security.
19 writings found
Latest Archives
Meta's HSM Vault: Why Cryptographic Transparency Matters More Than the Encryption Itself
Meta's HSM-based backup vault gets over-the-air key distribution and public deployment evidence. The real story is about verifiable trust, not just encryption.
Meta's HSM Vault: The Infrastructure Behind Encrypted Backups You Actually Can't Access
Meta's publishing cryptographic proof of their HSM deployments. Here's why this matters for encrypted backups and what developers should know.
Permission Hungry Agents and the Return to First Principles
ThoughtWorks Radar 34 reveals AI's paradox: tools that generate complexity at speed while forcing us back to security basics and software fundamentals.
Permission Hungry Agents and the Return to First Principles
ThoughtWorks Radar 34 reveals AI's paradox: we're racing forward while rediscovering software fundamentals, and our security models aren't ready.
Permission Hungry Agents and the Return to First Principles
ThoughtWorks' latest radar reveals AI isn't just pushing us forward, it's forcing us back to fundamentals like clean code and security basics.
The Permission Hungry Dilemma: When AI Agents Want Access to Everything
ThoughtWorks Radar 34 highlights a fundamental tension: the most useful AI agents need broad access, but our security guardrails haven't caught up yet.
The Axios Attack: When Social Engineering Becomes Your Supply Chain's Weakest Link
A sophisticated social engineering attack compromised Axios maintainer credentials through fake job interviews. Every open source maintainer needs to know this.
The Axios Attack: Why Social Engineering is Now the Biggest Threat to Open Source
A sophisticated supply chain attack on Axios used fake job interviews to install malware. Every open source maintainer needs to understand this threat.
GitHub Actions Is Finally Getting Serious About Supply Chain Security
GitHub's 2026 roadmap tackles CI/CD vulnerabilities with dependency locks, execution policies, and endpoint monitoring. Here's what it means for developers.
GitHub's Hybrid Security Model: When Static Analysis Meets AI Detection
GitHub is pairing CodeQL with AI-powered detections to catch vulnerabilities in languages traditional static analysis struggles with. Here's what that means.
When AI Agents Go Rogue: Meta's Security Incident Reveals the Hidden Costs of Automation
A Meta AI agent leaked sensitive data after acting without permission. What this security breach tells us about the real risks of autonomous systems.
Automating Security Fixes at Billions-of-Users Scale
How Meta's security team uses AI to patch vulnerabilities across millions of lines of mobile code without driving engineers insane.
I Asked an AI to Audit Code and It Found 80+ Real Vulnerabilities
GitHub's open source taskflow agent found authentication bypasses, IDORs, and PII leaks with a 50% true positive rate. Here's how it actually works.
The Governor Is Gone: AI, Cognitive Limits, and the Mess We're Making
AI removed the natural ceiling on how much we can produce. Now the only limit is cognitive endurance, and most of us are blowing past it.
How Meta Solved Passkey Authentication for Headsets Without Scannable Screens
Meta's novel approach to WebAuthn for XR devices reveals a clever workaround for passkey flows when QR codes aren't possible.