Advertisement · 728 × 90

Posts by Jerrad Dahlager

Preview
Block Prompt Injection at the Network Layer with Entra Prompt Shield Deploy Microsoft Entra Internet Access Prompt Shield to block prompt injection and jailbreak attacks at the network layer before they reach the AI model. Full hands-on lab with TLS inspection, convers...

I deployed Microsoft Entra Prompt Shield and tested it against real jailbreak payloads on ChatGPT and Gemini. Adversarial prompts blocked at the network layer before reaching the model.

nineliveszerotrust.com/blog/prompt-...

#AISecurity #PromptInjection #ZeroTrust

3 weeks ago 0 0 0 0
Preview
Detecting OAuth Redirect Abuse with Microsoft Sentinel and Entra ID Microsoft warned about OAuth redirect abuse enabling phishing and malware delivery. Build Sentinel analytics rules, hunting queries, a security workbook, and Entra ID hardening policies to detect and ...

OAuth redirect abuse in Entra ID is worth watching.

New post with 4 Sentinel detections, hunting queries, and hardening steps:

nineliveszerotrust.com/blog/oauth-r...

#EntraID #OAuth #MicrosoftSentinel

1 month ago 0 0 0 0
Preview
March 2026 Entra ID Changes: Passkey Auto-Enablement and Conditional Access Enforcement Microsoft is auto-enabling synced passkeys and closing a Conditional Access gap in March 2026. Both changes affect tenants that have not explicitly configured their settings. This post covers how to a...

If attestation is disabled, Microsoft will allow synced passkeys by default. One of two Entra ID changes is auto-rolling this spring.

Breakdown with audit scripts and architecture guidance.

nineliveszerotrust.com/blog/entra-march-2026-passkeys-ca/

#EntraID #Passkeys #ZeroTrust #CloudSecurity

2 months ago 0 1 0 0
Post image

Service principals can't activate PIM roles. AI agents and CI/CD pipelines get standing privilege 24/7 for tasks that take minutes.

Built a Zero Standing Privilege gateway with Azure Functions. Auto-revoke, full audit trail.

nineliveszerotrust.com/blog/zero-st...

#ZeroTrust #Azure #AgenticAI

2 months ago 0 0 0 0
Post image

New post: Building a serverless edge prompt filter for LLM security

Catches injection attacks + PII at the edge before semantic analysis. One layer in defense-in-depth.

Full post + Terraform lab: nineliveszerotrust.com/blog/llm-prompt-injection-firewall/

#AISecurity #AWS

3 months ago 0 0 0 0

I’m with you. I think the biggest win is shifting trust from a central signing key to verifiable workload identity. The build proves which repo and workflow produced the artifact, and a transparency log keeps it auditable. Less attack surface than PKI, especially in CI without key custody headaches.

3 months ago 0 0 0 0
Preview
Sentinel MCP Server: Securing Your SOC's New AI Attack Surface Microsoft's Sentinel MCP Server lets AI agents query your security data lake. Here's what that means for your attack surface, and how to lock it down.

Microsoft’s Sentinel MCP Server went GA. Sentinel logs contain attacker-influenced fields. When AI processes this data, prompt injection becomes possible.

Walkthrough on setup, attack vectors, and hardening below.

nineliveszerotrust.com/blog/sentine...

#MicrosoftSentinel #AISecurity #MCP

3 months ago 0 0 0 0
Preview
Secure Your Container Supply Chain: SBOM, Signing & Attestation with GitHub Actions Build a keyless container pipeline with vulnerability scanning, SBOM generation, signing, and build provenance - no long-lived secrets required. Complete GitHub Actions workflow included.

No keys to rotate. No secrets to leak.

New post: Container supply chain security with GitHub Actions - vuln scanning, SBOM generation, keyless signing, and SLSA provenance.

Stack: Trivy, Syft, Cosign + Sigstore.

Blog + repo:

nineliveszerotrust.com/blog/contain...

#DevSecOps #infosec

3 months ago 1 0 1 0
Advertisement
Post image

A common Terraform misconception: sensitive redacts output, not state.

sensitive=true only redacts output. Secrets still end up in state/plan files.
1.11’s write-only args fix this.

Hands-on guide with AWS + Azure examples

nineliveszerotrust.com/blog/terrafo...

#CloudSecurity #DevSecOps

3 months ago 0 0 0 0
Preview
Nine Lives, Zero Trust A cloud security blog about systems, resilience, and always landing on your feet. By Jerrad Dahlager.

First post! Glad to be here on Bluesky.

Nine Lives, Zero Trust is live. 🚀

I write about cloud security & the stuff that keeps defenders up at night.

Three cats taught me nothing should be trusted, especially at 3 AM.

nineliveszerotrust.com

#CloudSecurity #InfoSec #ZeroTrust #DevSecOps

3 months ago 1 0 0 1