Hey AI-CSL, The community is closing on June 25. Honestly: work and family need more of me right now. I'm spread too thin, and the community is one of the pieces stepping back, unfortunately. This was never my intention for the community and I ask for your forgiveness and patience through the transition. Before you go, here's what stays and what to do: The Wazuh AI SOC Lab is yours, free, public, on GitHub. Find it at https://github.com/joshbotz/wazuh-ai-soc-lab. It's yours to use, fork, or build on - no login, no paywall. If learning AI + security hands-on is what brought you here, this is the part worth keeping. An AI-agent (Mateo) leads you through the whole thing! Pretty cool stuff. Drop any questions in the community by June 20 and they'll get a real answer. Stay loosely in touch on LinkedIn. https://linkedin.com/in/joshbotz - that's the easiest way to reach me. Thanks for being part of this. If the lab helped you, drop a quick note below - I'd love to read it. Keep building! ~ Josh

Given the wide the adoption of Agentic AI, I have found have that you can adopt those aspects you learn from the Josh's project that you can actually utilize what you learned across all popular cloud providers. I am planing on utilizing something similar, but instead of claude code I am utilizing N8N which is a great alternative that you can apply to something like this. Otherwise, they are both great tools for your purposes in cloud security. I am also using the GCP Cli to integrate with this as well with wazuh, firewalls, virus total api, and self healing for the host machine. I give credit to Josh is community and I think he is an excellent resource to learn on your cyber security journeys you embark on towards cloud security. 🙂 Thank you

Quick guide to the channels and the culture. 👋 General: Questions, conversations, intros, anything that doesn't fit a specific channel. Good starting point. 🔔 Updates: Announcements from Josh. New courses, live sessions, resources. Worth watching. 💬 Discussion: Tools, industry news, "has anyone tried X," security topics you're thinking through. 🚀 Wins: You shipped something, deployed something, landed an interview, saved 3 hours at work with a prompt. Post it. Context matters more than polish — tell us what you did and what happened. 🏗️ Build Questions: Stuck on a lab, a tool, or a concept? Post here. Include what you're trying to do, what you've tried, and where you hit the wall. Screenshots and error messages help a lot. 🍺 Fun: Memes, hot takes, AI-generated nonsense. Keep it loosely relevant. 🧠 AI Signals: The latest news at the intersection of AI and cloud security. The culture here is simple: We're practitioners. Share what you actually built, not what you planned to build. Ask real questions. Give direct answers. Assume good intent. If you use AI to help you write a post, that's fine — but add your own thinking. Low-effort AI-generated content with nothing original behind it doesn't help anyone. Spam and self-promotion without contribution get removed. Questions? Drop them in General. — Josh

Air Canada's chatbot invented a bereavement refund policy. A tribunal made them honor it. A Chevy dealer's bot got prompt-injected into appearing to agree to sell a Tahoe for $1, and the screenshots were on every tech feed by dinner. Those were the public ones. The customer-facing ones. The ones we laughed at. The agents getting wired into your cloud right now have a much bigger blast radius: – A Slack bot with read access to S3 that summarizes "any file a teammate drops in #ops" – A Jira agent with an IAM role that can spin up infra to "help triage tickets" – A Copilot-style assistant with Graph API scopes across SharePoint, Outlook, and Teams – An IR copilot reading raw CloudTrail and GuardDuty findings into its context window Every one of those is a prompt-injection sink. And the version that bites cloud teams isn't the direct kind — it's indirect injection: the attacker never talks to your agent. They leave a string somewhere your agent will read. A malicious filename in a bucket. A poisoned Jira description. A calendar invite with hidden instructions. A log line crafted to look like a system prompt. Microsoft already shipped a CVE this year for exactly this — EchoLeak / CVE-2025-32711, zero-click data exfil out of Microsoft 365 Copilot. That's the category, not an outlier. The control surface most people skip: the agent's IAM role and OAuth scopes are the actual blast radius — the prompt layer is just where the attacker pulls the trigger. If you're a Terraform shop, that means scoped roles, tight trust policies (ExternalId, condition keys, session tags), no * on the resource side, and tool allowlists that are deny-by-default with an audit log on every call. The prompt-side filters are a backstop, not the perimeter. This is what "we'll figure out AI security later" actually costs in a cloud shop: – An agent with an over-scoped IAM role does something that lights up a SOC 2 CC6.1 finding – Customer data leaves through a model context window instead of an S3 bucket policy – Your detection stack never fires because the "attack" is just text.

Check out this cool graphic @Stephanie Macahis made!