Subscribe to Nine Lives, Zero Trust, and get security insights delivered to your inbox.
Here's what you'll get:
Zero Trust insights you can actually use
DevSecOps practices for building security into your pipeline
Threat intel worth knowing
Cloud security tips from the trenches
Secure coding and shift-left strategies
The occasional cat pun (we're paranoid about spam, not fun)
Whether you're building secure infrastructure, automating compliance, or navigating the multi-cloud maze, this newsletter has you covered.
Filter by topic to get precisely what you need. Unsubscribe anytime.
Stay curious. Stay secure. Land on your feet.
AWS continues to enhance its generative AI security capabilities, with improved prompt attack filtering now available in Amazon Bedrock Guardrails. Despite these advances, a significant gap remains: organizations are deploying LLM capabilities faster than they are implementing adequate security controls.
Prompt injection represents a fundamental vulnerability class for...
In September 2025, Microsoft announced the Sentinel MCP Server - a Model Context Protocol implementation that lets MCP-compatible AI assistants query your Sentinel data using natural language. Microsoft highlights GitHub Copilot, Copilot Studio, and Azure AI Foundry as primary clients, with a dedicated
Container Supply Chain Security
SBOM · Signing · Attestation
No Long-Lived Secrets Keyless Sigstore / OIDC SLSA Build Provenance GitHub Actions ReadyOver the last couple of weeks, I’ve been diving deep into container supply chain security. Between high-profile incidents like SolarWi...
If you’ve worked with Terraform and secrets, you’ve probably wondered: “Wait, is my password actually in that state file?”
The answer has historically been: yes. The sensitive = true flag does a great job hiding values from CLI output, but the state file itself still contains those values. This wasn’t a bug - it’s how Terraform tracked resource state. But ...
The enterprise is entering uncharted territory. AI agents, autonomous systems that can browse the web, execute code, access databases, and interact with third-party services, are no longer experimental. They’re being deployed at scale. And they’re creating a security challenge that traditional identity and access management was never designed to handle.
1.3B AI agent...