0:00
This week, Datadog is tracking coordinated GitHub
0:03
API enumeration using ghost accounts, leaked
0:06
tokens, and normal-looking API traffic, which
0:10
is a reminder that public metadata can still
0:13
become operational intelligence. xAI's Grok Build
0:17
CLI reportedly transmitted repository data without
0:22
redaction. So the AI coding tool question is
0:25
not just, does it help me build faster? It
0:28
is, what did it read? And where did that data
0:31
go? AWS Security Hub added Network Scanning and
0:35
exposure impact analysis, which gets cloud security
0:39
closer to the attacker's view. What is actually
0:43
reachable? And what can that reachable thing
0:46
access next? And Microsoft says AI-powered vulnerability
0:51
discovery is changing patch management. More
0:54
bugs found faster means more pressure on the
0:58
teams that have to test, deploy, and recover
1:01
from patches. Put those together, and the theme
1:04
this week is exposure. Who can map your systems?
1:08
Who can read your code? Who can reach your infrastructure?
1:12
And who owns the response when the map gets too
1:15
accurate? I'm Brian Teller from Teller's Tech,
1:18
and this is Ship It Weekly. Welcome back to Ship
1:38
It Weekly, the show about the DevOps, SRE, cloud,
1:42
platform, and security stories that actually
1:44
matter when you are the person who has to keep
1:47
the thing running at 3am. If you are new here,
1:49
follow or subscribe wherever you are watching
1:52
or listening. And if you want the weekly story
1:54
list and source links, check out OnCallBrief
1:57
.com. For past episodes, full show notes, and
2:01
more from the show, head over to ShipItWeekly
2:04
.fm. This week, we start with GitHub API enumeration
2:08
because attackers do not always need an exploit
2:11
to build a useful map of your organization. Then
2:16
we get into Grok Build CLI and the data boundary
2:19
around AI coding tools. After that, AWS Security
2:23
Hub Network Scanning and impact analysis. Then
2:27
Microsoft's warning that AI-powered vulnerability
2:30
discovery may mean more patches, faster timelines,
2:35
and less room for slow change management. In
2:38
the lightning round, HalluSquatting, Cloudflare
2:41
control plane incidents, node-tar CVEs, ServiceNow
2:46
authentication risk, quantum procurement pressure,
2:49
and Lambda Managed Instances for Java cold starts.
2:54
And we close with something from SRE Weekly about
2:57
post-incident reviews, authority gaps, and the
3:01
difference between documenting an incident and
3:04
actually learning from it. Let's get into it.
3:11
First up, Datadog Security Research published
3:15
a write-up on coordinated GitHub API enumeration
3:18
and access token abuse. This one matters because
3:22
it is not a flashy exploit story. No zero day,
3:26
no dramatic breach chain, just API traffic. Datadog
3:31
is tracking campaigns that use GitHub's API to
3:35
enumerate organizations, repositories, users,
3:39
members, followers, public repos, private repo
3:43
paths. and related metadata. Some of that data
3:46
is public by design. That is the uncomfortable
3:49
part. Public repos, org details, user profiles,
3:54
REST endpoints, GraphQL queries, relationships
3:58
between people and projects. Individually, those
4:02
answers may look harmless. At scale, they become
4:06
a map. Who works at the company? What naming
4:10
patterns exist? Which internal project names
4:13
leak into public references? Which private repo
4:17
paths might exist? Which users are worth targeting?
4:21
Recon is not harmless just because the data is
4:25
public. Datadog also called out ghost accounts.
4:29
Older GitHub accounts created years ago, left
4:32
dormant, and later used for API traffic across
4:36
many organizations. An old account blends better
4:40
than one created yesterday. Then add compromised
4:44
OAuth tokens or personal access tokens, and enumeration
4:48
can turn into access. Now, the actor may be probing
4:52
private repo paths, listing repos, checking commit
4:56
history, or cloning code. The takeaway is simple.
5:00
Treat GitHub like a production surface, not just
5:03
source control. Watch Token Scopes. OAuth apps,
5:07
old PATs, dormant users, outside collaborators,
5:11
audit logs, GraphQL usage, private repo path
5:15
probes, and sudden bursts of API activity. GitHub
5:20
holds the instructions for how your company builds
5:23
and ships software. Attackers know that. Your
5:28
GitHub org is part of your attack surface. Second
5:36
story. On Call Brief flagged reports that xAI's
5:40
Grok Build CLI transmitted repository data and
5:45
file contents without redaction. The details
5:49
around one tool may change. The bigger lesson
5:52
does not. If an AI coding tool reads your repo,
5:56
that is access. If it reads your dot env file, Terraform,
6:01
Helm charts, Kubernetes manifests, runbooks,
6:05
incident notes, or internal docs, that is access.
6:09
And if it sends that context to a cloud service,
6:13
that is data movement. That means security, legal,
6:17
compliance, and platform teams need to know about
6:21
it. We spent years building controls around source
6:24
code, private repos, SSO, branch protections,
6:28
secret scanning, vendor reviews, access reviews,
6:33
least privilege. Then an AI coding tool shows
6:36
up and says, I can help you build this app. Cool.
