OpenClaw is the most widely deployed self-hosted AI agent framework, and MiniMax is its most prominently featured provider. Before that combination gets into your environment, it is worth understanding who MiniMax is, what their terms allow, and what your security team should be looking for.

Philip Yeo got a computer into Singapore's Ministry of Defence in the 1970s by calling it an 'intermediate business machine.' The governance mismatch he exposed then is playing out again with AI, and this time the cost of waiting is measured in competitive ground that's hard to recover.

A side project that monitors the Azure/Azure-Sentinel GitHub repository and publishes structured, AI-generated summaries of every merged PR with operational relevance. For detection engineers who want to stay current without subscribing to the GitHub notification firehose.

Getting domain controller security events into Microsoft Sentinel has more failure modes than it should. Four layers must all work correctly (audit policy, Azure Arc, AMA, and the Data Collection Rule), and a misconfiguration at any one of them drops events silently, with no error and no alert. This post covers the full configuration chain, the gotchas that burn people in production (Event ID 5136 disappearing on Minimal, raw operation codes that break KQL filters, fields that look like columns but aren't), and the verification steps to confirm the pipeline is actually working end to end.

A new Codeless Connector Framework kind just landed for Azure Blob Storage, and it's architecturally different from anything CCF has done before.

A playbook of patterns for building reliable LLM workflows, covering meta-prompting, state externalisation, and adversarial validation. Derived from analysing the GSD framework.

A practical walkthrough for connecting Google Workspace activity logs to Microsoft Sentinel, including the undocumented gotchas that'll save you from a frustrating afternoon.

Practical lessons learned from programmatically invoking Claude Code on Windows, including the gotchas around tool permissions and system prompts that took some time to figure out.

Microsoft's new Unified Tenant Configuration Management (UTCM) looks promising for drift monitoring, but doesn't fit the bill for point-in-time security assessments.

How security professionals can leverage Claude Code's extensibility framework to enforce deterministic security checks on AI-generated code, treating AI coding assistants like any other developer on the team.