Cloud Security

View All Blockchain & Investigations Anti-Forensics Web Security Red Team Cloud Security

Detecting Rogue MCP Servers and Shadow AI Agents on Endpoints with Wazuh

A custom Wazuh rule pack and reproducible Docker lab that catches rogue MCP servers, shadow AI agent activity, and indirect prompt-injection chains on engineering endpoints. 5 decoders, 13 rules, MITRE ATT&CK mapped.

Cloud Security 9 min read

Wazuh on K8s: 7 Frameworks, Auto-Remediation, One Chart

How I built an open-source Helm chart that deploys Wazuh agents with CIS, NIST 800-53, PCI-DSS, HIPAA, SOC2 compliance, MITRE ATT&CK runtime detection, admission webhook enforcement, and auto-remediation — replacing 5 tools with one deploy.