Learning to use tools which can actually aid in overcoming the adversary is difficult. To begin with, there’s the difficulty of knowing what the adversary is going to do, why they’re going to do it, and the signs that they’re actually doing it now. Not an easy task whatsoever. However, there is also the matter of understanding what we can do, how we can do it, and when it is appropriate to do it—because, when we know that, we can start to get a step ahead.

And, of course, this kind of knowledge doesn’t come easily and is often hard-won. In fact, it is often hard-won and then quickly becomes out of date as the threat landscape changes. Because of that, understanding practical approaches to cybersecurity and being able to flex your practical chops when the pressure is on is at the heart of becoming a successful practitioner today.

And who better to ask about this than someone sitting on the frontlines?

Hack Before You Launch is a practical, live workshop designed for developers, indie hackers and fast-moving builders who are using AI tools like ChatGPT and Copilot or simply plugging in and vibe coding to build and ship products faster than ever. While AI can accelerate development, it can also introduce hidden security vulnerabilities that often go unnoticed until it’s too late. In this session, ethical hacker Dr. Katie Paxton-Fear will demonstrate exactly how AI-generated applications can be exploited in the real world—and, more importantly, how to fix those issues before attackers find them first.

This is not a theoretical webinar. Attendees will watch a real AI-built application being tested for authentication flaws, prompt injection risks, and insecure data handling. Katie will walk through how attackers think, how vulnerabilities are uncovered, and the practical steps developers can take to protect their apps before launch. By the end of the session, participants will leave with a clear pre-launch security checklist and a better understanding of whether their product is truly ready to ship.

• Learn how AI-generated applications can introduce hidden security vulnerabilities

• Watch a live demonstration of real-world exploits, including authentication flaws and prompt injection

• Understand how attackers identify and exploit weaknesses in applications

• Discover practical, lightweight methods for identifying and fixing security issues

• Leave with a simple pre-launch security checklist to use before deploying your app

• Ideal for developers, indie hackers, startup founders, and anyone building with AI-assisted code tools

• Date: Saturday, 30 May

• Time: 10:00 AM – 11:30 AM

• Duration: 1 hour 30 minutes

• Speaker: Dr. Katie Paxton-Fear

And while we’re waiting for that, maybe it’s time to think about a particular tool which could come in handy—perhaps something that we looked at in brief last week.

1. Install Wazuh Agents Across Endpoints

The first step in using Wazuh is deploying Wazuh agents on all important endpoints, including staff laptops, servers, domain controllers, cloud systems, and databases. These lightweight agents continuously collect security logs and monitor system activity such as logins, file access, software installations, and system changes.

For example, in a school or healthcare environment, agents would be installed on systems containing safeguarding records or patient information. This ensures all activity involving sensitive data is monitored in real time.

The main benefit of Wazuh here is visibility. Many organisations only monitor firewalls or antivirus alerts, leaving endpoints largely unprotected. Wazuh closes this gap by providing direct insight into what is happening on every critical device, making hidden threats much easier to detect.

2. Configure Log Collection and Centralised Monitoring

Once agents are installed, Wazuh collects logs from across the environment and sends them to the central Wazuh manager. This includes Windows Event Logs, Linux authentication logs, cloud service logs, VPN access records, and third-party platform activity.

Instead of security teams checking multiple systems separately, everything is centralised into one dashboard. For example, if a user logs into Microsoft 365, accesses a local server, and downloads files from a cloud database, Wazuh can correlate these events together.

The benefit is efficiency and context. Attackers often move across multiple systems, and isolated logs may not appear suspicious on their own. Wazuh improves detection by connecting those events into a single security story.

3. Create Detection Rules for Suspicious Behaviour

Wazuh becomes most effective when custom detection rules are configured. These rules identify behaviours that suggest compromise, such as repeated failed login attempts, logins from unusual countries, privilege escalation, or mass file downloads.

For example, if a staff account logs in from another country at 2:00 AM and starts exporting hundreds of child protection records, Wazuh can immediately generate an alert. This is known as anomaly detection.

The benefit is early warning. Rather than discovering a breach after data is stolen, security teams can investigate while the attack is still in progress. This can prevent a minor incident from becoming a major public breach.

4. Monitor Privileged Accounts and Administrative Actions

One of the most important uses of Wazuh is monitoring administrator accounts and privileged users. Attackers frequently target these accounts because they provide access to the most sensitive systems.

