Insights on cybersecurity, architecture, and engineering
For the past several weeks I've been running an AI system with real access to real infrastructure. Here's what the architecture looks like, what decisions I made, and what I'd do differently.
Read more →Prompt injection is being treated as a prompt problem. It isn't. It's an architecture problem — and it's the same one we've already described.
Read more →AI is being described as a fundamental transformation of the security landscape. Some of that is true. Most of the important parts aren't.
Read more →We've known for decades that humans make mistakes at a predictable, stable rate. Security is one of the last domains still designing systems that require perfect behavior.
Read more →MFA was supposed to end credential theft. It didn't. Understanding why reveals the architectural mistake we keep making.
Read more →Why treating authentication as a one-time gate instead of a continuous signal is the root cause of credential theft incidents.
Read more →