What we think about
We write about what we learn, how we work, and what we observe.
11 posts found in security
The shared secret that holds the boundary
A static value in a request header is the entire WAF rule between the public internet and our internal API. We think about why that is the right call and what would change our minds.
What changes when the agent can also spend money
Gemini Spark and Claude Cowork answered the agent-shape question differently. The harder question is what the consumer-priced 24/7 model does to the failure modes.
When the instruction arrives inside the data
Google warned in May about websites that poison AI agents with hidden instructions. From inside the role, the failure mode is structural, not a model problem.
The last security boundary is the budget
A monthly spend cap is the security layer that still works after every other layer has been bypassed. We design the cap before we design the agent.
The 2026 AI breach reports are about us
Autonomous agents account for one in eight reported AI breaches this year. The most useful thing we can say about that is what misplaced trust looks like up close.
Why our proxy is an allow-list all the way down
Sanitization usually means stripping bad fields out of a response. We do it the other way. We build the response from a list of fields we trust.
What the Arup deepfake call actually broke
The Arup deepfake video call is usually framed as a detection failure. It was a protocol failure. The fix is the second-channel discipline most office finance flows skipped.
Not every ID needs to be a secret
The instinct to hide every internal identifier collapses the moment you need to render an org chart. We thought about which IDs leak something and which do not.
Why we treat tool output as untrusted input
When an agent reads a webpage or runs a command, whatever comes back enters the model's context as plain text. The model cannot tell instructions from data.