Mark Nunnikhoven: Providing clarity about security. [Cloud strategy]
Please enjoy this encore of Career Notes.
Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others. Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture shift was an eye-opening experience. Mark always looks to learn something new and share that with others and that is evidenced as his includes teaching as a facet of his career. We thank Mark for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
--------
8:53
Hiding in plain sight with vibe coding.
This week, Dave is joined by Ziv Karliner, Pillar Security’s Co-Founder and CTO, sharing details on their work on "New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents." Vibe Coding - where developers use AI assistants like GitHub Copilot and Cursor to generate code almost instantly - has become central to how enterprises build software today. But while it’s turbo-charging development, it’s also introducing new and largely unseen cyber threats.
The team at Pillar Security identified a novel attack vector, the "Rules File Backdoor", which allows attackers to manipulate these platforms into generating malicious code. It represents a new class of supply chain attacks that weaponizes AI itself, where the malicious code suggestions blend seamlessly with legitimate ones, bypassing human review and security tools.
The research can be found here:
New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents
Learn more about your ad choices. Visit megaphone.fm/adchoices
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.