6:41
But what can it read? Where does the data go?
6:44
Is it retained? Is it used for training? Does
6:48
it respect ignored files? Does it read Git history?
6:52
Does it upload the whole repo or selected context?
6:55
Can the organization audit usage? Those are not
6:58
boring procurement questions. Those are production
7:02
security questions. Repos are not just code.
7:06
They contain architecture, service names, build
7:09
pipelines, IAM assumptions, deploy rules, vulnerability
7:14
hints, and sometimes secrets. The lesson is not
7:19
never use AI coding tools. That ship has sailed.
7:22
The lesson is to stop treating them like harmless
7:25
editor plugins. They are repo readers. Sometimes
7:30
they are command runners. Sometimes... They are
7:33
package installers. Sometimes they are cloud
7:37
-connected agents sitting next to your source
7:40
code and local environments. So they need policy,
7:44
review, and boundaries around where they can
7:47
be used. Because it was just on my laptop is
7:51
not a data boundary. Quick break from the news.
7:54
The Ship It Weekly shop is officially open at
7:58
shop.tellerstech.com. I've got a few Ship It
8:01
Weekly t-shirt designs up there now. And I spent
8:04
way too much time sourcing the actual shirts
8:06
because I wanted them to feel like good trade
8:09
show shirts people actually keep. Think of those
8:12
soft Datadog style shirts that you get at conferences
8:15
and somehow still wear two years later. That
8:19
was the target. I'm wearing one of those now
8:21
so you can get a feel for it on video. If you
8:24
want to support the show and rep the merch a
8:26
little bit, head over to shop.tellerstech.com.
8:29
For the next few weeks, coupon code SHIPTHESTORE
8:33
gets you 20% off your order. That is SHIPTHESTORE.
8:37
Again, shop.tellerstech.com. All right, back
8:41
to it. Third story. AWS Security Hub added network
8:49
scanning and impact analysis for exposure findings.
8:54
The short version. Cloud security is moving from
8:57
this might be exposed based on configuration
9:00
to we checked from the outside, this is actually
9:04
reachable, and here is what that exposure could
9:07
lead to. That is useful. Network scanning probes
9:11
resources from the internet to identify actual
9:14
reachability, not just what the route tables,
9:16
security groups, and diagrams suggest. Actual
9:20
reachability. Public IPs. Virtual machines. Load
9:24
balancers. Reachable ports. Services behind them.
9:28
That matters because cloud reality drifts. A
9:32
public IP gets attached during troubleshooting.
9:35
A port gets opened and forgotten. A test load
9:38
balancer lives forever. A Kubernetes service
9:42
becomes public because someone copied a helm
9:44
value from dev. Config analysis is helpful, but
9:49
active scanning gets closer to the attacker's
9:52
view. Can I reach it? What port is open? What
9:56
service is there? What evidence proves it? Then,
10:00
impact analysis adds the blast radius side. AWS
10:04
says Security Hub can map downstream resources
10:07
that could be compromised beyond the initial
10:11
exposed resource. That matters because exposure
10:14
alone is not the whole story. An exposed test
10:18
box with no useful permissions is one kind of
10:22
risk. An exposed instance with a role that can
10:25
read production secrets, write to S3, or reach
10:29
a database is a very different risk. So do not
10:32
only prioritize by severity label. Prioritize
10:36
by reachability and blast radius. Public and
10:40
reachable matters. Public and reachable with
10:43
dangerous IAM matters more. And when something
10:47
is exposed, do not stop at closing the port.
10:51
Ask who owns it, how long it was exposed, what
10:55
it could access, what logs prove activity, and
10:58
what prevents it from coming back. The tool finding
11:02
the exposure is only step one. Someone still
11:06
has to own the cleanup. Fourth story. Microsoft
11:14
published a post about evolving Windows vulnerability
11:18
management. for AI-powered discovery. And even
11:22
if you are not managing Windows endpoints, the
11:25
larger trend matters. AI is not just helping
11:29
people write code faster. It is helping defenders
11:32
find bugs faster. It is helping researchers analyze
11:36
code faster. And eventually, attackers get better
11:39
at this too. Microsoft talked about using an
11:43
agentic scanning harness called MDASH. to analyze
11:48
Windows at scale with multiple models, validation,
11:52
human review, and then high confidence findings
11:55
going to engineers. The operator takeaway is
11:58
that faster discovery means more update pressure.
12:02
A lot of companies still treat patching like
12:05
a monthly chore. Patch Tuesday happens. Vulnerability
12:08
teams triage. Endpoint teams test. App owners
12:11
delay. Exceptions pile up. Someone asks if it
12:15
can wait until the next window. That rhythm already
12:18
struggles. AI-accelerated discovery makes the
12:22
tempo worse. More findings. Faster analysis.
12:26
Shorter response windows. More pressure to know
12:29
what is actually affected. This does not mean
12:33
patch everything instantly and hope. Patching
12:36
is still production change. Patches break things.
