Deep technical dives on application security, infrastructure scanning, SAST, secrets management, and the mechanics of building secure software pipelines — no marketing fluff.
IDPs centralise secrets, pipelines, and infrastructure access. A single misconfiguration or compromised plugin turns your IDP into a master key for the entire engineering organisation.
When Git is your source of truth for infrastructure state, a commit to your config repo is equivalent to a deployment to production. Most teams haven't updated their security model to match.
OTEL auto-instrumentation captures HTTP authorization headers, full SQL queries, and environment variables by default. Your trace backend may be your most comprehensive data breach waiting to happen.
Istio's default PERMISSIVE mode accepts both mTLS and plain-text traffic. Services believe they are zero-trust; the mesh accepts everything. Here's how mTLS is silently bypassed in practice.
Feature flags are a parallel access control system governing who reaches unreleased functionality — yet most organisations audit their IAM policies rigorously while never reviewing their feature flag targeting rules.
A single malicious message published to a Kafka topic is consumed by every subscriber. The async nature of event streams means attacks can propagate hours before they're detected.
Backstage's software catalog maps every service, dependency, and owner in your engineering org. Its plugin ecosystem runs third-party code with full access to your platform's service accounts.
Programmable CI frameworks let pipelines do anything an application can — including the bad things. Pipeline code has access to deployment credentials, signing keys, and production environments.
Remote dev environments give engineers full development capabilities — and move developer secrets, cloud credentials, and organisation tokens into managed cloud containers. Here's the security model.
Temporal's durable execution model persists workflow state indefinitely and allows external signals, queries, and replays. Each of those capabilities is also an attack vector against your business logic.
WASI's capability model starts with zero access — but over-granted capabilities, host interface bugs, and supply chain risks in the WASM component ecosystem create real attack surfaces in production.
Guardrails are probabilistic classifiers with false negative rates, adversarial blind spots, and architectural limitations. Understanding those properties is the difference between a security control and security theatre.
V8 isolates are not OS-level containers. Workers KV used as a secrets store, Wrangler config shipping credentials to the edge, and Durable Object concurrency bugs create a distinct attack surface at the CDN layer.
Infrastructure-from-code tools generate stacks from general-purpose languages. npm supply chain attacks in CDK dependencies, secrets in Pulumi state files, and over-privileged bootstrap roles are the overlooked risks.
Database migrations run with elevated database privileges, often automatically in CI/CD pipelines. Schema poisoning, migration runner over-privilege, and tampered migration history create silent data integrity and access control failures.
Module Federation loads JavaScript from remote CDN origins at runtime. A compromised remote module executes in your application's context with full DOM access — supply chain attacks at the frontend boundary.
gRPC's server reflection API exposes the entire service schema to unauthenticated callers. Protobuf deserialization of unknown fields and missing auth interceptors on streaming RPCs round out the attack surface.
Fine-tuning an LLM on poisoned data embeds attacker-controlled behaviour directly into model weights. Backdoor triggers survive RLHF. Base model supply chain compromise affects every downstream fine-tune.
Multi-tenant SaaS applications share infrastructure by design. Tenant ID injection, cache key collisions that expose cross-tenant data, and background jobs that process wrong-tenant records are systematic failures with serious breach implications.
No host OS access doesn't mean no attack surface. Fargate task role abuse via IMDS credential theft, over-privileged IAM, container image supply chain, and unrestricted network egress remain fully exploitable.
IP-based rate limits are bypassed with header spoofing. Path confusion routes requests around auth rules. Forwarded claim headers let attackers inject their own identity. Gateways centralise the false sense of security.
Chaos agents need deep production permissions to inject faults — which makes them ideal attack targets. Uncontrolled blast radius, missing experiment approval workflows, and privileged DaemonSets create a pre-built disruption toolkit for attackers.
eBPF powers Falco, Cilium, and Tetragon — and makes near-perfect rootkits. Verifier bypass exploits, privileged DaemonSet supply chain risks, and container escape via CAP_BPF are the attack surface security teams need to understand.
AI agents inherit service account permissions and can be manipulated into lateral movement across cloud environments. Here's the attack surface, exploitation chains, and how to constrain agent privilege at design time.
Model Context Protocol servers are exploding in adoption and most lack basic security review. Path traversal and tool poisoning turn your AI assistant's toolchain into a code execution primitive on the developer's machine.
