CTFs in the AI Era

The Include Security team attended the BSides 2026 CTF competition and observed how effective frontier models have become at solving a variety of CTF challenges. Our team gives a first-hand account of how the winning strategy has recently shifted to prioritizing efficient solve times and orchestration pipelines that can combine the speed of lighter-weight models on easier challenges with a heavy-hitting model’s reasoning capabilities. We also highlight why the success of LLMs in CTFs does not translate as effectively in the arena of professional security assessments.

The AWS Console and Terraform Security Gap

Are you using Terraform to build or configure your AWS environment? You might be surprised by configuration settings that introduce vulnerabilities by default, particularly if you’re already familiar with using the AWS or other cloud provider interfaces for asset creation. This post focuses on the slowly growing security divide of AWS asset security settings when created by the Terraform provider vs the AWS UI.

Immutable Strings in Java – Are Your Secrets Still Safe?

Java programmers might not be aware their secrets could be floating around in system memory long after it’s assumed those secrets have been removed. The problem is a combination of immutability and garbage collection in Java. Our most recent post explores the unpredictability of Java garbage collection and the implications that has for secrets in code. We developed a simple proof of concept designed to measured these “secret ghosts” and demonstrate how to avoid them.

Production Security, Not That Kind

The Include Security team takes a foray into the world of audio production equipment in our latest blog post. We look under the hood of a professional-grade audio mixer to explore its security profile, consider how its functionality could be leveraged by an attacker in a real world setting, and develop a proof-of-concept exploit to demonstrate quick n’ easy privilege escalation.

LLMs in Applications – Understanding and Scoping Attack Surface

In this post we consider how to think about the attack surface of applications leveraging LLMs and how that impacts the scoping process when assessing those applications. We discuss why scoping matters, important points to consider when mapping out the LLM-associated attack surface, and conclude with architectural tips for developers implementing LLMs within their applications.