324 saved links, 2017–2026 (peak: 2023). The corpus tells a two-act story: act one is classic DevSecOps and cert-collecting (OWASP cheat sheets, Security+, zero trust, the great 2023 hashtag flood); act two, starting mid-2024, is almost entirely AI security — securing agents, and using agents to do security. Both directions of that arrow run straight through your current work.
Related: AI Agents · LLMs · DevOps · Azure · Kubernetes
Agent security — the new center of gravity
- OWASP Top 10 for Agents — the reference; your save warns “don’t fall into the same trap.”
- the agentic AI security primer on martinfowler.com — the best conceptual overview of the problem.
- Agent Engineering 101: software, systems, and security in practice.
- Agent Governance Toolkit — security middleware for autonomous agents · the security architecture of GitHub Agentic Workflows.
- a 7-layer multi-agent architecture with observability and security built in · “security before agents” — the architectural argument.
- 10 tips to protect your agents (Google Cloud) · the Agent Factory podcast episode on agent security.
- Scanners and skills: Agentic Radar — maps agent workflows and their vulnerabilities · AI security skills for agent-assisted testing across appsec, cloud, and LLMs.
- “it’s your agent — don’t put it in a group chat” — the primer with the memorable warning.
LLM & MCP security
- OWASP Top 10 for LLM applications · how the list changed year over year · remediating each item with Promptfoo.
- MCP security: prompt injection, tool poisoning, token theft — the Microsoft guide for anyone wiring agents to tools.
- indirect prompt injection could upend chatbots and the original indirect-prompt-injection research repo.
- Anthropic’s Sleeper Agents paper — “this is not a hypothetical attack vector.”
- open-source LLM security scanners, catalogued · the OWASP AI Exchange + owaspai.org.
- managing AI security risks — the CISO workshop.
DevSecOps — the practice
- the Ultimate DevSecOps library — the reference repo.
- the DoD DevSecOps Fundamentals Guidebook and NSA/CISA: Defending CI/CD Environments — surprisingly good government issue.
- DevSecOps University — books, tutorials, tools.
- the vulnerability-management lifecycle · GitHub Actions workflow security best practices · CI/CD security risks and best practices.
- “DevSecOps Worst Practices” — learn from the anti-patterns, laughing.
- intro to static analysis and CodeQL · DefectDojo for vulnerability management.
Cloud security & zero trust
- Zero trust: Microsoft’s free Zero Trust workshop (video walkthrough) · NIST’s zero-trust model for cloud-native apps · applying zero trust to Azure IaaS workloads.
- the OWASP Cheat Sheet Series — the perennial reference, here via cloud architecture security.
- Azure: the Azure Network Security workshop labs · a cloud-administration tiering model for Entra · the AZ-500 study guide · identity as a core skill.
- Kubernetes & containers: OWASP Kubernetes Top 10 · the container security checklist · Simulator — break a real cluster, legally.
- awesome cloud security labs — CTFs and guided vulnerability labs · the AWS KMS threat model · threat-modeling libraries.
- “firewall rules protect resources, not perimeters” — the one-line mental-model shift.
Identity & OAuth
- the illustrated guide to OAuth and OpenID Connect — still the best first read.
- OAuth explained (for the Matt Levine readers) · Flow Analyzer for testing OAuth 2.0 flows.
AI for security operations
The reverse direction: agents as defenders — the future of your old on-call life.
- Google: accelerating incident response with generative AI · AI and incident response.
- Security Copilot: what it is and how it works (video) · dynamic prompt suggestions in investigations · the Security Copilot book repo — prompts, promptbooks, plugins.
- Azure OpenAI KQL query packs — Rod Trent’s Sentinel toolkit.
- Reaper — open-source AppSec testing built for AI · agentic workflow automation for AppSec and fuzzing · GPT-4o vision for threat-intel time series.
Certs & foundations
- Microsoft’s free Security-101 curriculum · Microsoft Security Academy · the security course foundation list.
- Security+: the SY0-701 guide, cheat sheets, and objectives · free SY0-701 study material with a 90-day plan.
- CompTIA SecAI+ — the free-while-in-beta AI security cert — the cert that matches where the field went.
- Project Security — free hands-on homelab training · the SANS free cyber academy · Stanford’s web security course, labs and all.
- security interview questions across AppSec, pentest, cloud, and DevSecOps.