Modern supply chain attacks coordinate simultaneous campaigns across npm, PyPI, Docker Hub, and GitHub Actions. Your single-ecosystem SCA tool sees each package in isolation — missing the coordinated campaign pattern entirely.
A low-privilege agent reads a document, gets injected, and passes the injected instruction to a high-privilege orchestrator that trusts it. Trust boundaries collapse through agent chains in ways that prompt-level defences cannot address.
Embeddings are not a one-way transformation. Inversion attacks can reconstruct source text from embedding vectors with high fidelity — a vector database breach is functionally equivalent to a plaintext document breach.
Service accounts, API keys, and OAuth tokens outnumber human identities 45 to 1 in cloud environments, with weaker rotation discipline and minimal monitoring. They are the primary target for cloud-native attacks in 2026.
Every pod has a service account token at a predictable path. Attackers use it for reconnaissance, RBAC escalation, cloud pivot via EKS Pod Identity, and accessing secrets across namespaces. Here's the full exploitation chain.
JSON body injection, GraphQL alias-based rate limit bypass, and stored XSS through API endpoints — the attack landscape has changed while many WAF rules have not. Here's the gap between the threats and your current tooling.
The unsafe keyword opts out of every Rust memory safety guarantee. Popular crates have had real CVEs rooted in incorrect unsafe code. Learn what unsafe can do wrong and how to audit it effectively.
runC mount setup runs as root and processes container-controlled path inputs. Symlink race conditions between path validation and mount execution have produced repeated container escape CVEs. Here's the vulnerability class in full detail.
LLM orchestration frameworks serialize chain state, memory, and tool configs. Injecting malicious keys into these objects can manipulate LLM behaviour, exfiltrate embedded API keys, and achieve arbitrary code execution on deserialization.
Falco and Tetragon use eBPF for best-in-class runtime monitoring. Attackers use the same capability to hide processes, harvest credentials, and blind detection tools from kernel level. Both sides of the eBPF security picture, fully explained.
The OAuth Device Authorization Grant is abused to bypass MFA by sending targets a real device code. The user authenticates on the genuine Microsoft or Google login page — and hands the attacker a valid access token. No fake website required.
Most IaC scanners run against your working directory — but Terraform modules sourced from Git are fetched at terraform init time, in the wrong place, or never at all.
npm audit only reads your lockfile. It has no idea about the jQuery 1.11 sitting in your static folder since 2015. Here is what it misses and how to actually find it.
Untrusted input flowing through ${{ github.event.issue.title }} into shell commands is a class of injection that static analysers routinely overlook.
Rotating a leaked key in your current branch does nothing to the commit SHA where it lived. Here is how attackers recover rotated secrets from public repositories — and how to actually remediate.
A CVE in a direct dependency gets patched. The vulnerable version stays in your lockfile via an indirect transitive path your scanner never flags.
Admission webhooks that fail-open during outages create a narrow window where unsigned, unscanned images bypass your entire security policy chain.
Modern prototype pollution chains through gadgets in popular frameworks in ways that rule-based SAST engines simply cannot model. Here is the gap.
RUN rm .env doesn't remove the secret from the image — it just hides it behind a whiteout file. Every previous layer is still there, still readable. Here is the extraction proof and the correct fix.
SSRF against 169.254.169.254 hands attackers temporary IAM credentials — no authentication required. Complete exploit chain, IMDSv2 limitations, and how to actually block it.
Three JWT attack classes that still work in production codebases: the alg:none bypass, the RS256-to-HS256 confusion attack using the public key as the HMAC secret, and kid parameter injection.
Generating a CycloneDX or SPDX SBOM checks the compliance box. Using it for continuous vulnerability management is a different problem. VEX integration, policy-as-code gates, and diff-based alerting — the full operational model.
Your CI/CD pipeline runs untrusted code with access to production secrets. Malicious pull requests, mutable Action tags, cache poisoning, and self-hosted runner compromise — the complete threat model and hardening checklist.
Step-by-step techniques to detect malicious code, obfuscated scripts, and embedded binaries in Git repos — using grep, YARA, ClamAV, Trivy, and git log forensics.
Set up static analysis with Semgrep, CodeQL, and Bandit in GitHub Actions and GitLab CI. Learn how to block builds on high-severity findings and reduce false positives.
