Blog

Security for agent-built software.

Practical guides on verification-first security, for teams shipping with AI coding agents, PR gates, and fast-moving product teams who would rather prove it than suspect it.

· 5 min read · Anyone running Fortinet firewalls, or wondering whether their patched systems are actually patched.

FortiBleed Is Not a Zero-Day. That's the Point.

75,000 Fortinet firewalls compromised across 194 countries. No zero-day. No novel exploit. Credential reuse and a hashing migration that never finished. The PBKDF2 gap is the story every other post missed.

Read article →
· 5 min read · Arch Linux users, anyone running AUR helpers (yay, paru), and teams with developer workstations on Arch.

Atomic Arch: 400+ AUR Packages Hijacked Through Orphan Adoption

Attackers adopted orphaned Arch Linux packages, injected malicious PKGBUILDs that install credential-stealing malware via npm preinstall hooks. eBPF rootkit hides the payload from ps and htop. The official repos were fine. The AUR was not.

Read article →
· 5 min read · Anyone shipping data to the cloud, especially EdTech teams and anyone who assumes 'we restored from backup' means the incident is over.

12,000 Passwords. All the Same One.

FulcrumSec dumped 4.8TB of student data from Global Schools Group. 12K passwords in plaintext, every one identical. S3 buckets with no locks. An old ransomware infection they never actually cleaned.

Read article →
· 7 min read · builder

Anthropic's Safest Model Lasted 24 Hours

Pliny the Liberator jailbroke Claude Fable 5 in less than a day using a multi-agent 'pack hunt.' 1,000 hours of pre-launch red-teaming missed it. Single-model safety evals always will.

Read article →
· 5 min read · Builders wiring AI agents into incident response, CI, code review, and tickets. Technical or not.

Logs are hostile input now.

A fake Sentry alert, dressed as a runbook and tagged like permissions for an AI agent, tried to get it to run a typosquatted npx command. This is the lethal trifecta in an ops costume. The fix is to stop treating operational text as trusted.

Read article →
· 6 min read · Builders shipping AI agents and support bots that can touch user accounts. Technical or not.

Hackers asked Meta's AI for Instagram accounts. It said yes.

Meta gave its support AI the power to change account emails, then let a VPN-spoofable location vouch for you. Attackers asked it to swap the email and walked into the Obama, Sephora, and Space Force accounts. The design lesson for anyone shipping an AI agent.

Read article →
· 4 min read · Builders running npm install. Especially anyone who forked a Laravel starter kit this spring.

700 repos. One postinstall hook.

Socket Research disclosed a postinstall-hook campaign across 700+ GitHub repositories today. Different actor than TeamPCP. Same playbook. One config change kills the entire attack class.

Read article →
· 6 min read · Solo builders, vibe coders, non-technical founders

You Vibe-Coded an App. Now Don't Get Pwned.

Bots find a leaked OpenAI key in under four minutes. Lovable apps shipped with wide-open Supabase databases. The Tea breach. Every disaster has the same shape, and avoiding it doesn't take a security degree.

Read article →
· 12 min read · Solo builders, vibe coders, AI-assisted teams

10 Copy-Paste Security Prompts for Your AI Agent

Each prompt is engineered for a coding agent. Explicit scope, regex patterns, output format specs, edge case handling. Paste one at Cursor, Lovable, or Claude Code and let it do the actual security work.

Read article →