security
- npm's supply chain is broken — the Axios attack explains why
Technical analysis of the Axios npm supply chain attack in March 2026: what happened, what the malware did, why CI/CD is the real target, and how to protect yourself.
- When AI Stops Being a Tool and Becomes an Attack Surface
When AI becomes an attack surface: prompt injection, end-to-end attack chains, at-risk architectures, and defensive actions.
- Fackel: an autonomous pentest framework powered by ReAct agents
Fackel: a multi-agent pentest framework where LLMs decide strategy. Architecture walkthrough, design decisions, and lessons learned.
- Device Code Phishing + Vishing: How Attackers Compromise Microsoft Entra Accounts Using Legit Login Pages
Device code phishing combined with vishing targeting Microsoft Entra: how the OAuth flow gets abused, what to monitor, and how to mitigate.
- The State of the Art in AI Agents (2026): What ‘Modern’ Actually Means
A practical overview of modern AI agent systems: tool use, retrieval, memory, verification, multi-agent patterns, evaluation, and security.
- Security Implications of Probabilistic Reasoning in Generative AI
A rigorous analysis of how probabilistic reasoning in generative models shapes security risk, failure modes, and robustness.
- The Cost of Abstraction: When Layers Hide Security and Reliability Risks
Argues that abstraction layers can obscure failure modes, shift risk across boundaries, and weaken assurance unless their assumptions are made explicit.
- Why Traditional Threat Modeling Breaks Down in Generative AI Systems
Probabilistic behavior, distributional risk, and system composability invalidate core assumptions of classical threat modeling for generative AI.