From the blog
Security, cost, and architecture insights from building AI infrastructure.
43% of MCP server configs on GitHub use bare shell execution instead of scoped packages. What that means for prompt injection, sandbox escapes, and your filesystem.
Read article →LiteLLM supply chain attack traced from Trivy to KICS to PyPI. 100 million monthly downloads compromised. Full attack chain analysis with timeline.
Read article →$47,000 from an agent loop. 43,175 restarts overnight. 2.5 years of data wiped. Real incidents from OpenClaw, Claude Code, Cursor, Replit, and VS Code Copilot.
Read article →OpenClaw has 92 security advisories. Cursor ships 94 unpatched Chromium CVEs. Claude Code's sandbox got bypassed by its own reasoning. We compared all three across 10 dimensions using independent data.
Read article →A comparison of SDK-based and proxy-based AI agent governance. Some limitations aren't engineering problems. They're architectural constraints.
Read article →Between February 20 and 28, hackerbot-claw systematically hit Microsoft, DataDog, Trivy, and four others. A reconstruction of how it worked and what it exploited.
Read article →We scanned 900+ MCP configurations on GitHub. 75% failed basic security checks.
Read article →