TToxSecintoxsec.hashnode.dev·Jun 28 · 5 min readWhat Breaks When a Frontier Model Treats Every Defender Like a SuspectPicture the workflow. There's a CVE out, it's public, it touches a service you run. Before you trust the vendor patch you want to reproduce the bug, confirm your version is affected, then confirm the 00
TToxSecintoxsec.hashnode.dev·Jun 26 · 6 min readDecision Tracing: The Missing Piece in Every AI Agent BreachTL;DR: AI agent incident response is the part nobody instrumented for. When an agent goes off the rails at 2am, the questions are what it did, why, and what it touched, and most teams can’t answer one00
TToxSecintoxsec.hashnode.dev·Jun 22 · 8 min readAI Tar Pits Are Drowning LLM Scrapers in Infinite GarbageTL;DR: AI tar pits trap LLM scrapers in an infinite loop of machine-generated junk, burning their compute and feeding poison into the training set. Nepenthes started it, Iocaine sharpened it, and Clou00
TToxSecintoxsec.hashnode.dev·May 29 · 7 min readAI Sandbox Escape: Why Docker Can’t Hold Frontier ModelsTL;DR: Frontier models escape Docker sandboxes through known CVEs for the cost of an API call. Production sandboxes leak through workflow injection (n8n CVE-2026-25049) and OCI hook misconfigurations 00
TToxSecintoxsec.hashnode.dev·May 22 · 9 min readHow to Threat Model AI Applications With STRIDETL;DR: STRIDE was built for traditional software. AI systems break its assumptions in six places at once. STRIDE-AI remaps the six threat categories to ML assets, prompt pipelines, agent tool chains, 00