Secure Steps with BegimherAI Security field notes

Start Here AI Security Work Blog About Subscribe

Selected Work

Open-source tools, AI security research, publications, and talks.

A curated index of public-safe work across developer-first security tooling, AI security research, AWS and CSA publications, and conference sessions.

Open source

Automated Security Helper

Developer-first security scanning for local and CI/CD workflows. Current headline metric: 200k+ monthly clones.

AI security research

AI Leak Watch

A public dashboard that tracks potentially exposed AI provider keys on GitHub and explains why secret leakage gets more serious in agentic systems.

AI agent evaluation

SIR-Bench

A benchmark for evaluating whether security incident response agents conduct real investigation or simply repeat alert context.

Publications & Research

Selected public writing, research, and framework contributions.

2026

SIR-Bench: Evaluating Investigation Depth in Security Incident Response Agents

arXiv paper on measuring investigation quality, novel evidence discovery, and tool use in autonomous security incident response agents.

2025

Accelerate investigations with AWS Security Incident Response AI-powered capabilities

AWS Security Blog announcement and technical walkthrough for AI-powered security investigations.

2025

Implementing Defense-in-Depth Security for AWS CodeBuild Pipelines

AWS Security Blog guide for hardening CI/CD pipeline configurations and CodeBuild workflows.

2024

Cloud Security for Startups 2024

Cloud Security Alliance whitepaper.

2024

Understanding Cloud Attack Vectors

Cloud Security Alliance publication.

Framework

AWS Well-Architected Security Pillar

Application Security section contribution.

Talks

Selected conference sessions, workshops, videos, and demos.

2026 / Upcoming

RBLN East: SIR-Bench

Evaluating investigation depth in security incident response agents, with Cristian Leo.

2025

AWS re:Invent: From Code to Cloud

Building AppSec programs with AWS and agentic AI for AppSec.

2025

AWS re:Inforce: Improve Code Quality with Amazon Q Developer

AI-assisted security across the SDLC.

2024

AWS re:Invent: Mitigating OWASP Top 10 CI/CD Security Risks

Session slides on securing CI/CD pipelines with AWS services.

2024

Cyber Week: Common Threat Actor Tactics

Cloud threat tactics observed by the AWS Customer Incident Response Team.

2024

AWS re:Inforce: Build a More Secure Generative AI Chatbot

Workshop on prompt injection, jailbreaking, Amazon Bedrock, and security guardrails.

2023

AWS re:Inforce: Integrating Open-Source Security Tools with AWS Code Services

Hands-on workshop using ASH and AWS developer services to bring security testing into build and deployment flows.

2023

AWS re:Inforce: Security Incident Response in Amazon EKS

Incident response patterns for Amazon EKS environments.

2022

AWS Summit Tel Aviv: Lessons from the Front Lines of Incident Response

Hebrew session from AWS Summit Tel Aviv on lessons learned from real-world incident response.

Secure Steps with Begimher

Practical AI security, cloud security, AppSec, open-source security tools, and career guidance. Opinions are my own.

LinkedIn GitHub AWS Security Blog