writing
thoughts on applied AI, infrastructure, and building real systems
featured
apps are the flywheel, data is the asset — building a portfolio of AI apps? bet on the data
the three-party identity problem in mcp servers — the architectural challenge every agent system hits
is claude code secure? — secrets, prompt injection, and the real weak link
all posts
-
your ai agents are acting on behalf of your users
and your backend systems have no idea who they are
-
the governance controls existed
they lived inside the system that failed
-
openclaw just shipped 40+ security fixes. here's what changed.
here's what they patched, why it matters, and what it means for teams deploying AI agents in production.
-
i scanned 20+ security tools on ClawHub
here's what each one does, where they overlap, and which ones to actually install
-
we scanned every skill on clawhub. here's what we found.
a static analysis of 7,522 AI agent skills using regex pattern matching
-
what tools is your openclaw agent using?
gatewaystack governance — identity, scope, rate limiting, injection detection, and audit logging for every tool call
-
someone forked my AI governance repo to distribute malware
a real supply chain attack on an open-source AI security project, and what it says about trust
-
don't trust the parrot
the three-party problem in agentic AI, explained with a bird
-
apps are the flywheel, data is the asset
building a portfolio of AI apps? bet on the data
-
i automated my build logs with AI
how i use gemini to turn claude code transcripts into daily build logs
-
is claude code secure?
first impressions on secrets, prompt injection, and the real weak link
-
how ai exposes poorly defined human systems
automate informal systems at your peril
-
what does 'relevant context' really mean for LLM applications?
want to know? learn from a human
-
user identity isn't a first-order AI system design principle
and why this is as a fundamental architectural mistake
-
resourcing genai initiatives
don't resource genAI projects. resource learning
-
prioritizing genai initiatives
portfolio theory for genai
-
sourcing genai initiatives
practical advice to fill the top of your genai funnel
-
most genAI initiatives never make it from pilot to production
and why that's expected and okay
-
does your team use llms securely?
why chatgpt enterprise alone isn't sufficient
-
how is an llm like a financial advisor?
mcp servers are three party systems
-
1-line jwt/jwks verification for mcp backends
npm i identifiabl — deploying gatewaystack's first layer into production
-
the three-party identity problem in mcp servers
thoughts around an agentic control plane for ai model access
-
apps sdk vs mcp vs normal apis
my mental model for understanding the emerging AI app ecosystem
-
building an AI backend for early-stage products
how i think about moving from idea to architecture to production for modern early-stage AI systems
-
validating AI workflows with no-code mvps
a simple approach to proving a problem exists before investing in engineering