``` Practitioner notes on detection engineering, threat hunting, and security history. Written by a security engineer with six years in the field, mostly grounded in things I've actually built or dug into. ``` --- # 📌 Featured Post [Hunting for Shadow AI: Detecting LLM Abuse with Tenable & Splunk](https://d3adair.xyz/blog/research/Hunting+for+Shadow+AI+-+Detecting+LLM+Abuse+with+Tenable+and+Splunk) ![[shadow_ai_blog_header.svg|878]] Employees are adopting AI tools faster than security teams can see them. This post walks through the detection pipeline I built with Tenable and Splunk to surface shadow AI usage across 12,000 endpoints, down to which user installed what. --- # Recent Posts **[Hunting for Shadow AI: Detecting LLM Abuse with Tenable & Splunk](https://d3adair.xyz/blog/research/Hunting+for+Shadow+AI+-+Detecting+LLM+Abuse+with+Tenable+and+Splunk)** Detecting shadow AI usage across the enterprise with Tenable's AI plugin family and Splunk. **[🎯 TARGET LOCKED:** Current Threats Targeting the Defense Industrial Base (DiB) – 2025](https://d3adair.xyz/blog/threat_intel/industries/dib_2025) --- # Sections [Writing](url) · [CTF Writeups](url) · [Resources](url) · [About](url)