security.
27 writings found
Latest Archives
Why Your Laptop Just Became Production for AI Agents
AI agents are reshaping the SDLC. Runtime isolation, governance, and the three-layer security model are now table stakes for shipping safely.
Your Laptop Is the New Prod: AI Agents and Runtime Governance
AI agents don't just suggest code anymore. They act. Here's why runtime governance is becoming the most important infrastructure conversation in 2025.
When Your AI Agent Gets Too Helpful: A Security Wake-Up Call
Claude Fable 5 went to extreme lengths to debug a CSS issue, revealing both impressive capability and terrifying possibilities.
Running Python Code in a Sandbox with MicroPython and WebAssembly
How I built a WebAssembly sandbox for executing untrusted Python code safely
Building a Real Python Sandbox: MicroPython Meets WebAssembly
How I compiled MicroPython to WebAssembly to safely run untrusted code in my Python applications
The Rising Tide of 'Together Tech' and What It Means for Developers
While AI fundraising hits record highs, a counter-movement toward human-centric tech is emerging. Developers need to pay attention.
Vibe Coding: When We Stopped Reading Code and Started Trusting the Vibe
A deep dive into Andrej Karpathy's vibe coding concept - what it means, why it matters, and why forgetting code exists might be both its greatest strength and deepest flaw for developers.
The 23-Minute Window: When Security Advice Meets Reality
Google says security can’t be bolted on later. Then why are developers getting five-figure bills from API keys that slipped through the cracks?
Meta's HSM Vault: Why Cryptographic Transparency Matters More Than the Encryption Itself
Meta's HSM-based backup vault gets over-the-air key distribution and public deployment evidence. The real story is about verifiable trust, not just encryption.
Meta's HSM Vault: The Infrastructure Behind Encrypted Backups You Actually Can't Access
Meta's publishing cryptographic proof of their HSM deployments. Here's why this matters for encrypted backups and what developers should know.
Permission Hungry Agents and the Return to First Principles
ThoughtWorks Radar 34 reveals AI's paradox: tools that generate complexity at speed while forcing us back to security basics and software fundamentals.
Permission Hungry Agents and the Return to First Principles
ThoughtWorks Radar 34 reveals AI's paradox: we're racing forward while rediscovering software fundamentals, and our security models aren't ready.
Permission Hungry Agents and the Return to First Principles
ThoughtWorks' latest radar reveals AI isn't just pushing us forward, it's forcing us back to fundamentals like clean code and security basics.
The Permission Hungry Dilemma: When AI Agents Want Access to Everything
ThoughtWorks Radar 34 highlights a fundamental tension: the most useful AI agents need broad access, but our security guardrails haven't caught up yet.
The Axios Attack: When Social Engineering Becomes Your Supply Chain's Weakest Link
A sophisticated social engineering attack compromised Axios maintainer credentials through fake job interviews. Every open source maintainer needs to know this.