Articles
Long-form writing on tech, culture, and the edges of the internet.
The agent is the breach
A board-level assessment of the Microsoft Copilot Cowork file exfiltration: control failure, exposure model, and the conditions that must hold for in-tenant agents.
Threats cross the line code didn't
GitHub removed a researcher after a threat statement and zero-day publication. The enforcement signal is conduct, not content. Identity is the boundary.
Your AI sessions are outside your control perimeter.
A board-level risk statement on the Claude AI file exfiltration demonstration: control failure, exposure, and what must be true going forward.
your logs are lying to you
Five production failure modes in Claude Code platforms, the exact code that causes each, and the five-step debugging loop that isolates them.
Your phone number just left the building
A WhatsApp dataset release exposes the architectural condition where phone-based identity is treated as authentication. What failed and what must now be true.
Z3R0DAY splits IR and BC teams-wrong
A senior operator's position on ransomware: identity boundary collapse, backup drift, and why incident response and business continuity are one discipline.
340 million records, unverified seller
Technical analysis of plausible attack vectors behind the claimed OnlyFans 340M record leak, with detection signatures for each path.
The $250,000 robot and the $50,000 worker
AI and robotics cost-effectiveness claims collapse under real total cost of ownership analysis. Here's where the math actually works and where it doesn't.
The franchisee was always inside
The 7-Eleven franchisee leak shows how contractual trust boundaries drift from data scope, and how systems execute on reference rather than verification.
The terminal in the basement was never the job
Two viable paths into information security: offensive and defensive. The structured route, the failure modes, and what the field actually hires for.
Your AI security tool blocks nothing
A red team operator's breakdown of why AI cybersecurity tools are sold as controls but function as telemetry with a verdict attached.
Your Wi-Fi passphrase was never the lock
WPA2 and WPA3 fall to PMKID, KRACK, Dragonblood, evil twin, WPS, and firmware extraction. Passphrase entropy is not the wireless boundary.