~/blog/tag/security
Security
On security, privacy and building safe systems.
What I write about here
Security on this site shows up in two flavours. There is the new kind, where the risk surface is shaped by AI and agents, and there is the old kind, where the question is who owns your data and your infrastructure.
The AI-shaped kind is what most of the recent posts cover. Agents that act on production, prompt injection in tools you forgot were exposed, and the slower problem of security debt accumulating quietly in AI-generated code that nobody has the appetite to audit. One in four of those commits is somebody else's problem now.
The older kind has not gone away. You still need to know where your data lives, who has access to it, and what happens when the SaaS you are leaning on changes its mind about your tier. The self-hosting posts are not nostalgia. They are about control, which is the thing security ultimately rests on.
Both lenses ask the same question. What does a competent attacker do with what you built today, six months from now, when you have stopped paying close attention? Most of the posts under this tag are some version of that.
// Best entry points
- The AI is not your friend: how I secured Gemini on this site
Practical AI security in one example. How I wired Gemini into this site without it becoming an attack surface.
- One in four: the security debt nobody's counting
The under-counted risk: AI-generated code that nobody has audited compounding quietly. One in four commits is now somebody else's problem.
- Take back control of your data
The older question. Where your data lives and what happens when the SaaS changes its mind. Not nostalgia.
The MCP supply chain is the new npm, and it is already poisoned
A config-to-command RCE is baked into every official MCP SDK: 7,000+ servers, 150M+ downloads, and Anthropic calls it expected. The npm playbook just found your agent tool list.
read →The Ferrari has a limiter: a day with Claude Fable 5
Anthropic shipped its most powerful public model yesterday, then flagged the exact work I needed it for and routed it to a weaker one. A day with Fable 5, the benchmarks, the bill, and the limiter nobody asked for.
The friction was the feature: Microsoft just handed an agent your inbox
At Build 2026 Microsoft made Windows the agent platform: OpenClaw in the OS, and Work IQ giving agents your email and calendar, on by default, GA June 16. An agent that reads your inbox and acts on your files is the dream payload for prompt injection. The friction everyone wants gone was a safety feature.
Nobody was driving: the first breach run by an agent, not a person
Sysdig caught an LLM agent driving a full intrusion, CVE to exfiltrated database, four pivots, under an hour, with no human typing a single command. Our defences assume someone is on the other end. That assumption just expired.
They just asked the bot nicely: your support agent is the attack surface
Pro-Iran hackers seized the Obama White House and US Space Force Instagram accounts by talking Meta's AI support bot into resetting passwords. No exploit, no CVE. Just a conversation with a system that cannot be suspicious.
ThePrimeagen was right
He warned that AI tools atrophy your critical judgment. Then his followers ran a poisoned command from a tweet without reading it. He was right.
Even the malware is AI slop now
An npm package tried to rob Claude's workspace and leaked its own GitHub token doing it. The attackers are vibe-coding their malware now, and your agent is the target.
They didn't push a new version. They moved yours.
On 22 May 2026 someone rewrote every git tag in four Laravel-Lang packages. Around 700 historical versions now resolve to malicious commits. Pinning a version is not the same as pinning a commit, and the difference just cost the PHP ecosystem its weekend.
One in four: the security debt nobody's counting
AI-generated code ships faster than ever. It also contains confirmed OWASP vulnerabilities at an alarming rate. The industry is celebrating velocity while quietly building the largest security debt in software history.
The arms race for your trust: Mythos, Cyber and the security hype
Anthropic and OpenAI are fighting for market share with AI security tools they call "too dangerous" to release. But the facts tell a different story than the press releases.