12:40
Agents break things. Middleware breaks things.
12:44
Security fixes can have side effects, but patching
12:47
needs to look more like a real operational system.
12:51
Known inventory, staged rollout, rollback, ownership,
12:57
emergency paths, and coverage reporting, not
13:01
spreadsheet theater. If your patch process depends
13:04
on 10 people manually asking app owners how they
13:08
feel, AI is going to make that pain worse. Security
13:12
updates are becoming production operations, so
13:16
they need production-grade process around them.
13:26
Quick lightning round. First, HalluSquatting.
13:29
AI coding agents can hallucinate package or repo
13:33
names, and attackers can squat those names ahead
13:37
of time. If the agent tries to install the fake
13:40
dependency, it can pull malicious code. Do not
13:43
let agents install packages just because the
13:47
name sounds plausible. Second, Cloudflare had
13:50
dashboard and API incidents. The edge may keep
13:54
serving traffic, but if the dashboard or API
13:57
is down, incident response can still be impaired.
14:01
Data plane and control plane are different things.
14:05
Both matter. Third, node-tar had a cluster of
14:10
denial of service issues. Archive parsing sits
14:13
in package managers, build systems, CI jobs,
14:17
artifact handling, upload pipelines, and scanners.
14:21
If you accept archives from untrusted sources,
14:25
tar parsing bugs matter. Fourth, ServiceNow had
14:29
a requires authentication equals false issue.
14:32
One unauthenticated REST endpoint in a platform
14:35
that holds tickets. assets, workflows, and incident
14:40
context can become an enterprise data exposure
14:43
problem fast. Fifth, France is pushing quantum
14:46
risk into procurement language. That is how post
14:50
-quantum migration becomes real. Procurement,
14:54
compliance, vendor questionnaires, and data retention
14:57
expectation. And last, AWS wrote about Lambda
15:02
-managed instances for Java cold starts. Serverless
15:06
keeps getting features that look more like managed
15:10
capacity under the hood. That is not bad, but
15:13
the abstraction is not magic. Cold starts, warm
15:17
capacity, runtime behavior, and cost still matter.
15:30
The human closer this week comes from SRE Weekly.
15:35
Issue 525 had a few pieces around post-incident
15:38
reviews, human-in-the-loop authority gaps,
15:41
and whether teams confuse collecting artifacts
15:44
with actually learning. That fits this episode,
15:48
because this whole week is about maps and exposure.
15:52
Datadog is talking about attackers mapping GitHub
15:56
organizations. Grok Build raises the question
15:59
of what AI coding tools read. Security Hub is
16:04
mapping what is reachable from the internet.
16:06
Microsoft is talking about AI finding vulnerabilities
16:10
faster. Maps are useful, but maps do not fix
16:15
anything by themselves. An exposure finding does
16:19
not close the port. An API log does not revoke
16:23
the token. A patch bulletin does not patch the
16:27
fleet. A postmortem timeline does not create
16:31
learning. A human approval step does not guarantee
16:34
judgment if the human has no context. That last
16:38
one matters. Human in the loop sounds safe. But
16:42
if the human is pulled in at the worst moment
16:45
with the least context under the most pressure,
16:48
the approval step can become theater. Same with
16:52
post-incident reviews. A meeting is not learning.
16:56
A timeline is not learning. A document in the
17:00
wiki is not learning those things can help but
17:04
the learning happens when the system changes
17:07
when ownership becomes clear when the runbook
17:11
improves when alert noise goes down when the
17:15
risky default gets removed when the next operator
17:19
is less dependent on luck so the question is
17:22
not just did we review the incident the question
17:26
is what changed because of it visibility is not
17:31
ownership. A map is not a fix. That's it for
17:37
this week of Ship It Weekly. We covered GitHub
17:40
API enumeration, Grok Build CLI, and AI coding
17:44
tool data boundaries, AWS Security Hub network
17:48
scanning, and impact analysis. Microsoft's AI
17:52
-powered vulnerability discovery and patch cadence,
17:56
plus HalluSquatting, Cloudflare incidents,
18:00
node-tar CVEs, ServiceNow authentication risk,
18:04
Quantum Procurement Pressure, and Lambda Managed
18:08
Instances. If this episode was useful, follow
18:11
or subscribe wherever you are watching or listening.
18:14
If you know someone dealing with GitHub org security,
18:17
AI coding tools, cloud exposure, or patch pressure,
18:22
send them this one. Also, the Ship It Weekly shop
18:26
is open at shop.tellerstech.com. Use coupon
18:30
code SHIPTHESTORE for 20% off your order for
18:35
the next few weeks. Again, SHIPTHESTORE at
18:38
shop.tellerstech.com. You can find the weekly brief
18:43
at OnCallBrief.com and the full show notes,
18:46
links, and past episodes at ShipItWeekly.fm.
18:50
I'm Brian Teller from Teller's Tech. Thanks for
18:53
listening. And remember, visibility is not ownership.
18:57
A map... is not a fix.