Compare Trivy, Grype, and Docker Scout for container image scanning. Includes CI gate patterns, SBOM generation, and base image hardening strategies.
Detect leaked API keys, tokens, and credentials using grep patterns, Trufflehog, and Gitleaks. Set up pre-commit hooks and CI gates to prevent future leaks.
Plain-English guide to Software Bills of Materials: what they are, why Log4Shell made them essential, the difference between CycloneDX and SPDX, and how to generate one today.
All 10 OWASP Top 10 (2021) vulnerabilities explained with real vulnerable code, working exploits, and fixed versions — from injection and broken auth to SSRF and supply chain risks.
CI/CD scanning catches vulnerabilities minutes before merge. IDE scanning catches them seconds after they are written. The feedback loop difference changes developer behaviour permanently.
At a handful of repos, scanning is a CI config problem. At ten thousand, it is a distributed systems problem. Architecture, tooling, and process strategies for enterprise-scale AppSec.
Practical guide to SAST, SCA, secrets scanning, and IaC integration in GitHub Actions and GitLab CI — with real configuration examples and security gate patterns that actually block.
"SCA" and "dependency scanning" are used interchangeably in vendor marketing — but they describe different scopes. Understanding the difference determines whether your programme covers what you think.
LLMs generate code that looks correct but is often insecure. Hardcoded secrets, SQL injection via string interpolation, disabled SSL verification — the specific patterns AI code generators produce.
By the time a secret reaches CI/CD, it has already been committed to Git history. Git history is permanent. Secret and PII scanning must happen before the first commit.
IaC scanners apply static analysis to Terraform, CloudFormation, Kubernetes manifests, and Dockerfiles — catching misconfigurations before infrastructure is provisioned. Tools, techniques, and CI/CD patterns.
SAST covers some OWASP categories well and others not at all. A detailed breakdown of which require DAST or SCA — and what a complete OWASP compliance programme actually looks like.
SAST, DAST, IAST, SCA, secrets, IaC, container, malware — every scanner type explained in plain English, with what each finds, what it misses, and when to use it.
DAST finds vulnerabilities SAST cannot — DOM-based XSS, auth bypass, race conditions, session fixation — because it tests the actual running application. How to integrate DAST into your pipeline.
Copilot, Cursor, Claude, GPT-4o, Gemini — compared on code quality, security awareness, context handling, and real-world productivity. Which AI coding assistant is best for security-conscious teams?
Vibe coding ships products fast — but does it ship secure products? An evidence-based assessment of the vulnerability patterns AI-generated code introduces and how to mitigate them.
AI generates Terraform modules, reviews drift, and automates deployments — but introduces new IaC security risks. What is genuinely useful, what is dangerous, and how to keep AI-generated infrastructure secure.
AI can scaffold a full application in under an hour. But the security debt it creates — BOLA, hardcoded secrets, broken auth — can take months to pay down. How to measure the real cost.
AI coding is transformative but experienced engineers use it selectively. Context windows, edge cases, security blind spots, and maintainability debt — the real limits of AI-first development.
AI can accelerate every phase of the SDLC — from requirements and threat modelling to code review and deployment — without sacrificing security. A practical blueprint for AI-augmented secure development.
Prompt injection, training data poisoning, model extraction, adversarial examples, supply chain attacks — the attack classes that target AI systems and how to defend against them.
AI-generated code has distinctive structural, stylistic, and security patterns. Learn how to detect it in your codebase and why knowing changes how you should approach security review.
SQL injection is still one of the most exploited vulnerabilities on the web. Learn how attackers use it to dump databases, bypass auth, and take over servers — and how parameterized queries stop it cold.
Reflected, stored, and DOM-based XSS all let attackers run JavaScript in your users' browsers. Here's how each variant works, with real payloads, and why Content Security Policy is your best defence.
Broken access control is the #1 vulnerability on the OWASP Top 10. Learn how IDOR (Insecure Direct Object Reference) attacks work, why automated scanners miss them, and how to add server-side ownership checks.
APIs are the attack surface that keeps growing. This guide covers the OWASP API Top 10, JWT algorithm confusion, mass assignment, and how to automate API security testing in your CI/CD pipeline.
Prompt injection is the new SQL injection — and most teams building AI features don't know they're already vulnerable. Learn how direct and indirect injection work in LLM-powered apps and how to defend against them.
