Teri Radichel :: Security and Technology Research : Subscribers

Tracking AI Success Rate On An AWS Infrastructure Project

Teri Radichel — Wed, 03 Jun 2026 22:47:23 GMT

Code Structure For An AI Generated Infrastructure Deployment Script

Teri Radichel — Fri, 29 May 2026 18:25:23 GMT

This is part of my series of blog posts on creating an AWS Bootstrap Script to set up secure AI agent infrastructure.

In the last post I explained My Methodology For Writing an Infrastructure Script With AI Agents

Overview

I wrote about the general methodology I’m using to write my bootstrap script in the prior post. Now I’m going to expand a bit more on the structure of the code and why it matters. I also cover some software engineering principles that vibe coders with no prior software engineering experience may want to know.

Organizing your code so an agent can quickly find it
Menus and file names in bash
Protecting critical code From unwanted revisions
Agents are really bad at the DRY principle
Linked lists vs. numbered list
Measuring lines of code written with AI
Consistent user interface (UI) challenges

Subscribe for more posts like this and follow Good Vibes.

— Teri Radichel

My Methodology For Writing an Infrastructure Script With AI Agents

Teri Radichel — Thu, 28 May 2026 18:54:37 GMT

Overview

There are different ways to code with AI. I’m going to tell you a bit more about my approach on this specific project in this post. As I do, you will start to understand why my README.md file alone and maybe even my full script won’t work for you if you wanted to reproduce the script I wrote with AI.

However, understanding my architecture and app…

Securing Your AI Agent Infrastructure

Teri Radichel — Wed, 27 May 2026 17:49:35 GMT

Reducing Token Burn Rate With A Well-Designed Architecture

Teri Radichel — Mon, 20 Apr 2026 18:18:18 GMT

I’ve been reading how companies have already burned through their AI budget for the year. It’s mid-April. I just spoke at the Computer History Museum on How I use AI for Penetration Testing and part of that talk was a consideration of how the cost of tokens is not sustainable due to lack of ROI. Throwing more hardware at the problem is like throwing gasoline on a fire at this point. But what alternatives do we have?

Read on for an example of designing an architecture to reduce token burn with a deterministic Lambda troubleshooter.

How I Use AI for Pentesting

Teri Radichel — Wed, 15 Apr 2026 19:07:57 GMT

Last week I spoke at the AWS Security Community Day in Mountain View California at the Computer History Museum. It was a great event and I got to hang out with some of my fellow AWS Heroes and some AWS folks working in AI security. I also appreciate all the attendees who joined the event. It was fun meeting and talking to new people and old friends!

You…

Anthropic Mythos

Teri Radichel — Wed, 15 Apr 2026 19:02:34 GMT

Anthropic has provided limited access to a new model they say is so good at finding vulnerabilities that they cannot release it to the public. Is it really?

Let me start by telling you no hot takes here. We can’t know much about Mythos beyond the data that has been released but I look forward to testing it out if and when I get access.

This post is more …

How I Use AI for Penetration Testing

Teri Radichel — Sun, 05 Apr 2026 21:40:33 GMT

I’m honored to be speaking at the AWS Security Community Day again this year. Come have a chat about the impact of AI on penetration testing, bug bounties, and learn about how I use AI for pentesting.

Here’s a teaser…

What I've Vibe Coded in 2.5 Weeks

Teri Radichel — Tue, 24 Mar 2026 16:56:26 GMT

On March 7th, 2026 I published a post about creating a way to push a Yubikey to run a job. As always one thing led to another and here I am again, essentially trying to set up a common infrastructure to execute batch jobs (or if you must, AI agents, though not all my jobs use AI).

In this post I’ll tell you what I have accomplished since that date as of…

Where Are The Private Bits of FIDO2 Compliant Passkey Stored?

Teri Radichel — Mon, 23 Mar 2026 15:02:56 GMT

Here’s the question I want to answer definitively in this post.

When I register a Yubikey with a particular website - where are the private cryptographic bits stored associated with that registration? Are they stored in Google Password Manager? In the TPM on my phone, tablet, or Laptop? Or are they stored on the Yubikey itself?

I’ll also explain why I car…

AI Agent DNS Leaks

Teri Radichel — Fri, 20 Mar 2026 18:27:48 GMT

I recently read about researchers exposing a vulnerability in the AWS Bedrock Agent related to DNS leaks. They got a whole $100 in swag from AWS for this finding.

Now before you gasp in horror, consider this.

Here’s the problem - we need DNS for anything to work at all. We can’t block it. DNS is required to look up the domain names used to reach AWS servi…

A Script To Monitor Application Network Connections

Teri Radichel — Sun, 08 Mar 2026 06:40:25 GMT

In this post I’m going to provide a script you can use to inspect your network connections to determine if you have something suspicious in your network traffic.

After reading about the Lexus Nexus breach I started thinking about how you might be able to spot a reverse shell or other rogue activity on your system. There are many ways to go about this, b…