Contributions

Technical articles, security research, CVE discoveries, and conference talks contributing to the security community. Sharing knowledge about DevSecOps, secure development practices, vulnerability research, and cybersecurity.

Published Articles

AI SecurityRed Hat Blog

AI Security Series

A four-part series exploring AI security for the enterprise — from the expanded attack surface of LLM-based systems, through model-lifecycle threats and prompt injection defenses, to identity and zero-trust enforcement for agentic AI.

1

Part 1: What does "AI security" mean and why does it matter to your business?

March 24, 20268 min read
2

Part 2: Mapping the AI attack surface: Vulnerabilities in the model lifecycle

March 25, 20268 min read
3

Part 3: Defending against prompt injection and unsafe actions

March 26, 20267 min read
4

Part 4: Identity and access control

March 27, 20266 min read
DevSecOpsRed Hat Blog

Unlocking DevSecOps brilliance: Ansible Lightspeed soars with Secure Development Lifecycle integration

Exploring how Red Hat Ansible Lightspeed integrates AI-powered automation with Red Hat's Secure Development Lifecycle (RH-SDL) to enhance security throughout the software development process. Learn about the collaboration between engineering and security teams to implement robust security controls.

March 29, 20244 min read
Read Article
Application SecurityRed Hat Developers

Automate dynamic application security testing with RapiDAST

A comprehensive guide to implementing automated Dynamic Application Security Testing (DAST) using RapiDAST. Discover how to streamline your security testing workflow and catch vulnerabilities early in the development lifecycle.

June 19, 202410 min read
Read Article

Conference Talks

DevSecOpsConference Talk

Introducing the Secure Life Cycle of Software Development (SDL)

Cloud Native Sevilla

A comprehensive talk introducing attendees to the Secure Development Lifecycle (SDL) and how to integrate security practices throughout the software development process. Covers practical implementation strategies and real-world examples.

2024
Watch Talk

Security Research & CVE Discoveries

CVE-2025-48956Vulnerability Research
CVSS 7.5 HIGH

Denial of Service Vulnerability in vLLM

Discovered a critical DoS vulnerability in vLLM (inference and serving engine for LLMs) that can be triggered by sending a single HTTP GET request with an extremely large header, resulting in server memory exhaustion. The vulnerability affects versions 0.1.0 to 0.10.1.1 and has been assigned a CVSS score of 7.5 (HIGH).

Weakness:CWE-400: Uncontrolled Resource Consumption
Affected Versions:0.1.0 to < 0.10.1.1
Fixed Version:0.10.1.1
Published:August 21, 2025
View on NVDGitHub Advisory

Topics Covered

DevSecOpsSecure Development LifecycleApplication SecurityDASTAutomationAnsibleSecurity TestingCloud NativeVulnerability ResearchCVE Discovery