SolarWinds, Log4Shell, XZ Utils — supply chain attacks are on the rise. Here's exactly how dependency confusion, typosquatting, and build system compromise work, and what SBOMs actually help with.
Running containers as root, using outdated base images, storing secrets in ENV vars — these are the mistakes that turn a Docker deployment into a breach. Learn what to fix and how to scan for it automatically.
Hardcoded API keys and passwords committed to Git repositories cause some of the biggest breaches every year. Learn how attackers find them, why rotating isn't enough, and how pre-commit hooks and vaults prevent them.
"Never trust, always verify" is more than a slogan — it's a complete architectural shift. This guide explains the three pillars of Zero Trust, how micro-segmentation works, and what a real implementation roadmap looks like.
Open S3 buckets, IAM wildcard permissions, public RDS snapshots — cloud misconfiguration causes more breaches than zero-days. Learn the most dangerous misconfigs, how attackers find them in minutes, and how CSPM tools help.
Fixing a vulnerability in production costs 30x more than fixing it during development. DevSecOps is about embedding security into every stage of the pipeline — here's exactly how to do it with real GitHub Actions YAML examples.
Ransomware isn't just an IT problem — it's a software security problem. Learn the attack kill chain from initial access to encryption, how double extortion works, and the specific developer practices that reduce your blast radius.
Pen testing isn't the same as vulnerability scanning. This guide explains the difference, walks through the five phases of a real penetration test, and shows how automated DAST tools bridge the gap for teams without a red team.
A CVSS 9.8 score doesn't always mean "fix immediately" — context matters. This guide explains how CVSS scoring works, what EPSS adds, and how to prioritise a backlog of hundreds of CVEs without burning out your team.
CSRF tricks authenticated users into making requests they never intended. Learn how the attack works step by step, why it bypasses traditional auth, and how SameSite cookies and CSRF tokens are your two-line fix.
OWASP A02 isn't about accidentally exposing data — it's about shipping broken or missing cryptography. MD5 passwords, hardcoded keys, verify=False in HTTP clients, ECB mode. Here's what to actually fix.
Debug mode on, default credentials, exposed admin panels, missing security headers — security misconfiguration is the most common vulnerability OWASP records and the easiest to prevent with the right automation.
XXE exploits insecure XML parsers to read server files, trigger SSRF, and exfiltrate data out of band via DNS. If your app processes XML — SOAP, SVG uploads, document imports — and you haven't hardened your parser, you're likely vulnerable.
Pickle.loads with user input, Java ObjectInputStream without filters, PHP unserialize — these don't just crash your app. They hand an attacker a shell. Here's how gadget chains work and how to eliminate the risk.
../../../etc/passwd is the obvious payload — but URL encoding, double encoding, and null bytes bypass naive filters. The fix isn't filtering dots; it's canonicalising the path and verifying it stays inside your base directory.
shell=True with user input. exec() with a template string. These are how command injection happens — and the fix is using subprocess list form, not trying to escape metacharacters. Here's everything you need to know.
Credential stuffing works because users reuse passwords. Weak session IDs are enumerable. Predictable reset tokens are brute-forceable. This post covers the full spectrum of authentication failures and what modern apps should do instead.
BOLA is the number one API vulnerability — and it's just a missing user ownership check. Mass assignment sets fields attackers shouldn't touch. This guide walks through all 10 OWASP API risks with concrete code examples.
Negative quantities that trigger refunds. Race conditions that let a coupon be used twice. Workflow steps you can skip to get premium access for free. These flaws are syntactically correct code implementing the wrong rules.
Clickjacking layers your site in a transparent iframe and tricks users into clicking things they can't see. X-Frame-Options or CSP frame-ancestors stops it completely. Here's how the attack works and why JavaScript frame-busting doesn't cut it.
63% of security teams are using AI copilots for real-time security feedback in developer IDEs. Here's how these tools work under the hood, which vulnerability patterns they catch reliably, and how to integrate them without killing developer velocity.
Bearer tokens are stolen and replayed every day. Sender-constrained tokens with DPoP and mTLS bind credentials to the client — a stolen token is useless without the private key. Learn how to implement both.
SBOMs tell you what's in your software. Sigstore, SLSA, and in-toto attestations tell you whether it was tampered with. After the GhostAction attack in 2025, provenance verification is no longer optional.
