About

A cloud security practitioner translating AI agent security for the leaders responsible for shipping it. Tested findings in plain terms, for the people deciding how fast to move.

About

I'm Josh Botz, a cloud security practitioner. I'm working out AI agent security the only way I trust: by building the agents myself, handing them real tools and real access, and testing how they break.

This site is that work, in the open.

Nobody has AI agent security figured out yet - the technology arrived faster than anyone responsible for it could keep up. That's exactly why I test instead of guess. (AI agents are software that reads your data, picks up real tools, and acts without a person approving each step.) The vendors selling them won't show you how they fail, and most of the research is written either for academics or for headlines. So I run the experiments myself and write down what actually happens - including the times the attack does nothing.

If you lead security somewhere, you already know the bind: pushed to adopt these things, afraid of the mistake you can't take back, afraid of being the one who slowed the company down. What I'm building is what I'd want in your seat - somewhere a practitioner does the hands-on testing and hands back the part you can actually use: what the attack was, whether it worked, how often, and what stops it.

Here's my promise about what you'll read. When a finding is mine, I show you how I got it: the setup, the runs, the mistakes. When the good work is someone else's, I say so and point you to them. And I'll tell you where a result stops being reliable - one model, one setup, one afternoon points somewhere worth looking, but it doesn't settle the question. You'll always know how much weight a number can carry. I'd rather give you one thing you can stand behind than ten you can't.

How I got here

Years in cloud security and GRC: FedRAMP, continuous monitoring, vulnerability management, and the governance and compliance side, including contract work for Fortune 500 companies and U.S. Intelligence Community programs. Some of that work put me on the attacking side - talking my way past people's defenses, with their sign-off - which is why the cons that fool an AI agent look familiar to me. They're the same ones that have always worked on people.

Further back, I started in the Army as a cryptologic linguist, trained in Arabic and working in intelligence, in rooms that ran from the field up to the White House and the National Security Council. The subject keeps changing; the skill underneath never does - take a pile of messy, sensitive information and turn it into something the person who has to decide can actually use. That's still what I'm doing here.

What you'll find

Four kinds of writing, each built to leave you with something you can act on.

  • Attack surface breakdowns. Where AI agents actually get attacked, in plain terms.
  • Incident autopsies. A real breach or CVE, how it worked, and the weakness sitting underneath it.
  • Frameworks translated. What a governance framework is really asking you to do.
  • From the lab. What broke when I set out to break it myself - the proof the rest stands on.

The newsletter is where all of it lands first, and in full. One email a week: what I found, and what to do about it.