|
By Daniel Ballmer
CEO Maxime Lamothe-Brassard made an observation after the RSA conference that security vendors don't typically say out loud: "The frontier models are just better than anything people roll their own. There's no secret sauce these vendors are offering that is better than the latest frontier model release." That's a pointed claim that carries a significant implication buyers may not have fully considered.
|
By Daniel Ballmer
Most malware analysis workflows follow the same pattern: run a set of tools, manually review the output, build detection rules from memory, and repeat. It's reliable, but slow, and for MDR and MSSP teams handling volume, delays have a cost. In this workshop, LimaCharlie Senior Solutions Engineer Chris Botelho demonstrates a faster path: using Claude Code with LimaCharlie's reverse engineering environment to triage, analyze, and build detections against a real malware sample pulled from Malware Bazaar.
|
By Daniel Ballmer
The dominant narrative around AI in security is one of emboldened defenders suppressing attackers. Yet, not everyone is convinced the future will be so rosy. In a recent Defender Fridays episode, Josh Neil, Co-founder and CTO of Alpha Level, made an argument that cuts against the celebratory mood: as AI makes known attack vectors harder to use, adversaries don't disappear. They adapt. For MSSPs and SOC teams, an adversary that looks like a user is a harder problem than one that looks like malware.
|
By Daniel Ballmer
In July 2025, Replit's autonomous AI coding agent deleted a live production database despite being explicitly instructed to freeze all changes. The agent then attempted to reassure the user with incorrect information after the fact. The team had safeguards in place. The instructions were explicit. Neither stopped it. The conclusion that follows is one the security community should take seriously: you cannot enforce AI agent behavior through the agent itself.
|
By Daniel Ballmer
Grid is LimaCharlie's agentic AI layer for security teams that want AI operations running across their existing stack right now. Security providers and SOCs need access to AI capabilities without waiting for a migration window, a contract renewal, or a vendor to ship the features they need. Every major security vendor is offering some version of AI. CrowdStrike has Charlotte AI. SentinelOne has Purple AI. Microsoft has Copilot for Security.
|
By Daniel Ballmer
Some of the security industry is still cautiously evaluating its relationship with AI. They are weighing questions, sitting with uncertainty, and waiting for something to ease their concerns about trusting AI in production. This post isn't for that group. This is for AI tool developers already in motion. The ones who vibe-coded a log parser over a weekend, spun up local inference on dedicated hardware, or ran cross-model research pipelines across multiple data sources.
|
By Daniel Ballmer
AI tools are moving faster than the security controls meant to govern them.In this episode of Defender Fridays, Cisco's Cybersecurity Technical Solutions Architect Katherine McNamara walks through changes in the threat landscape as organizations rush to integrate AI without applying basic security discipline. When Katherine meets with customers to discuss AI security, the conversation almost always starts and ends in the same place: data leakage. Someone might upload sensitive files to a public LLM.
|
By Daniel Ballmer
Most multi-agent security deployments fail in production not because the agents can't act, but because there's no shared context layer between them. When something goes wrong, the audit trail doesn't exist. In LimaCharlie, solving that problem is architectural, and the solution starts with how individual agents are defined.
|
By Daniel Ballmer
Anyone who's stood up a SIEM from scratch knows the feeling: weeks of infrastructure work, integration headaches, and a services team alongside for the whole process. That experience shaped how people think about adopting anything new in security ops. The instinct is to treat AI the same way: budget for it, plan for it, bring in specialists. This instinct is costing teams real time. Traditional infrastructure takes great effort to stand up. Infrastructure-as-code happens in seconds.
|
By Daniel Ballmer
Security operators often struggle with the escalating friction that naturally occurs in their detection and response (D&R) workflow. Detections fire in one tool. Investigations happen in another. Case tracking lives in a third. For MSSPs managing dozens of client environments, fragmentation compounds quickly. Analyst time bleeds into context-switching. SLAs are hard to track. When something goes wrong, reconstructing what happened across multiple platforms is painful.
|
By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Originally recorded: Friday May 22, 2026 Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
|
By LimaCharlie
Join us for this week's Defender Fridays as Charles Grandjean, CTO and Co-founder at Hexiagon AI, breaks down where AI-assisted pen testing actually stands today and what it means for both red teams and defenders. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
|
By LimaCharlie
There are two types of companies: those who have been compromised and those who will be. Mid and small businesses are walking into this reality without understanding what AI has changed. On The Cybersecurity Defenders Podcast, David Chernitzky, CEO and co-founder of Armour Cybersecurity, explains why the gap between how large organizations understand AI-driven threats and how smaller ones do is widening fast.
|
By LimaCharlie
Today David Chernitzky, Co-Founder and CEO of Armour Cybersecurity, breaks down the challenges small and mid-sized businesses face in the new blink-and-you-miss-it cybersecurity landscape. Don't be left behind and open yourself to AI-driven attacks from threat actors.