Security Misconfiguration jumps to #2, a brand new A10 Exceptional Conditions category appears, and the data methodology changed. Here's the full breakdown of what's different in the 2025 edition and what your programme needs to update.
70% of enterprise codebases now contain AI-generated code. Copilot and other LLMs reliably get cryptography, error handling, and injection wrong in ways that classic SAST rules aren't tuned to catch. Here's what to do about it.
Employees are deploying Model Context Protocol servers without IT oversight, giving AI agents access to production databases, file systems, and APIs. Shadow MCP is 2026's shadow IT problem — and it's already in your environment.
WAFs guard the perimeter but they can't see inside your running application. Runtime Application Self-Protection instruments your code to block exploits from within — catching zero-days that WAF signatures will never catch.
Log injection lets attackers write fake log entries — making it look like they were never there, or framing other users. With CVEs in Django and Envoy Gateway in 2025, this underestimated attack class deserves a proper look.
Quantum computers will break RSA and ECC. The harvest-now-decrypt-later threat is real today — adversaries are recording encrypted traffic now to decrypt later. NIST finalised its post-quantum standards in 2024. Here's your migration guide.
Overpermissive RBAC is the #1 way attackers escalate from a compromised pod to full cluster ownership. Here are the wildcard traps, dangerous permission combinations, and privilege escalation chains we find in almost every Kubernetes assessment.
OAuth 2.0 is everywhere but almost nobody implements it correctly. Open redirects steal auth codes, missing state parameters enable CSRF, tokens leak in referrer headers, and PKCE implementations have bypassable edge cases.
AI remediation engines are now generating merge-ready patches from scanner findings. How they work, what they get right, what they get dangerously wrong, and how to build an approval gate that keeps humans in the loop.
GPT-4o, Claude, and Gemini can generate security remediation pull requests from vulnerability reports. The output looks convincing — but the correctness rate varies wildly by vulnerability class. Here's the data.
Most SAST findings are noise. AI triage classifiers trained on your codebase context can suppress false positives with 90%+ precision — here's how to build and validate one without introducing blind spots.
Autonomous security agents can detect a vulnerability, understand its context, generate a fix, open a PR, and monitor the deployment — without human intervention. The architecture, risks, and guardrails you need.
npm audit fixnpm audit fix blindly upgrades. AI remediation understands breaking change risk, API compatibility, and test coverage before proposing a version bump. The difference matters at scale.
From a raw CVE identifier to a reviewed, tested, merge-ready pull request — entirely driven by AI. The pipeline design, the LLM prompting strategy, and the human-in-the-loop checkpoints you must never skip.
AI can generate a STRIDE threat model from an architecture diagram and then produce prioritised remediation recommendations — closing the gap between threat identification and actual code fixes.
Traditional SOAR playbooks require months of manual authoring and break whenever environments change. AI agents that understand intent, not just rules, can replace brittle playbooks with adaptive response.
Security backlogs grow because findings arrive faster than engineers can remediate them. Continuous auto-remediation flips the model — every finding triggers an automated fix attempt before it reaches the backlog.
tfsec flags an open security group. An AI agent understands the intent of the resource, generates a least-privilege fix, validates it with terraform plan, and opens a PR — in under two minutes.
Detecting a leaked secret is the easy part. Rotating it, updating all consumers, and re-deploying without downtime is the hard part. AI agents can orchestrate the full rotation workflow — here's how.
CVSS scores tell you theoretical severity. EPSS predicts exploitation probability. LLMs understand your codebase context. Combining all three produces a remediation queue that matches real-world risk — not spreadsheet risk.
GitHub Actions turns your repository into a fully automated CI/CD platform. Learn how workflows, jobs, steps, and triggers work — and how to build your first pipeline from scratch.
GitLab CI/CD jobs are the atomic units of your pipeline. Learn how to configure stages, jobs, artifacts, caching, and rules in .gitlab-ci.yml — from first pipeline to advanced patterns.
Your CI/CD pipeline is where shift-left security happens. Learn how to integrate SAST, SCA, secret scanning, container scanning, and DAST into your delivery pipeline — without slowing teams down.
What separates a mature DevSecOps platform from a collection of scanning tools? This guide breaks down the capabilities, integrations, and cultural practices that define an ideal DevSecOps solution.
Jenkins is powerful but exposes significant attack surface when misconfigured. Learn how to harden Jenkins controllers, secure credentials, lock down plugins, and integrate security scanning into Jenkinsfiles.
