Articles
Long-form writing on tech, culture, and the edges of the internet.
Recruiters filtered out the operators who can actually breach
Why most pentesters fail within ninety days: identity reasoning, EDR evasion, and control bypass sit outside the certifications they trained on.
Rockstar's snowflake boundary failed
Your backlog is my inventory
Technical, cognitive, and intent debt operate as live attack vectors. The gap between recognition and remediation is where breaches occur.
Your MSSP is selling you blindness.
MSSPs run perimeter-era detection while attackers operate inside the identity boundary. The gap is structural, not a resourcing problem.
Your Phone Is Nation-State Inventory
UK confirms 100 countries hold mobile spyware. The handset trust model has failed. Identity is the boundary, not the device.
Back Button Hijacking Is Not a Bug-It's a Trust Boundary Failure
Back button hijacking isn't a bug-it's a trust boundary failure. When client-side state persists after logout, authenticated content remains accessible without server-side validation. This is not browser behavior; it's a design flaw in access control enforcement.
How Production Systems Actually Work With LLMs-Not Which Model You Choose
Production-grade AI systems don't depend on choosing between Claude and ChatGPT. They rely on consistent engineering: input sanitization, output validation, fallback logic, and structured pipelines-regardless of the underlying LLM.
How Trust Delegation Without Revalidation Creates Systemic Failure
Systems optimized for trust delegation without revalidation create persistent vulnerabilities. When automation assumes ongoing validity from trusted sources, adversaries exploit consistency-without breaking in-to propagate compromise at scale.
Running Gemma 4 Locally via Codex CLI: What Actually Works in Practice
Running Gemma 4 locally via Codex CLI offers isolation but not guaranteed consistency. Real reliability comes from input validation, output schema checks, and disciplined system design-not the model alone.
The Real Risk Isn't AI-It's Context Ignorance in Cybersecurity
AI-generated attacks fail in production due to unvalidated assumptions about access controls. The real risk isn't AI-it's context ignorance in cybersecurity operations.
The Router Is Not a Passive Device - It's the Attack Surface
Routers with default credentials and unpatched firmware are actively exploited due to lack of visibility and control. This post defines what failed, why it failed, and the systemic pattern that enables exploitation across infrastructure types.
Why 'AI Agent in Seconds' Platforms Fail in Production
Most 'AI agent in seconds' platforms sacrifice reliability for speed. Real production use demands validation, state persistence, and observability-features most no-code tools lack. This post explains why quick deployments fail at scale and how to build systems that actually endure.