Ben-Hur Santos Ott

Give us a ☆ on github

Ben-Hur Santos Ott

AI Agents Security | AppSec | DevSecOps

Hello Adventurer 🧙‍♂️

I am a Staff Solutions Engineer at Snyk and I created this blog to share some awesome content that I'm seeing during this software security journey. Enjoy.

🧙‍♂️ linkedin ✨ youtube ✨ wss podcast ✨ devsecops podcast ✨ x/twitter

📜 alura - appsec

AppSec Guide by Trail of Bits

Trail of Bits has a Testing Handbook with useful information about application security. Check it out:

https://appsec.guide/

Caveman mode for Claude Code consumes less tokens

A semantic constraint engine for Claude Code & Codex. Forces agentic communication into minimal-token lithic structures. Retain 100% technical accuracy while destroying up to 87% of output latency.

https://juliusbrussee.github.io/caveman/

Learn the Claude Code Source

Well, you probably knows that the source code of Claude Code leaked today.

The most impressive is that someone created a 50 module learning tutorial about it.

https://www.markdown.engineering/learn-claude-code/

Axios Compromised

Axios has been compromised. Versions 1.14.1 and 0.30.4 are malicious and inject a dependency on plain-crypto-js@4.2.1. Look for these versions and remove this dependency.

Axios: https://security.snyk.io/vuln/SNYK-JS-AXIOS-15850650
Plain-crypto-js: https://security.snyk.io/vuln/SNYK-JS-PLAINCRYPTOJS-15850652

Snyk Blog Post: https://snyk.io/pt-BR/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/

Hidden Layer Research

This site contains a lot of good research articles about AI Security.

https://www.hiddenlayer.com/innovation-hub/research

AI Defend Framework

This link contains strategies to defend AI applications and integrations.

https://aidefend.net/

Run Claude Code using Ollama

This tutorial shows how to run claude code using a local Ollama model.

read more →

Maestro Threat Modeling Nanoclaw

This article details the result of a threat modeling using maestro framework in Nanoclaw by Nvidia.

https://kenhuangus.substack.com/p/maestro-threat-modeling-nemoclaw

Programming Fonts

This site shows a preview of each font for programming and terminal.

https://www.programmingfonts.org/

The AI Security Institute

This site contains a lot of researches about IA Governance and how AI Agents have been used in the real world.

https://www.aisi.gov.uk/

Learn from incidents

This blog shares real cases about incidents and what we can learn from them

https://www.learnfromincidents.com/

Trivy and LiteLLM was compromised

The Trivy GH Action was compromised and it affected a lot of other open source tools, creating an impactful attack chain.

Here is the Snyk Post: https://snyk.io/pt-BR/articles/poisoned-security-scanner-backdooring-litellm/

How you can be attacked by an MCP Server

A live session by José Augusto talking about MCP security

Marmite Blog Engine

I discovered this tool called Marmite to build blogs using markdown. It's awesome (I build this site using it hahaha).

Agent Security NotebookLM

I created a NotebookLM with all sources that I'm reviewing about security for AI Agents.