A mature Secure SDLC embeds security at every phase — design, development, testing, and deployment. Here is what each phase looks like when security is genuinely integrated rather than bolted on.
Secure SDLC and DevSecOps are often used interchangeably — but they represent different eras of thinking about software security. Here is how they differ and how they relate to each other.
The later a vulnerability is found in the SDLC, the more it costs to fix. Shift left security moves detection to design, coding, and CI/CD — before vulnerabilities reach production.
GitHub Actions runs with access to your secrets, code, and cloud environments. Learn how to lock down permissions, pin actions to SHAs, use OIDC tokens, and prevent workflow injection attacks.
Attackers target your CI/CD pipeline, not just your code. Learn how dependency confusion, malicious actions, build poisoning, and artifact tampering work — and how to defend against each.
GitLab includes SAST, DAST, SCA, secret detection, and container scanning built in. Learn how to configure each scanner, understand their real limitations, and fill the gaps.
You can't improve what you don't measure. Learn the DevSecOps metrics that matter — MTTR, vulnerability escape rate, security debt, false positive rate, and developer adoption.
A missing security header is a one-line fix that prevents an entire class of attacks. Every header that matters — CSP, HSTS, X-Frame-Options, Referrer-Policy — what it does and how to configure it.
Kubernetes ships with insecure defaults. Learn how to harden RBAC, Pod Security Standards, network policies, secrets management, and image scanning for production clusters.
File upload endpoints are one of the most reliable paths to full server compromise. A single missed validation can go from image upload to remote code execution in three requests.
A wildcard Access-Control-Allow-Origin: * on an authenticated API is a complete bypass of the same-origin policy. Learn how to test for and fix CORS misconfigurations.
Introspection leaks your entire schema, batching enables credential stuffing, and a single unguarded resolver can expose data across tenants. Here is how to harden GraphQL APIs.
If you are hashing passwords with MD5 or SHA-256, your users' passwords are effectively stored in plaintext. Learn why password hashing requires special algorithms and which one to choose.
A dangling DNS record pointing to a decommissioned cloud resource is all it takes. An attacker claims that resource and suddenly serves content under your domain — including phishing pages.
An open redirect turns your trusted domain into a phishing launchpad. The URL starts with your legitimate domain, email security tools pass it, and users trust it — before being silently sent elsewhere.
SSTI is an injection vulnerability where user input is processed as a template directive. In Jinja2, Twig, and Freemarker it commonly leads to remote code execution on the server.
Threat modeling finds architectural security flaws before they become vulnerabilities in production. A 60-minute session with a data flow diagram surfaces issues that scanners never will.
How to manage API keys, tokens, and credentials securely — vaults, .env hygiene, CI/CD injection patterns, rotation, and secret scanning at every stage of the pipeline.
Authentication, authorisation, rate limiting, input validation, transport security, and error handling — a comprehensive checklist based on the OWASP API Security Top 10.
How a unified security scanning platform maps to all four major compliance frameworks simultaneously — reducing audit overhead and generating evidence automatically.
How to implement X-Frame-Options and CSP frame-ancestors to prevent clickjacking — with ready-to-use examples for Nginx, Apache, Express, Django, and FastAPI.
Choosing the right algorithms, modes, and key lengths — AES-GCM, RSA, ECC, Argon2, TLS 1.3 — and the common cryptographic mistakes that silently undermine security.
Image scanning, manifest misconfiguration analysis, Pod Security Standards, RBAC hardening, runtime detection with Falco, and full CI/CD pipeline integration.
The telltale patterns of unreviewed AI-generated code, how it affects false positive rates in security scanning, and an honest look at the pros and cons of vibe coding in production software.
A malicious model on Hugging Face executes arbitrary code the moment you call torch.load(). Pickle exploits, backdoored weights, and how to actually protect your ML pipelines.
70% of Microsoft and Google CVEs are memory safety bugs. Buffer overflows, use-after-free, and heap corruption — why they persist in C/C++ and what a Rust migration actually involves.
Malicious instructions hidden in documents, emails, and web pages hijack AI agents without the user ever typing the attack payload. How it works and what actually stops it.
Passkeys eliminate phishing via origin-bound public-key cryptography. But account recovery flows, algorithm confusion bugs, and missing signature counter checks silently undo those guarantees.
