Release Date: 07/12/2025 | Issue: 317
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


Streamlining Security Investigations with Agents
Slack's Security Engineering team built an AI agent system to automate security alert investigations. The system uses multiple agent personas (Director, domain Experts, and Critic) orchestrated through structured outputs, enabling consistent performance and novel emergent discoveries like identifying credential exposures during routine investigations.   #ai   #monitor   #build


Identity Broker case study: How to prevent tenant isolation vulnerabilities with Okta’s Account Auto-Link
Post explaining how misconfigured Account Auto-Link in Okta can break Software-as-a-Service tenant isolation, and how to configure Okta as an Identity Broker in a secure way.   #iam   #saas   #attack   #defend


Summary of CVE-2025-55182
CVE-2025-55182 is a critical vulnerability in React Server Components allowing remote code execution via crafted requests. Affects Next.js and other frameworks.   #attack   #defend   #supply-chain


Backdooring Managed Identities via Azure API Management
Azure API Management exposes managed identity certificates with private keys in plaintext through an undocumented configuration API used by self-hosted gateways. Attackers with gateway keys can extract these certificates for persistent backdoor access.   #azure   #attack


Amazon CloudFront mTLS with open-source serverless CA
A step-by-step guide on implementing mTLS for Amazon CloudFront using our open-source cloud CA.   #aws   #build

Sponsor CloudSecList in 2026

Want to reach cloud security decision-makers at companies that matter?

CloudSecList subscribers at Apple, Google, Amazon, Microsoft, and 100+ top companies specifically chose this newsletter for cloud security content. Engineers running POCs. Architects writing RFPs. Security leaders with budget authority.

Now booking 2026: 🔗 cloudseclist.com/sponsor

Tools


iam-policy-autopilot
An MCP server and command-line tool that helps your AI coding assistants quickly create baseline IAM policies that you can refine as your application evolves.


mcp-breach-to-fix-labs
Real incidents reproduced with vulnerable/secure MCP servers, pytest regressions, and Claude/Cursor battle-tested exploit walkthroughs.


kanidm
A simple and secure identity management platform, allowing other applications and services to offload the challenge of authenticating and storing identities to Kanidm.


KIEMPossible
A tool designed to simplify Kubernetes Infrastructure Entitlement Management by allowing visibility of permissions and their usage across the cluster, to allow for real enforcement of the principle of least privilege.


devpod
Codespaces but open-source, client-only and unopinionated: Works with any IDE and lets you use any cloud, kubernetes or just localhost docker.

AI


LLM Key Server: Providing Secure and Convenient Access to Internal LLM APIs
Mercari's AI Security team built LLM Key Server to provide secure LLM API access using OIDC ID tokens from Google Workspace. It issues temporary API keys via LiteLLM, replacing manual provisioning with automated authentication for local environments, GitHub Actions, and Google Apps Script.


Evaluating AI Agents in Security Operations
A benchmark on realistic security operations (SecOps) tasks. GPT-5 achieved the highest accuracy (63%), while Claude Haiku-4.5 completed tasks the fastest with strong accuracy. GPT-5 variants dominated the performance-cost frontier.

From the cloud providers


#AWS   Introducing AWS Lambda Managed Instances: Serverless simplicity with EC2 flexibility
Run Lambda functions on EC2 compute while maintaining serverless simplicity—enabling access to specialized hardware and cost optimizations through EC2 pricing models, with AWS handling all infrastructure management.


#AWS   Amazon CloudWatch introduces unified data management and analytics for operations, security, and compliance
CloudWatch can automatically normalize and process data to offer consistency across sources with built-in support for Open Cybersecurity Schema Framework (OCSF) and Open Telemetry (OTel) formats, so you can focus on analytics and insights.


#GCP   VPC Flow Logs for Cross-Cloud Network
With VPC Flow Logs, now you can monitor critical network traffic moving between your on-prem infrastructure, cross-cloud resources, and Google Cloud.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini