Blog

Essays on building and breaking systems — threat models, LLM risks, API abuse, and the craft of shipping defensive software.

May 27, 20265 min readFeatured

Prompt Injection Grew Up

Indirect prompt injection has moved from research demos to real CVEs in Microsoft 365 Copilot, GitHub Copilot, Cursor, and Claude connectors. A short read on where the threat actually stands now.

AI Security
LLM
AppSec
Offensive Security

May 23, 20265 min read

SSRF in PDF and HTML Rendering Pipelines: What Puppeteer-Style Services Get Wrong

Why headless-browser renderers quietly become one of the most powerful SSRF primitives in your stack, and how to think about controls before the next 'just render this URL' feature ships.

AppSec
Offensive Security

Mar 25, 20265 min readFeatured

Tokenization Attacks: The AI Security Risk Almost Nobody Models

Why retrieved text is not just ‘untrusted input’ but an attacker-controlled instruction channel when your model can call tools — and how to think about controls without magical safety guarantees.

AI Security
LLM
Offensive Security
AppSec