TToxSecintoxsec.hashnode.dev·1d ago · 8 min readAI Tar Pits Are Drowning LLM Scrapers in Infinite GarbageTL;DR: AI tar pits trap LLM scrapers in an infinite loop of machine-generated junk, burning their compute and feeding poison into the training set. Nepenthes started it, Iocaine sharpened it, and Clou00
TToxSecintoxsec.hashnode.dev·May 29 · 7 min readAI Sandbox Escape: Why Docker Can’t Hold Frontier ModelsTL;DR: Frontier models escape Docker sandboxes through known CVEs for the cost of an API call. Production sandboxes leak through workflow injection (n8n CVE-2026-25049) and OCI hook misconfigurations 00
TToxSecintoxsec.hashnode.dev·May 22 · 9 min readHow to Threat Model AI Applications With STRIDETL;DR: STRIDE was built for traditional software. AI systems break its assumptions in six places at once. STRIDE-AI remaps the six threat categories to ML assets, prompt pipelines, agent tool chains, 00
TToxSecintoxsec.hashnode.dev·May 18 · 11 min readCIA Triad for LLM Security: Real-World AI Attack FailuresTL;DR: The CIA triad still applies to LLM security, and every major documented AI attack failure to date breaks one of its three legs. Confidentiality leaks system prompts and chat history. Integrity 00
TToxSecintoxsec.hashnode.dev·Apr 3 · 7 min readHardcoded Secrets in AI-Generated Code: Catch Them Before Git DoesTL;DR: AI coding tools hardcode credentials because that’s what “working code” looked like in their training data. Every model has its own favorite placeholder secrets, and they ship to production if 00
