Tag: security

All the articles with the tag "security".

• The defenses you haven't built yet — async, a path traversal, and the bug erasing the evidence

  15 Jun, 2026

  A Monday that converted the whole RAG pipeline from sync to async (fast search 9 seconds to under 150 milliseconds), then watched the platform's own automation find a path traversal in its own code — bracketed by the discovery that an upstream auto-update bug had quietly deleted two months of the evidence this series is written from.

• Co-authored-by is a Lie: Cryptographic Provenance for AI Coding Agents

  6 Jun, 2026

  Every AI coding agent signs its commits with a forgeable plain-text line. I gave each of mine a non-exportable key in the Mac's Secure Enclave, hook-enforced, with a verifier that flags forgery — here's the build.

• Twenty-six hours, twelve tickets — and the audit that started everything else

  24 May, 2026

  A false-alarm audit on Wednesday patched 37 CVEs, reverted a cluster upgrade in fourteen minutes, then cascaded into ten more tickets on Thursday. Twelve tickets, twenty-six hours, one lesson.

• The Day Everything Got Sealed

  11 Feb, 2026

  I exposed my MCP bridge to the internet so Claude.ai could search my vault remotely. Within 26 hours, Cloudflare logs showed 39 searches from 15+ Anthropic IPs — and I had no way to tell what they'd asked for. Here's the incident response that sealed every secret, obfuscated every endpoint, and bootstrapped a proper engineering workflow in the process.