Privileged containers, secrets in values.yaml, missing NetworkPolicy, and OCI registry supply chain risks baked into community chart defaults — and how to find them correctly.
Redeem a coupon twice, exceed a limit, withdraw more than your balance — TOCTOU bugs are exploitable by anyone with a concurrent HTTP script. HTTP/2 single-packet attack makes them trivially reliable.
Voice cloning in 3 seconds. Personalised spear phishing at scale. Deepfake CFO video calls authorising $25M wire transfers. The cost of convincing social engineering has collapsed.
Linear memory without ASLR, Spectre timing channels, cryptomining modules that pass review, and WASM as a malware loader. The security model is real — so are the gaps.
Cache poisoning serves malicious content to every visitor. Cache deception stores private user data on the CDN for anyone to read. Both exploit unkeyed request components.
Weak cipher suites, disabled certificate validation, broken pinning implementations, mTLS bypass, and TLS inspection risks. The padlock icon does not mean encryption is correct.
Extensions with all-sites access read every form, cookie, and page you visit. Supply chain acquisitions push malicious updates to millions. Enterprise controls that actually work.
Structured methodology for AI red teaming — direct jailbreaks, system prompt extraction, indirect injection scenarios, tool abuse, and data exfiltration paths. How to score and report findings.
Systematic API queries reconstruct functional copies of proprietary fine-tuned LLMs. Membership inference reveals training data. Verbatim extraction recovers private content from model memory.
Image scanning finds vulnerabilities. eBPF finds active exploitation — at the kernel level, in real time, from a vantage point malware cannot evade. Falco, Tetragon, seccomp, and how to deploy them.
Correct algorithm, wrong implementation. AES-GCM nonce reuse collapses keystream security. Timing-variable comparisons leak HMAC bytes. Padding oracles decrypt arbitrary ciphertext without the key.
AI coding assistants transmit code context — neighboring files, open tabs, codebase indexes — to remote inference servers. Proprietary logic and credentials in comments go with it.
DNS rebinding converts a victim's browser into a proxy reaching internal services. Cloud DNS hijacking compromises infrastructure at the resolution layer — permanently until detected.
IP-based rate limits collapse against proxy pools. Header spoofing fools proxy-aware implementations. Sliding window flaws allow burst attacks. Here is how to build limits that hold.
Attackers embed malware in npm packages through postinstall hooks, obfuscated payloads, and typosquatted names. Millions of installs happen daily — most teams have no idea what's running at install time.
Attackers don't write obvious malware. They encode payloads in base64, fragment strings, hide behind eval chains, and exploit Unicode homoglyphs. These are the detection patterns that actually work.
Open source libraries are trusted implicitly. Attackers exploit that trust — through maintainer account takeover, slow-burn contribution history building, and changes that slip past rushed code review.
A backdoor doesn't announce itself. It hides in authentication logic, in debug endpoints left active, in hardcoded credentials masked as configuration. These are the patterns, and how to hunt them.
A single keystroke difference. Attackers register misspelled package names, wait for developers to mistype, and collect credentials. Thousands of packages. One typo away from compromise.
Signature-based scanners catch known malware. Novel malware gets through. These are the behavioural indicators, structural anomalies, and contextual signals that betray malicious code regardless of whether it's in any database.
Vibe coding — generating and shipping code without deep understanding — creates a qualitatively new vector for malware injection. The risk isn't that AI writes bad code. It's that developers ship it without reading it.
Researchers have demonstrated that with carefully crafted prompts, poisoned few-shot examples, and context manipulation, LLMs can be steered into generating code containing backdoors, weak cryptography, and covert channels.
AI coding assistants confidently suggest packages that don't exist. Attackers register those names with malicious payloads. Developers who trust AI suggestions and skip verification install malware — and the AI is the delivery mechanism.
AI coding tools generate dependency lists as readily as they generate code. Each AI-suggested package is a supply chain trust decision made without the scrutiny that decision deserves.
AI IDEs have full access to your codebase, credentials, and file system. They execute code. They read documentation from external sources. They respond to instructions embedded in files they read. That's an attack surface.
Code review was designed for humans reviewing code written by other humans. Vibe coding breaks that model. Automated security scanning is the only control that scales with AI-generated code velocity.
We publish one deep-dive per month on application security, IaC scanning, DevSecOps tooling, and vulnerability research. Engineers only.