Technical Writing
Tech Blog
Cloud security, identity, infrastructure, and research. Deep dives, tools, and practical guidance.
ISeeMP: What Your AI System Can Actually Be Made To Do
From capabilities to consequences: mapping, testing, and proving exploit paths in MCP-driven AI systems.
Sculpting with Agents: From Prompting to the Agile Agentic Development Life Cycle (AADLC)
How cost pressure, structured baselines, clean context, and multi-model orchestration led to a practical agentic SDLC.
Copy.Fail: When the Kernel Trusts Too Much
A deep dive into CVE-2026-31431 -- a Linux kernel primitive that turns containers into stepping stones, and why seccomp might be your fastest seatbelt.
EleMENTAL
We all understand water. Until we don’t. A reflection on foundations, assumptions, and why security fails in ways we don’t expect.
The Model Isn't the Risk. The Harness Is (Part 3): Defending Against Runtime Abuse
Part 3 of 3. Practical defender guidance, a vendor due-diligence checklist, the final conclusions, and appendices - including a condensed attack tree and a reflection on what this analysis changes about AI security research.
The Model Isn't the Risk. The Harness Is (Part 2): Mapping the Trust Boundaries and the Attack Tree
Part 2 of 3. Five trust boundaries mapped in the leaked Claude Code runtime — and the attack tree that shows how they tear. Credential translation, control-plane abuse, state desync, and why prompt injection is not the whole story.