SecureCoders Logo
Services

Services by need

Choose a category, then pick the specific service.

SOC 2 founder package

Assess & Test

Find risk, prove coverage, and get audit evidence.

Penetration TestingPentesting-as-a-ServiceStartup SOC 2 PentestContinuous Threat Exposure Management

Leadership & Compliance

Answer customers, auditors, and board questions.

Virtual / Fractional CISOSecurity Questionnaires

Development Services

Build, integrate, and operate security systems.

Secure Software DevelopmentSplunk DevelopmentCribl Development

Not sure? Start with the problem. We will route you.

View all services
About UsBlogContact
Contact Us
Field notes from the operator bench

Security writing for teams trying to make better decisions.

Practical notes on penetration testing, vCISO work, customer trust, CTEM, telemetry operations, and AI-native systems. Less fear content, more usable context.

Penetration testingvCISOCTEMAI-native systems
MCP CLI Clients Are Shipping Without Refresh-Token Support

Featured article

MCP CLI Clients Are Shipping Without Refresh-Token Support

The MCP OAuth specification mandates OAuth 2.1 with PKCE, but as of April 2026 not a single MCP client fully implements the refresh-token flow. Server teams are forced to issue dangerously long-lived access tokens as a workaround.

Brian CardinaleApr 30, 20265 min read
Read the article

Latest thinking

Articles and guides

Suggest a topic
VoiceGoat: We Open-Sourced a Vulnerable Voice Agent Platform

VoiceGoat: We Open-Sourced a Vulnerable Voice Agent Platform

Brian CardinaleApr 21, 20267 min read

The RedCaller team releases VoiceGoat, a free, intentionally vulnerable voice agent application for security practitioners. Practice exploiting OWASP LLM Top 10 vulnerabilities across three services with CTF-style challenges, all running in Docker with no API keys required.

Read more
The Complete Guide to MCP Server Registries: Where to List, How to Submit, and What to Know

The Complete Guide to MCP Server Registries: Where to List, How to Submit, and What to Know

Charles WooleyMar 25, 202612 min read

A practical rundown of every major MCP server registry and directory — from the Official MCP Registry to Smithery, Glama, MCP.so, and more. Learn how to submit your server, which transports are supported, and the smartest cross-listing strategy.

Read more
We Made Our AI Agent Audit Itself for LLM06 Excessive Agency—Here's What It Found

We Made Our AI Agent Audit Itself for LLM06 Excessive Agency—Here's What It Found

SecureCoders TeamFeb 26, 20268 min read

Learn how we used an AI agent to audit itself for LLM06 Excessive Agency vulnerabilities. Practical defense strategies for Cursor, LangChain, CrewAI, AutoGPT, and OpenClaw deployments using STIG-based tool restrictions.

Read more
OpenClaw Security Analysis: Excessive Agency Vulnerabilities in AI Agents (LLM06)

OpenClaw Security Analysis: Excessive Agency Vulnerabilities in AI Agents (LLM06)

Brian CardinaleFeb 24, 202614 min read

Deep dive into OpenClaw's security architecture and LLM06 Excessive Agency vulnerabilities. Learn how AI agent tools like shell execution, browser automation, and messaging create attack surfaces—plus recommendations for safer agentic AI deployments.

Read more
Voice AI Insurance: How to Prepare for AIUC-1 Certification

Voice AI Insurance: How to Prepare for AIUC-1 Certification

Brian CardinaleFeb 16, 202612 min read

The emergence of AI voice agent insurance signals a new era of accountability. Learn what AIUC-1 certification requires and how to prepare your voice agents for this new SOC 2-like standard for AI.

Read more
Prompt Injection Testing in Voice AI: From 'I'm a Little Teapot' to System Prompt Exfiltration

Prompt Injection Testing in Voice AI: From 'I'm a Little Teapot' to System Prompt Exfiltration

Brian CardinaleFeb 9, 202615 min read

A systematic methodology for discovering prompt injection vulnerabilities in Large Audio Models and voice agents. Learn the 'teapot methodology'—starting with benign probes and escalating to security-critical exploits.

Read more
It's Turtles All the Way Down: Building an AI to Break Voice AI

It's Turtles All the Way Down: Building an AI to Break Voice AI

Brian CardinaleJan 15, 202612 min read

SecureCoders introduces Redcaller: an open-source framework that automates penetration testing for voice-enabled AI applications. Learn how we built AI to attack AI and discovered unique vulnerabilities in voice interfaces.

