Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI: The hero's journey with Ken Westin

Join us for this week's Defender Fridays as Ken Westin, Senior Solutions Engineer at LimaCharlie, shares his AI journey and what the hero's journey framework reveals about how security professionals can move from hesitation to genuine mastery of AI tools. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

AI in security feels harder than it is

Anyone who's stood up a SIEM from scratch knows the feeling: weeks of infrastructure work, integration headaches, and a services team alongside for the whole process. That experience shaped how people think about adopting anything new in security ops. The instinct is to treat AI the same way: budget for it, plan for it, bring in specialists. This instinct is costing teams real time. Traditional infrastructure takes great effort to stand up. Infrastructure-as-code happens in seconds.

LimaCharlie Case Management: Built for agentic security workflows

Security operators often struggle with the escalating friction that naturally occurs in their detection and response (D&R) workflow. Detections fire in one tool. Investigations happen in another. Case tracking lives in a third. For MSSPs managing dozens of client environments, fragmentation compounds quickly. Analyst time bleeds into context-switching. SLAs are hard to track. When something goes wrong, reconstructing what happened across multiple platforms is painful.

Announcing LimaCharlie Case Management: Built for agentic security workflows

Security operators often struggle with the escalating friction that naturally occurs in their detection and response (D&R) workflow. Detections fire in one tool. Investigations happen in another. Case tracking lives in a third. For MSSPs managing dozens of client environments, fragmentation compounds quickly. Analyst time bleeds into context-switching. SLAs are hard to track. When something goes wrong, reconstructing what happened across multiple platforms is painful.

Detection, endpoint isolation, and ticketing with one AI prompt

Most current demonstrations of AI in security operations are lackluster. You ask a chat interface a question, get a summary, and maybe a suggested next step. The operator still does all the work, at human speed. Meanwhile, adversaries are already deploying AI offensively against their targets. AI in SecOps must ultimately be an operator. Otherwise, the gap between adversary and defender will become too wide to bridge. LimaCharlie Co-founder, Christopher Luft, demonstrates a simple way to get started.

Agentic AI Security: Tune Detections with Threat Intel

Most AI detection engineering puts a human in the loop at every step. David Burkett envisions an efficient and effective pipeline architecture that does not. David is a security researcher at Corelight Labs and a longtime LimaCharlie community member. He appeared on a recent episode of Defender Fridays to walk through his vision of a fully agentic detection engineering pipeline. His system uses LimaCharlie as its operational backbone.

The AI attack surface with Katherine McNamara

Join us for this week's Defender Fridays as Katherine McNamara, Cybersecurity Technical Solutions Architect at Cisco, breaks down the expanding attack surface of AI and ML systems and what organizations need to do to secure them before it's too late. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Detection Engineering with LimaCharlie and Claude Code

Detection engineering is fundamentally a translation problem: rules need to be converted between formats, IOCs need to be converted into detection logic, and noisy alerts need to be converted into precise suppressions. That translation work is what consumes analyst time, and it's what Claude Code handles well.

How multi-agent systems work in LimaCharlie

This video walks through how single agents and multi-agent systems are built and run inside the LimaCharlie platform. Agents in LimaCharlie are defined declaratively. Each agent specifies the model it runs, its instructions, the tools it can access, what events trigger it, and the guardrails it operates under. This approach makes agents version controllable, reviewable, and portable across tenants.

Are we blindly giving AI access to everything?

Users are connecting AI tools without understanding the security implications. In this week's Intel Chat, Chris Luft and Matt Bromiley discuss a security breach at Vercel that originated from a compromised third-party AI tool used by one of its employees. The attacker gained control of the employee's Google Workspace account, which provided access to Vercel's internal environment.