Hey fellow techies 👋
This week, I sat down with Betta, a cybersecurity consultant and ethical hacker whose career journey spans from web developer to AI security tester, and whose passion for mentorship might just outmatch their love of code-breaking.
Here’s what we got into, and why it matters more than ever:
🛡️ Challenge: Making Security Part of the Build Process
Security is often treated like a post-launch checklist. But as Betta shared, this approach leads to expensive mistakes, friction between devs and security teams, and ultimately, systems that are only as strong as their laziest config.
Common pitfalls Betta sees:
Over-permissioned internal roles (e.g. admins with global access to all client data)
API keys hardcoded into repos (!)
Lack of separation between dev and prod access
Fragile, last-minute patching before launch
🤖 How AI is Changing the Security Landscape
Betta is part of a growing cohort of hackers focused on AI-specific vulnerabilities. And it’s wild out here.
“Sometimes it's easier to be the attacker than the builder.”
They’ve tested generative AI systems for Fortune 500s and uncovered everything from prompt injection risks to ways to crash models just by asking for long explanations.
💡Security tip: Use offline LLMs for private tasks. Tools like ChatGPT or Copilot may be training on your input unless configured otherwise.
🧱 Embedding Security Early: Lessons from the Field
The takeaway? Build security like architecture, not duct tape.
Betta’s golden rules:
Just-in-time access beats always-on admin privileges
Make the secure path the easiest one
Consider user behaviour—people will try to work around annoying restrictions
Reduce vulnerability “severity inflation”—not every issue is a 10-alarm fire
“If everything’s a high priority, nothing's a priority.”
🧠 Mentorship & Confidence in Cybersecurity
Betta’s also deeply committed to mentoring women and non-traditional entrants into tech, especially in the cybersecurity space.
Some practical advice they shared:
Cybersecurity often takes 2–3 years of study—don’t believe the one-month bootcamp hype
Start teaching what you learn—even if it’s just basic scam prevention at a local school
Focus on interest, not job titles: You’ll learn faster if you’re fascinated
🔐 Real Talk: Why AI Security Needs Its Own Playbook
AI security isn’t just about traditional bugs. It’s about understanding behaviour, incentives, and unpredictable edge cases. From crashing models to over-trusting generative tools, Betta’s work reminds us:
“You have to be just as creative as the AI to attack it.”
The field is new. The tools are immature. And that means the opportunity to shape it is enormous—for devs, hackers, and researchers alike.
🎯 Takeaways for Engineers (Especially Devs Using AI)
✅ Don’t hardcode secrets. Use env vars and credential managers
✅ Know what your LLM tools train on—especially with proprietary code
✅ Get security involved during architecture, not just before launch
✅ Don’t burn bridges with your security team—they’re there to help
✅ If you’re learning to hack: start with TryHackMe, Hack The Box, or OWASP Labs
🎧 Listen to this episode if you…
Are building anything with LLMs
Want to break into cybersecurity (or break systems ethically!)
Feel the tension between speed and safety in dev work
Wonder what “AI prompt injection” even means
🔗 Follow Betta on LinkedIn and check out their thoughts on AI hacking & security education.
💬 What’s the weirdest security workaround you’ve ever seen in a codebase?
Reply to this or leave a comment—I’ll round up the best answers in the next issue 👀
Until next time,
Jade 🖤
Host, Tech Unfiltered
Share this post