Blog

Security insights & research

Deep dives into AI security, offensive techniques, compliance frameworks, and emerging threats.

LAPSUS$ Is Back, and They're Going After Pharma Now

LAPSUS$ claimed a hit on AstraZeneca - AWS keys, code repos, employee data - and they're selling, not leaking. Here's what that shift tells you.

March 26, 2026 4 min read

AI Securityllm-securityCI/CDSupply Chain

Your AI Stack Has a Supply Chain Problem - and TeamPCP Just Proved It

The first confirmed supply chain attack on a core LLM routing library landed today. It won't be the last.

March 24, 2026 5 min read

CI/CDnpmopen-source-securitySupply Chain

Your Vulnerability Scanner Just Became the Vulnerability

The Trivy supply chain compromise didn't stop at stealing CI/CD secrets. It spawned a self-propagating worm across npm - and it uses blockchain for C2.

March 23, 2026 4 min read

OpenClawAgentic AIPrompt InjectionChina

China Restricted OpenClaw at Banks and Government Agencies

CNCERT issued two warnings in two days, and state banks started banning it from office computers.

March 16, 2026 4 min read

Agentic AIAI SecurityPrompt InjectionZero Trust

Nobody Is Securing Their AI Agents

Everyone is building AI agents. Almost nobody is securing them. Here's what that actually looks like.

March 13, 2026 2 min read

Agentic AIAI SecurityClawSecPrompt InjectionFile IntegritySupply Chain

ClawSec: Security Monitoring for AI Agents

Most AI agent security is an afterthought. ClawSec is what happens when you build monitoring for agent systems the way you'd build it for production infrastructure.

March 12, 2026 4 min read

Claude CodeSecure SDLCAI Security

I Use Claude Code Every Day. I Also Don't Fully Trust It.

Claude Code is genuinely useful. It also has an attack surface most people haven't thought about yet.

March 11, 2026 3 min read