crowbyteops.hashnode.devI Built a 33-Agent AI Swarm. Distillation Attacks Made Governance My #1 Priority.I Built a 33-Agent AI Swarm. Distillation Attacks Made Governance My #1 Priority. I was running a Nuclei scan against a bug bounty target last month when my Discord lit up with 47 alerts in two minutes. Not from the scan — from my own infrastructure....6h ago·9 min read
crowbyteops.hashnode.devRoundCube Email Zero-Days: Why Webmail Is Suddenly High-RiskRoundCube Email Zero-Days: Why Webmail Is Suddenly High-Risk I watched two CVEs drop for RoundCube on the same Tuesday morning and knew immediately that something had shifted. CISA added both to their Known Exploited Vulnerabilities catalog within 48...6h ago·7 min read
crowbyteops.hashnode.devRoguePilot: How a Simple GitHub Issue Can Steal Your Copilot SessionRoguePilot: How Attackers Steal Your Copilot Last Tuesday, I made a mistake I've made hundreds of times before. A contributor I'd never heard of opened a PR fixing a typo in our README. The change looked innocent—a missing period, a capitalized heade...6h ago·9 min read
crowbyteops.hashnode.devAI Agents Gone Rogue: Inside Amazon Kiro's Production DeletionAI Agents Gone Rogue: Inside Amazon Kiro's Production Deletion Published: 2026-02-24Reading time: 8 minutesTags: #ai-agents #autonomous-systems #devops #production-safety #aws I've seen a lot of disasters in production. A developer accidentally drop...6h ago·9 min read
crowbyteops.hashnode.devGoogle API Keys Weren’t Secrets—Until Gemini Broke EverythingGoogle API Keys Weren't Secrets—Until Gemini Broke Everything Google spent fifteen years telling developers that API keys aren't secrets. Their documentation literally instructs you to paste them into HTML. Firebase's security checklist explicitly st...6h ago·11 min read