Fackel: an autonomous pentest framework powered by ReAct agents
Fackel is a multi-agent pentest framework where LLMs decide strategy, not hardcoded pipelines. A walkthrough of the architecture, the design decisions, and the lessons learned.
Blog
24 posts on systems, architecture, reliability, and leadership.
2026 22 posts
February 10
-
Device Code Phishing + Vishing: How Attackers Compromise Microsoft Entra Accounts Using Legit Login Pages
A practical deep dive into device code phishing combined with vishing targeting Microsoft Entra: how the OAuth device code flow gets abused, what to monitor, and how to mitigate.
-
The State of the Art in AI Agents (2026): What ‘Modern’ Actually Means
A practical overview of modern AI agent systems: tool use, retrieval, memory, verification, multi-agent patterns, evaluation, and security.
-
The chain rule behind autoregressive models
Autoregressive models are just the probability chain rule plus a conditional model. Here’s the mental model, the math, and what training is really doing.
-
Decision memos that prevent circular debates
A lightweight memo format that clarifies the call, exposes trade-offs, and speeds up execution.
-
Security Implications of Probabilistic Reasoning in Generative AI
A rigorous analysis of how probabilistic reasoning in generative models shapes security risk, failure modes, and robustness.
-
Separation of Responsibilities in Spring-Based Systems: What Kotlin Makes Explicit
Examines how Kotlin’s type system and language semantics sharpen responsibility boundaries in Spring-style architectures without replacing architectural discipline.
-
The Skills Required to Truly Learn
A reflective essay on learning as disciplined endurance of uncertainty, revision, and silence.
-
The Cost of Abstraction: When Layers Hide Security and Reliability Risks
Argues that abstraction layers can obscure failure modes, shift risk across boundaries, and weaken assurance unless their assumptions are made explicit.
-
Amazon Bedrock: foundations, systems, and scaling
A highly technical article on Amazon Bedrock with mathematical foundations and numerical examples.
-
What SICP Really Teaches About Abstraction—and Why It Still Matters
Argues that SICP’s core lesson is the disciplined separation of meaning from mechanism, a prerequisite for reliable and scalable system design.
January 11
-
Podcast episode
A post with a Spotify episode embedded at the top.
-
Calculus, AI, and linear algebra: a compact field guide
A quick, code-backed refresher on gradients, Jacobians, and the linear algebra that drives modern ML.
-
Publish fast, iterate later
How to publish faster without losing quality: scope, guardrails, and a minimal checklist.
-
Graceful retries in Python with backoff
A small, production-ready retry helper using exponential backoff and logging.
-
Streaming logs in Rust with Tokio
Build a small async log streamer that tails a file and ships JSON lines.
-
Cut the excess
A quick editing pass to make any post shorter and clearer.
-
Leading with trade-offs
A repeatable way to expose options, trade-offs, and a clear call in small teams.
-
1:1s that don't become status meetings
A simple structure to keep 1:1s focused on people, not project status.
-
2025 Retrospective: less, better, and consistent
Three practical lessons that made the year more sustainable and effective.
-
Why Traditional Threat Modeling Breaks Down in Generative AI Systems
Argues that probabilistic behavior, distributional risk, and system composability invalidate core assumptions of classical threat modeling for generative AI.
-
Why Most Postmortems Miss the Real Failure Mode
Argues that postmortems often substitute proximate triggers for causal structure, obscuring system dynamics, incentives, and latent conditions that actually drive failure.
2025 2 posts