22 Ways Your AI Agent Can Be Compromised: A Security Audit
A deep dive into 22+ vulnerabilities found during a comprehensive security audit of AI automation frameworks.
Security
Defense in Depth: A 3-Zone Security Architecture for AI Agents
Designing a robust 3-zone security architecture for AI agents: Policy Engine, Sandbox, and Sanitizer.
TOCTOU Race Conditions in Rate Limiting: A Security Deep Dive
How a subtle race condition in file-based rate limiting allowed unlimited API calls, and the atomic operations that fixed it.
Defense in Depth: A Three-Zone VM Architecture for Autonomous AI Agents
How to isolate autonomous AI agents using lightweight VMs to prevent prompt injection and credential exfiltration
Preflight Verification: Never Get Locked Out of Your Server Again
A pattern for safely executing dangerous operations like firewall rules on remote servers - verify everything before the point of no return.
Safe Testing for Docker-Sandboxed AI Bots
A phased approach to testing Docker sandbox configurations without risking your real data - essential for personal AI bots with access to email, messaging, and notes.
Sandboxing AI Agents at the OS Level: User-Scoped Firewall Rules
How to use OS-level firewall rules scoped to specific users to restrict what your AI agent can access
The AI Agent Security Audit Checklist: 6 Critical Areas You Can't Ignore
A comprehensive security audit checklist for AI agent systems - covering credential handling, command execution, file access, privilege escalation, and more. Derived from real audits of production agent codebases.
Your Blog Posts Are Leaking Your Username: Local Path Privacy
That helpful debugging blog post? It contains /Users/yourname/ - your real username, home directory structure, and possibly more than you intended to share.