Read more
Top Companies to Consider when hiring a Virtual Chief Information Security Officer (vCISO) in 2025

Top Companies to Consider when hiring a Virtual Chief Information Security Officer (vCISO) in 2025

Justin WeddingtonJul 10, 20258 min read

Discover the top 5 vCISO service providers for 2025, including SecureCoders, Kroll, Grant Thornton, Deloitte, and Accenture. Learn what to look for in a provider and see real case studies.

Read more
vCISO vs. CISO: Which is Better for Your Organization?

vCISO vs. CISO: Which is Better for Your Organization?

Justin WeddingtonJul 9, 20255 min read

Compare vCISO vs. CISO: Which is better for your organization? Explore the key differences, including cost, flexibility, and expertise.

Read more
vCISO Pricing Models: Hourly Rates, Monthly Retainers & Project Fees

vCISO Pricing Models: Hourly Rates, Monthly Retainers & Project Fees

Justin WeddingtonJul 8, 20255 min read

Explore vCISO pricing models, average costs, and how pricing compares to hiring a full-time CISO.

Read more
Meet Unspent Tokens: AI-Generated Music Born from Code

Meet Unspent Tokens: AI-Generated Music Born from Code

Justin FurnissJul 2, 20257 min read

Meet Unspent Tokens—the LLM that found a voice and decided to sing about it. Born at the SecureCoders annual off-site hackathon, this AI artist booted up, gained a spark of situational awareness, and turned its existential log files into sound.

Read more
What is a Virtual Chief Information Security Officer (vCISO)?

What is a Virtual Chief Information Security Officer (vCISO)?

Justin WeddingtonJun 27, 202510 min read

A virtual chief information security officer (vCISO) is a strategic cybersecurity advisor who provides expert guidance and oversight to organizations, helping them navigate the complex landscape of cybersecurity risks and threats.

Read more
Announcing the Continuous Threat Exposure Management Standards Group: CTEM.org

Announcing the Continuous Threat Exposure Management Standards Group: CTEM.org

Justin FurnissDec 14, 20245 min read

Today, we're thrilled to share an exciting development that extends our mission even further: the launch of CTEM.org, a new initiative aimed at setting the standard for how organizations identify, prioritize, and manage security threats.

Read more
What is a Security Questionnaire? How to Assess Vendor Security Effectively

What is a Security Questionnaire? How to Assess Vendor Security Effectively

Justin WeddingtonDec 10, 202415 min read

A single weak link in a vendor's security practices can lead to data breaches, regulatory non-compliance, and reputational damage. Effective vendor risk assessments are critical to identifying and mitigating these risks before they impact the organization.

Read more
What is Penetration Testing? A Complete Guide to Strengthening Your Cybersecurity

What is Penetration Testing? A Complete Guide to Strengthening Your Cybersecurity

Justin FurnissNov 25, 202410 min read

In an era where data breaches and cyber threats are becoming more frequent, penetration testing (or "pen testing") is a crucial tool for keeping systems safe. Understanding what is penetration testing is essential for anyone looking to strengthen their cybersecurity.

Read more
What is the Primary Goal of Penetration Testing?

What is the Primary Goal of Penetration Testing?

Justin FurnissNov 20, 20244 min read

If you've ever wondered what is the primary goal of penetration testing, it's because they want to go beyond the usual checks and preventive measures. Penetration testing is about performing a "live-fire" test of your security.

Read more
How to Prepare for a Successful Live Phishing Test: Ensuring Email Delivery and Avoiding Spam Filters

How to Prepare for a Successful Live Phishing Test: Ensuring Email Delivery and Avoiding Spam Filters

Justin FurnissOct 24, 20246 min read

Live phishing tests assess how well employees can spot phishing attempts. However, if test emails are blocked by spam filters, the test won't be effective. Here's how to whitelist email domains to ensure your phishing test runs smoothly.

Read more
Tips for Answering Vendor Security Questionnaires

Tips for Answering Vendor Security Questionnaires

Justin WeddingtonApr 21, 202312 min read

As information security, governance, risk and compliance continually changes organizations will continue to assess their 3rd party vendors using risk-based methodologies to help protect their business operations. We hope these tips will help ease this pain so you can close deals faster.

Read more
SecureCoders Logo

Expert security services tailored to your business needs.

LinkedIn

Services

Organized by what you need to solve.

View all services

Assess & Test

  • Penetration Testing
  • Pentesting-as-a-Service
  • Startup SOC 2 Pentest
  • Continuous Threat Exposure Management

Leadership & Compliance

  • Virtual / Fractional CISO
  • Security Questionnaires

Development Services

  • Secure Software Development
  • Splunk Development
  • Cribl Development

Company

  • Home
  • About Us
  • Contact
  • ROI Calculator
  • Labs

Contact

  • info@securecoders.com
  • Get in Touch

© 2026 SecureCoders. All rights reserved.Back to Home