Writing

My weekly take on AI security — the one signal worth holding onto from each Context Window edition.

Latest · Edition #20

The Autonomous Adversary

For as long as we've defended systems, one quiet constant held the whole game together: an attack moved at the speed of a person. A human had to read the foothold, decide the next step, type the command, and wait.

For as long as we've defended systems, one quiet constant held the whole game together: an attack moved at the speed of a person.
Read more Listen

June 22, 2026

Archive

June 15, 2026 · #19

The Wall Faces the Wrong Way

A US export-control directive made Anthropic shut off two of its most capable models for every customer on earth at once.

Read more

June 8, 2026 · #18

Posture Belongs at Runtime

And they're right to, getting a model to ignore its rules is a real problem.

Read more

June 1, 2026 · #17

Posture Has to Become Agentic

Two numbers from this week have been rattling around in my head.

Read more

May 25, 2026 · #16

The Attacker Doesn't Need Your Bugs

The extension had access to a developer's credentials.

Read more

May 18, 2026 · #15

The race changed speed.

TeamPCP didn't just attack again this week.

Read more

May 11, 2026 · #14

"Look, an instruction!" That's the bug.

Every week this newsletter covers a new place an attacker hid an instruction, and a new AI assistant that found it and ran it.

Read more

May 4, 2026 · #13

When Trust Is the Exploit

The angle that stuck with me this week isn't about any single vulnerability.

Read more

April 27, 2026 · #12

Three Layers, Three Attack Surfaces, One Agent

Most security teams are securing one layer.

Read more

April 20, 2026 · #11

Every Consultancy Is a Honey Pot Now

The Big Three consulting firms don't just advise on AI.

Read more

April 13, 2026 · #10

Anthropic’s Oppenheimer Moment

They did something more permanent: they told the world it exists, it works, and it finds zero-days in every major OS and browser, some of them sitting undetected for 27 years.

Read more

April 6, 2026 · #9

Instructions Are Not Guardrails

North Korea convinced an npm maintainer to trust an AI-generated persona by writing technically convincing messages for two weeks.

Read more

March 30, 2026 · #8

Zero Day to Zero Second, When Security Tools Become the Weapon

The TeamPCP campaign broke three security reflexes we've relied on for decades.

Read more

March 23, 2026 · #7

AI Didn’t Create New Vulnerabilities, It Made Old Ones Affordable

Infrastructure was never fully hardened, and for years, it didn't need to be.

Read more

March 16, 2026 · #6

Built-in AI Security Is a Sensor, Not a Solution

OpenAI buying Promptfoo is genuinely good news for the industry.

Read more

March 8, 2026 · #5

Zero Trust for Agent Memory

A decade ago, the industry made a fundamental shift: stop trusting internal network traffic.

Read more

March 1, 2026 · #4

Not All Agents Are Built Equal, Why Posture Management Must Evolve for Non-Deterministic Risk

Pro-code agents behave like traditional apps, deterministic, scoped, predictable.

Read more