Hard-won lessons in
software engineering
Systems, architecture, reliability, and engineering leadership — depth, relevance, and real-world trade-offs.
When AI Stops Being a Tool and Becomes an Attack Surface
AI systems are starting to behave less like passive tools and more like autonomous attack surfaces. A technical look at prompt injection, a concrete end-to-end attack chain, a scoping of which architectures are actually at risk, and practical defensive actions for engineering teams.
Fackel: an autonomous pentest framework powered by ReAct agents
Fackel is a multi-agent pentest framework where LLMs decide strategy, not hardcoded pipelines. A walkthrough of the architecture, the design decisions, and the lessons learned.
Device Code Phishing + Vishing: How Attackers Compromise Microsoft Entra Accounts Using Legit Login Pages
A practical deep dive into device code phishing combined with vishing targeting Microsoft Entra: how the OAuth device code flow gets abused, what to monitor, and how to mitigate.
The State of the Art in AI Agents (2026): What ‘Modern’ Actually Means
A practical overview of modern AI agent systems: tool use, retrieval, memory, verification, multi-agent patterns, evaluation, and security.
The chain rule behind autoregressive models
Autoregressive models are just the probability chain rule plus a conditional model. Here’s the mental model, the math, and what training is really doing.
Stay up to date — subscribe via RSS