skip to content
Topic

security

7 essays on this topic.

Papers
  1. Move the gate to the package manager

    When a supply chain attack lands and the timeline is asking for discipline, the durable fix is one layer down — at the package manager, not at your attention span.

  2. The missing layer between model risk and application security

    Model risk reviews the model. Application security reviews the application. Neither sits behind the agent at execution time, watching the verbs as they go out.

  3. The OAuth Token You Forgot About

    Vercel was breached through a third-party AI tool's OAuth token. The lesson is not about Vercel's security — it is about how every AI tool you onboard extends your attack surface in ways your governance framework does not track.

  4. The Risk Without an Engineering Solution

    Every other agentic AI risk has an engineering answer. Prompt injection doesn't. That changes everything about how you design controls.

  5. The Lethal Trifecta: What OpenClaw's Security Crisis Teaches About AI Agent Architecture

    OpenClaw's 245 CVEs weren't caused by malice — they were caused by a missing circuit breaker. The pattern applies to every AI agent you'll ever evaluate.

  6. Shadow Agents Are Coming for Your Org

    Open-source agent adoption can outpace enterprise security controls by weeks. Governance teams need a policy before the agents arrive uninvited.

  7. This Year's DeepSeek

    An open-source AI agent framework became the fastest-growing project in GitHub history — mostly in China. The pattern is the same as last year. So is the security panic.