Articles
Long-form writing on tech, culture, and the edges of the internet.
Managed Agents pricing is an architecture decision
Claude Managed Agents pricing isn't a cost center - it's an orchestration lever. Here's how to evaluate it against real total cost of ownership.
ShinyHunters exfiltrated Cisco source through Trivy
ShinyHunters exfiltrated Cisco source code through Trivy. The scanner inherited the runtime's identity. The runtime held everything.
Your second factor is a phone call
SMS 2FA on PayPal is a routing decision, not a credential. The session cookie is the boundary, and attackers have already routed around the factor.
A postcard breached a warship
A 5 dollar Bluetooth tracker hidden in a postcard broadcast a 585 million dollar warship's position for 24 hours. The control that failed was classification.
Binding 65535 ports is the easy part
Architecture and evasion realities of an LLM honeypot binding all 65535 ports - TPROXY, latency tiers, fingerprint defence, and detection traps.
CISA flagged a 17-year-old Excel flaw
A 17 year old Excel flaw is being actively exploited and flagged by US cyber defence. Operator analysis of what failed, why, and what must change.
Engineering teams keep granting agents production database writes
AI agent vulnerabilities are systems engineering failures, not security failures. The fix is architectural containment, not better prompts or guardrails.
Lagos published guidelines, not controls
Lagos cybersecurity guidelines describe intent, not enforcement. An operator analysis of why policy without system-level controls does not stop attackers.
Pick offense or defense
Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.
The helpdesk chat window is the breach
Microsoft Teams helpdesk impersonation succeeds because identity verification is placed at the channel boundary, not at the credential action.
The power adapter was the attack
A WiFi camera concealed in a hotel power adapter transmitted to a foreign server. The boundary failed at the physical layer.
Your security scanner is the breach.
Cisco source code stolen, AWS keys breached, 300 repositories cloned. The exfiltration channel was Trivy operating inside Cisco's CI pipeline.