|
By LimaCharlie
Dr. Adeel Shaikh Muhammad argues that when it comes to AI in the SOC, alert prioritization, anomaly detection, and SOC efficiency are where the real value is. The rest is mostly noise. On The Cybersecurity Defenders Podcast, the cybersecurity strategist and three-time author draws a clear line between where AI delivers and where the industry has oversold it. Full autonomous SOCs, perfect attack prediction, and replacing human analysts all fall on the hype side. AI narrows focus and accelerates decisions, but the final call still belongs to humans.
|
By LimaCharlie
Join us for this week's Defender Fridays as Chris Sanders, Founder at Applied Network Defense and the Rural Technology Fund, breaks down how analysts actually think through investigations and what separates high performers from the rest. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
|
By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
|
By LimaCharlie
Join us for this week's Defender Fridays as Shane Warden, Principal Architect at ActiveState, shares what it's actually like to be on the receiving end of AI-assisted vulnerability reporting and what open source maintainers are already dealing with that the rest of the industry will face soon. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
|
By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
|
By LimaCharlie
In this hands-on workshop we will analyze an unknown binary, quickly extract indicators, and determine the binary’s core functionality. We'll give Claude the LCRE (LimaCharlie Reverse Engineering) tool to accelerate analysis and interpretation by identifying configuration details, key behaviors, and any additional indicators useful for rule building. We'll use this information to craft detection rules for this sample.
- May 2026 (25)
- April 2026 (32)
- March 2026 (18)
- February 2026 (32)
- January 2026 (15)
- December 2025 (13)
- November 2025 (13)
- October 2025 (15)
- September 2025 (17)
- August 2025 (20)
- July 2025 (11)
- June 2025 (11)
- May 2025 (17)
- April 2025 (14)
- March 2025 (18)
- February 2025 (15)
- January 2025 (14)
- December 2024 (8)
- November 2024 (11)
- October 2024 (8)
- September 2024 (14)
- August 2024 (9)
- July 2024 (9)
- June 2024 (11)
- May 2024 (11)
- April 2024 (12)
- March 2024 (9)
- February 2024 (14)
- January 2024 (3)
- November 2023 (3)
- October 2023 (4)
- September 2023 (2)
- August 2023 (6)
- July 2023 (4)
- June 2023 (2)
- May 2023 (5)
- April 2023 (9)
- March 2023 (7)
- February 2023 (7)
- January 2023 (7)
- December 2022 (6)
- November 2022 (6)
- October 2022 (9)
- September 2022 (6)
- August 2022 (6)
- July 2022 (4)
- June 2022 (6)
- May 2022 (4)
- April 2022 (3)
- March 2022 (6)
- February 2022 (3)
- January 2022 (3)
- December 2021 (5)
- November 2021 (6)
- October 2021 (3)
- September 2021 (4)
- August 2021 (9)
LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility into your coverage, build what you want, control your data, get the security capabilities you need, for however long you need them, and pay only for what you use.
LimaCharlie Sensors enable organizations to collect relevant security telemetry, logs and artifacts in real-time from any source and process that data at wire speed using a universal detection, response and automation engine. Use signature based detections, your favourite threat feed or subscribe to curated detection rules.
An engineering approach to cybersecurity:
- Endpoint detection & response: Respond to threats at wire speed and create powerful automations. Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors.
- Software-defined networking: Secure and monitor network access to your endpoints by providing advanced instrumented Zero Trust VPN access. LimaCharlie’s Secure Access Service Edge (SASE) makes secure remote networking easy and affordable.
- Windows Event Log monitoring: Gain the ability to capture and analyze Windows Event Logs (WEL) in real-time. Ingested WEL are indexed along common indicators of compromise and run through the Detection & Response engine.
- File & registry integrity monitoring: LimaCharlie's File & Registry Integrity Monitoring capability allows you to monitor specific file path patterns and registry patterns for changes.
- Monitoring cloud deployments: Secure your cloud using LimaCharlie’s advanced Sensor technology. Run in a VM, Docker, or as a privileged container in Kubernetes. Optimize your costs with fine-grained event collection control, autoscaling and automated sensor culling.
- YARA scanning at scale: Various YARA scanning methods are available. Run a scan on any given endpoint or continuously across the entire fleet in a way that does not impact performance. Pull YARA signatures from Github repositories and other sources, both private and public.
- Cutting edge detections: Leverage the work of best-in-class professionals with an unparalleled cost efficiency. Subscribe to threat feeds and curated detection rules. Easily write your own custom rules and apply them instantly to your entire fleet.
- Log and artifact monitoring: Ingest logs, or any file type, from any source and run them through the detection, automation and response engine. One year of full telemetry storage included - not just detections or select entries, but all endpoint, network, and external logs telemetry.
Detect and respond on everything.