Insights on cybersecurity, architecture, and engineering
When an AI agent takes action on behalf of a user, the identity model underlying that action is more complicated than 'the user authorized it.' We haven't built the infrastructure to resolve that ambiguity — and that gap has consequences.
Read more →For the past several weeks I've been running an AI system with real access to real infrastructure. Here's what the architecture looks like, what decisions I made, and what I'd do differently.
Read more →Prompt injection is being treated as a prompt problem. It isn't. It's an architecture problem — and it's the same one we've already described.
Read more →AI is being described as a fundamental transformation of the security landscape. Some of that is true. Most of the important parts aren't.
Read more →We've known for decades that humans make mistakes at a predictable, stable rate. Security is one of the last domains still designing systems that require perfect behavior.
Read more →MFA was supposed to end credential theft. It didn't. Understanding why reveals the architectural mistake we keep making.
Read more →Why treating authentication as a one-time gate instead of a continuous signal is the root cause of credential theft incidents.
Read more →