1d ago · 4 min read · I tore apart CVE-2025-9318 — a critical SQL injection in the Quiz and Survey Master WordPress plugin affecting every version up to 10.3.1. Classic $wpdb concatenation, trivially exploitable by any authenticated subscriber. 🚨 Critical — Patch Now CV...
Join discussion
4d ago · 4 min read · import TOCInline from '@theme/TOCInline'; I shipped a release-audit tool for security_advisories_nl because release news, vulnerability records, and platform status pages are noisy unless you convert them into a clear adopt-or-wait decision. TL;DR...
Join discussion
5d ago · 3 min read · Building AI Agent Workflows That Pass SOC 2 Audits Your AI agent just processed a payment refund. Your SOC 2 auditor asks: "Show me what it did." You have three options: Text logs — "Agent: refund approved. Amount: $500. Status: success." Code revie...
Join discussion5d ago · 3 min read · GitHub Copilot Workspace Is Running Your Code. Who's Auditing It? GitHub Copilot Workspace just shipped autonomous PR creation and code execution. Teams can describe a feature. Copilot creates the code. Runs the tests. Opens the PR. Then what happens...
Join discussion6d ago · 3 min read · Why AI agents need visual documentation — not just automation WebMCP is an emerging W3C proposal for native browser automation. Your AI agents will soon be able to automate browser tasks natively, without external tools. This is great. But it solves ...
Join discussion6d ago · 3 min read · How to Detect Prompt Injection in AI Browser Agents Using Visual Replay Perplexity Comet and Opera Neon are agentic browsers — they give AI full control over your browsing. That's powerful. It's also a new attack surface. Security researchers have id...
Join discussion6d ago · 3 min read · Why Your Agent Can't Read Captchas (And Why That's Actually Good Security) Your AI agent is trying to fill out a form. It encounters a captcha. The agent fails. You interpret this as a limitation. Actually, it's working exactly as intended. The captc...
Join discussion6d ago · 3 min read · Why Your Agent-Extracted Data Is Wrong (And You Don't Know It) Your agent extracted 10,000 customer records from the source system. Extraction complete. Records loaded into your database. Nobody verified the data was correct. This is the data quality...
Join discussion6d ago · 3 min read · How to Manage API Keys and Credentials in AI Agent Workflows Your agent needs to call an API. The API requires authentication. So you give the agent your API key. Then you realize: The agent now has permanent, unaudited access to that service. If the...
Join discussionMar 9 · 10 min read · TL;DR Service accounts are your most dangerous credentials — they have high privileges, never sleep, and authenticate with secrets. If compromised, they bypass your entire security perimeter. This guide walks you through auditing every service accoun...
Join discussion
