L
If you're at RSAC this week, we'd love to connect!
Where to find us:
> Visit Booth #1268 in the South Expo Hall for a TRON VR experience and a hands-on demo of our AI integration!
> Join us for a happy hour tomorrow with our friends at Alpha Level — 6–9pm at Bourbon & Branch.
RSVP: https://luma.com/rsac-speakeasy-social?utm_source=limacharlie
We're co-hosting a speakeasy social with our friends at Alpha Level at RSA next week.
Wednesday, March 25 from 6-9PM at Bourbon & Branch, a genuine speakeasy that ran illegally through Prohibition, just blocks from Moscone.
Come connect with engineers, founders, and security leaders over craft cocktails and conversation about AI in the SOC.
Space is limited.
Register here: https://luma.com/rsac-speakeasy-social?utm_source=limacharlie
David Burkett, Cloud Security Researcher at Corelight, is back on Defender Fridays this week to discuss thinking in pipelines for AI agents.
Friday, March 13 at 10:30 AM PT
One week until our hands-on detection engineering workshop on March 18th at 10am PT, built for security professionals who want to integrate AI into their SecOps workflows.
You'll walk away with:
> Practical techniques for generating complex D&R rules from threat intelligence or observed behaviors
> A workflow for iteratively tuning existing rules using telemetry and historical alerts to cut false positives
> Automated testing and validation of new rules against simulated data before live deployment
> Hands-on experience connecting Claude Code to LimaCharlie's MCP server using LimaCharlie-specific Claude Skills
This session will not be recorded - register here: https://limacharlie.wistia.com/live/events/t8q5u3t9wx?utm_campaign=AI+SecOps+Workshop+1&utm_source=LinkedIn&utm_medium=social
Jensen Huang poured $10 billion into CUDA over a decade when no market existed for it. Investors called it a waste. He called it inevitable.
The same pattern is visible in SecOps today.
OpenClaw's rapid adoption despite known security vulnerabilities shows demand for operational AI has already outpaced the platforms built to govern it.
That gap between demand and safe infrastructure is exactly where market disruptions live.
Most AI in the SOC occupies the advisory lane: parsing logs, surfacing alerts, handing next steps back to an analyst.
LimaCharlie's Agentic SecOps Workspace was built on a different premise: AI should be a governed operator, not a consultant.
Because the platform is API-first, agents access every platform function with the same permissions model applied to human analysts, full audit trails, and fine-grained access controls that define exactly what each agent can read, write, and execute.
Organizations that build on foundations designed for autonomous operation now will hold the same structural advantage Nvidia held when the AI boom arrived.
Read the full post: https://limacharlie.io/
For MSSPs, standing up a fully configured tenant manually takes hours before a client environment is operationally useful.
Claude Code and LimaCharlie compress that entire process into a single prompt. The tenant gets created, the full Sigma community ruleset gets deployed, Git Sync gets enabled, and a linked GitHub repository gets stood up automatically.
Every configuration is versioned from day one and replicable across every subsequent client.
This works because Claude Code has full access to LimaCharlie, not just a summarized view of it. It provisions, configures, and manages infrastructure directly rather than generating instructions for an analyst to follow.
Full breakdown: https://limacharlie.io/blog/spin-up-a-configured-tenant-in-minutes-with-agentic-ai-security
While defenders debate AI, attackers are already using it at scale.
In this week's Intel Chat, Chris Luft and Matt Bromiley discuss how a Russian-speaking threat actor used generative AI to compromise over 600 Fortinet FortiGate firewalls across 55 countries in just two months.
Matt breaks down the impact: AI allowed this relatively unsophisticated actor to move through attack phases at unprecedented speed. An adversary that used to operate on a timeline of one month can now complete operations in one day.
His message to defenders with negative opinions about AI: walk into an incident response room for an organization dealing with this threat and tell them it's not a real industry threat. They'll disagree.
If adversaries can use AI to force multiply their operations, so can defenders.
The episode also covers North Korean IT worker operations generating $1.64M in fraudulent revenue, Cisco SD-WAN zero-day exploitation, and a controversial prediction about AI's economic impact.
Subscribe to The Cybersecurity Defenders Podcast: https://limacharlie.io/podcast?wchannelid=1bbncmrkw3&wmediaid=ajz1oh0bpq
David Burkett is back on Defender Fridays tomorrow. David is a Cloud Security Researcher at Redacted and founder of Magonia Research. This time he's talking about maximizing the value of IoCs and what's ahead for threat intelligence.
Join us live Friday at 10:30am PT / 1:30pm ET.
