinding, and shaking makes it hard to concentrate so my pup and I walked to the coffee shop to sit outside in the shade and work.
infosec.exchange/@teriradiche...
I went through all my readmes last night and put a mandatory comment at the top telling every project which lost important roles it has to follow. I also found some conflicting information in a couple of readmes. For one thing I explicitly describe and asked for in a readme, I gave up.
Is Q or Claude broken right now? I hope my credits are not used up when it makes the same errors over and over, does not follow instructions, and removes code it already fixed repeatedly. Time for a break.
November 5, 2025 at 2:26 PM
I went through all my readmes last night and put a mandatory comment at the top telling every project which lost important roles it has to follow. I also found some conflicting information in a couple of readmes. For one thing I explicitly describe and asked for in a readme, I gave up.
Is Q or Claude broken right now? I hope my credits are not used up when it makes the same errors over and over, does not follow instructions, and removes code it already fixed repeatedly. Time for a break.
November 5, 2025 at 2:25 AM
Is Q or Claude broken right now? I hope my credits are not used up when it makes the same errors over and over, does not follow instructions, and removes code it already fixed repeatedly. Time for a break.
A long time ago I built this whole CMS in Java that could implement *any* web design using XSLT and optimize it for SEO. But I was too slow, never got investors, got sued by a company whom I tried to do a favor, and never really got it off the ground and kind of gave up.
November 4, 2025 at 10:25 PM
A long time ago I built this whole CMS in Java that could implement *any* web design using XSLT and optimize it for SEO. But I was too slow, never got investors, got sued by a company whom I tried to do a favor, and never really got it off the ground and kind of gave up.
Are you registered for AWS re:Invent? I’ll be there. Should be a really interesting time this year with new AI advancements.
reinvent.awsevents.com
reinvent.awsevents.com
AWS re:Invent 2025 | December 1 – 5, 2025
Build the future with us at AWS re:Invent, Dec 1 – 5, 2025 in Las Vegas, NV. Learn new skills, take home proven strategies, make lifelong connections.
reinvent.awsevents.com
November 4, 2025 at 2:54 PM
Are you registered for AWS re:Invent? I’ll be there. Should be a really interesting time this year with new AI advancements.
reinvent.awsevents.com
reinvent.awsevents.com
It has taken forever for me to get Linux permissions right with AI agents with both new and existing files and directories across the entire SDLC I’ve got implemented. Each time I think I have it right the next time I run my scripts to create a new project something else doesn’t have permission.
November 4, 2025 at 2:20 PM
It has taken forever for me to get Linux permissions right with AI agents with both new and existing files and directories across the entire SDLC I’ve got implemented. Each time I think I have it right the next time I run my scripts to create a new project something else doesn’t have permission.
Was doing pretty well either AI code lately but last night I got stuck in another frustrating loop where the agent couldn’t figure out how to fix some unit tests, reported incorrect information and I stopped and went to bed.
November 4, 2025 at 2:07 PM
Was doing pretty well either AI code lately but last night I got stuck in another frustrating loop where the agent couldn’t figure out how to fix some unit tests, reported incorrect information and I stopped and went to bed.
Chronicling my venture into AI here. 🤖 Sept 25 was key post. Started exploring production ready code. Immediately saw the pitfalls and wrote a framework and better context. A month later….have accomplished a lot. No time to write. Follow for updates.
medium.com/cloud-securi...
medium.com/cloud-securi...
Artificial Intelligence
Generating Code and Content With AI
medium.com
November 2, 2025 at 6:48 PM
Chronicling my venture into AI here. 🤖 Sept 25 was key post. Started exploring production ready code. Immediately saw the pitfalls and wrote a framework and better context. A month later….have accomplished a lot. No time to write. Follow for updates.
medium.com/cloud-securi...
medium.com/cloud-securi...
So is Amazon Q getting better or am I getting better at using it or is it just that I’m doing something it happens to be heavily trained on? I just converted my bash AWS deploy anything script to rust and fixed most of the remaining issues.
November 2, 2025 at 9:51 AM
So is Amazon Q getting better or am I getting better at using it or is it just that I’m doing something it happens to be heavily trained on? I just converted my bash AWS deploy anything script to rust and fixed most of the remaining issues.
What happened to Amazon Q. I can no longer subscribe users or groups.
November 1, 2025 at 5:57 PM
What happened to Amazon Q. I can no longer subscribe users or groups.