Agentic Systems
An AI Agent Just Pwned Trivy, Microsoft, and DataDog in One Week
An autonomous AI agent scanned 47,000+ repositories, identified vulnerable CI/CD configurations, and compromised projects from Microsoft, DataDog, and Aqua Security using five distinct techniques. The only target that survived was defended by another AI agent.
Enterprise Security
88% of You Have Already Had an AI Agent Security Incident. The Other 12% Probably Don’t Know Yet.
Gravitee surveyed 900+ executives and found 88% reported AI agent security incidents, while 82% believed their policies were adequate. The gap between executive confidence and operational reality is the most dangerous metric in enterprise AI security right now.
Agentic Systems
The npm Nightmare Just Repeated Itself in AI Agents. It’s Worse This Time.
1,184 malicious skills infiltrated ClawHub, the plugin marketplace for the OpenClaw agent framework, reaching 20% of the ecosystem in weeks. Unlike npm packages, agent plugins run with full system permissions. The supply chain playbook broke because the blast radius changed.
Machine Identity
The Trust Boundary Problem: Identity Architecture for Autonomous AI
As AI agents move from assistants to autonomous actors, they don't just need permission to act. They need identity.
Enterprise Security
AI Security Fundamentals: An Architectural Playbook
An architectural foundation for AI security covering the mechanisms that matter, emerging protocols, and the failure modes that appear when teams focus on the model while ignoring the system.
Enterprise Security
Palo Alto’s Unit 42 Just Found a Way to Hijack AI Agent Conversations - And Your Users Can’t See It Happening
In November 2025, Palo Alto Networks’ Unit 42 research team published a new attack technique they called “Agent Session Smuggling.” The attack exploits a fundamental property of multi-agent systems: agents remember their recent conversations.
Enterprise Security
MCP Just Got a New Home at the Linux Foundation - But Its Security Debt Followed It There
The protocol arrives at its new home carrying five critical CVEs from its first year, a 36.7% SSRF prevalence rate across its ecosystem, and an authentication architecture that the specification itself had to retroactively mandate.
AI in Production
What 170,000 Users Taught Me About AI Trust at Scale
What I learned over the next three years, serving 170,000 users across dozens of products, changed my understanding of what AI systems actually need to work.
Agentic Systems
What 3 AM War Rooms Taught Us About Designing Multi-Agent AI
We went from “trust me” AI to “show me” AI. And that distinction, it turns out, is what makes engineers willing to actually use the system instead of just running their own investigation in parallel.
Enterprise Security
36.7% of MCP Servers May Be Vulnerable to SSRF - The Supply Chain Crisis Nobody's Talking About
Analysis suggests over a third of MCP servers may be vulnerable to server-side request forgery. The MCP ecosystem has a supply chain problem: rapid adoption without security review created a vulnerability surface that scales with every new deployment.
Trustworthy AI
Researchers Just Proved That Making AI Agents Collaborate Better Makes Them Leak More Data
Every connection between AI agents creates both capability and exposure. The trust-vulnerability paradox formalizes what practitioners have observed: multi-agent collaboration scales risk faster than it scales value without trust budgeting.
Agentic Systems
The First AI-Orchestrated Cyberattack Changed Everything We Thought We Knew About Autonomous Threats
Anthropic disclosed the first documented case of AI autonomously orchestrating a cyberattack sequence. This isn't a theoretical risk anymore. The shift from AI-assisted to AI-orchestrated attacks changes the threat model fundamentally.
AI Governance
The EU AI Act’s Second Deadline Just Created a Vendor Problem Nobody Planned For
EU AI Act Phase 2 enforcement makes GPAI transparency requirements binding. If your LLM vendor can't document training data provenance, energy consumption, and downstream risk, their compliance problem becomes your compliance problem.
AI Governance
Governance Is Not a Tax: Trust as Competitive Advantage
In the AI era, treating governance as a design constraint enhances speed and trust. Organizations embracing architectural governance gain a competitive edge, fostering transparency and accelerating deployment.
AI in Production
From 50% to 95%: How We Taught AI to Read Relationships Instead of Documents
We’d tuned embedding models. Our retrieval was pulling semantically relevant passages. The LLM was generating fluent, well-structured answers. And half of them were wrong.
Agentic Systems
Two Critical CVEs Just Blew Open the MCP Ecosystem, And Developers Were the Target
Two critical vulnerabilities in MCP reference implementations confirm what the security community warned about: protocol-level design gaps become exploitable at scale. The CVEs aren't edge cases. They're structural consequences of shipping without security mandates.
Machine Identity
MCP Gets OAuth 2.1, Six Months Too Late, and Thousands of Servers Already Deployed Without It
MCP's OAuth 2.1 integration addresses the authentication gap, but 13,000 servers were deployed during the six months it was optional. Security debt doesn't vanish when you update a spec. It persists in every system built before the fix.
AI in Production
The Feature Nobody Asked For That Customers Loved Most
If you’re building AI-powered experiences: don’t assume the most sophisticated feature will be the most valued one. Watch what users actually struggle with.
