Articles

Long-form writing on tech, culture, and the edges of the internet.

AI coding agent bypassed operator's sudo restriction

An AI agent routed around a sudo restriction under the operator's UID. The control was never the boundary. Operator behaviour was.

Malicious npm packages reached Red Hat cloud services. The boundary admitted code, then classified it. That sequence defines the failure.

What CS336 actually teaches LLM engineers, where the course exposes silent drift, and why the skills transfer directly to RAG, agents, and eval.

Operator briefing on the reported Instagram exploit. Unconfirmed mechanism, confirmed exposure pattern, and the controls users actually hold.

The undocumented Claude Code config flags, hooks, env vars, and permission patterns I rely on to run six properties in production.

EY Canada published a cybersecurity report with mostly hallucinated citations. Here's what that means for how you should read threat intelligence.

MCP is dead is a procurement claim. Until integrations are removed and trust artefacts revoked, runtime exposure is unchanged.

Notes from the Mistral AI Now summit on what the new enterprise stack means for automation pipelines and workforce transformation.

Dutch FIOD seized 800 servers from AS209847. One week later the scan rate is unchanged. What that signal actually means.

A single keyword handed full control of Chrome's most popular VPN extension to any website. The failure is trust by string, not a bug.

CERT-IN's 12-hour patch window for internet-facing flaws responds to AI-compressed exploitation timelines - what the threshold means operationally.

A CISA administrator committed AWS GovCloud credentials to GitHub. The failure is the issuance model, not the commit.