Wazuh can detect suspicious administrative activity such as new account creation, privilege escalation, unauthorised password resets, disabling security tools, or attempts to delete audit logs.

In the Kido attack scenario, if attackers gained access through stolen credentials from a third-party supplier, Wazuh could have flagged unusual administrator behaviour long before large-scale data theft occurred.

The major benefit here is containment. Privileged account misuse causes the most damage during breaches, and Wazuh helps organisations identify abuse before attackers gain full control.

5. Use File Integrity Monitoring for Sensitive Data

Wazuh also includes File Integrity Monitoring (FIM), which tracks changes to important files, folders, and configurations. This is especially useful for organisations storing highly sensitive records such as safeguarding reports, HR files, or financial data.

For example, if confidential child records are copied, deleted, or altered unexpectedly, Wazuh can alert security staff immediately. It can also detect ransomware behaviour by identifying large numbers of file changes happening rapidly.

The benefit is direct protection of critical data. Instead of simply monitoring user behaviour, Wazuh watches the files themselves, helping prevent both insider threats and external attacks.

6. Investigate Alerts and Respond Quickly

The final step is using Wazuh dashboards and reports to investigate alerts and respond quickly. Alerts are prioritised by severity, allowing security teams to focus on the highest-risk activity first.

For example, repeated failed logins followed by a successful login from an unusual location may indicate credential theft. Security teams can then disable the account, isolate the affected system, and begin incident response before records are stolen.

This solves one of the biggest cybersecurity problems: delayed breach discovery. Many organisations only realise they were attacked after data appears online or regulators become involved.

The greatest benefit of Wazuh is proactive defence. It shifts security from reactive investigation to real-time prevention, reducing financial loss, reputational damage, and regulatory consequences.

OWASP – Prompt Injection: A clear primer on one of the biggest risks in AI-assisted development: prompt injection. This explains how attackers manipulate LLM behaviour, why it matters for developers using tools like ChatGPT and Copilot, and how to test for it during development. Particularly useful ahead of Katie’s live exploit demonstrations.

OWASP Top 10 for LLM Applications – LLM01: Prompt Injection: A more technical deep dive into why prompt injection remains the number one security risk for LLM-powered applications. Ideal for readers who want to move beyond basic awareness and understand why traditional security assumptions break down when building AI-driven products.

Wazuh – File Integrity Monitoring: A practical guide to one of Wazuh’s most valuable defensive features. This resource explains how File Integrity Monitoring works, how checksums and baselines are used, and why monitoring sensitive files can help prevent ransomware, insider threats, and silent data theft.

Wazuh – Real-Time Monitoring and FIM Configuration: For readers wanting to implement the steps discussed in the newsletter, this covers how to configure real-time monitoring, directory tracking, and alerting. It’s especially useful for security teams looking to move from reactive investigations to proactive detection.

ITPro – Vibe Coding Security Risks and How to Mitigate Them: A strong overview of the risks introduced by “vibe coding” and AI-generated applications. It covers insecure code generation, poor authentication logic, weak dependency choices, and the importance of treating AI-generated code as untrusted until properly reviewed and tested.

Microsoft Learn – Threat Modeling for Generative AI Applications: A strong resource for developers building AI-assisted products who need to think beyond code generation and into security architecture. It covers how to identify attack paths, trust boundaries, prompt injection risks, and unsafe tool access before deployment—perfect preparation for a “hack before launch” mindset.

NIST AI Risk Management Framework (AI RMF): For readers who want the strategic layer behind practical security work, NIST’s AI RMF helps teams think about governance, risk ownership, security controls, and operational resilience for AI-enabled systems. Especially useful for startup founders and security leads trying to formalise lightweight security processes.

Semgrep – Security Rulez: Should AppSec Engineers Still Learn AppSec?: Dr. Katie Paxton-Fear joins this discussion on how application security changes in the AI era. It explores whether security engineers should become orchestrators of AI agents rather than traditional tool users, and what modern AppSec teams should focus on as automation increases.

Copyright (C) 2025 Packt Publishing. All rights reserved. 

Our mailing address is: 

Packt Publishing, Grosvenor House, 

11 St Paul's Square, Birmingham, 

West Midlands, B3 1RB, United Kingdom 

Want to change how you receive these emails? 

You can update your preferences or unsubscribe.