Blog

Field notes for building safer software.

Public-safe writing on product security, offensive practice, AI-assisted security work, and the craft of communicating risk clearly.

MCPs And Agent Skills Are A Supply Chain Problem

Useful automation still needs provenance, review, least privilege, and an assumption that helpful tools can be hostile.

AI SecuritySupply Chain

AI Can Speed Up Security Work, But It Cannot Replace Judgment

AI is useful as acceleration. It still needs context, validation, and a human willing to say no.

AI SecurityAppSec

How Hands-On Exploitation Made Me Better At Product Security

Offensive practice helps defenders reason about product behavior, not just vulnerability categories.

Product SecurityOffensive Security