SCSuny Choudhary·Jun 822Are AI support agents becoming a new account takeover risk?The Meta AI support issue is a useful warning for anyone building AI agents into support workflows. The problem is not AI support itself. The problem starts when AI can trigger sensitive actions like OOffloadly and 1 more commented
HSHarsh Sonkar·Jun 311Why I Stopped Using .env Files (And Built a Zero-Disk Go CLI Instead)You know the freeze. git push, then half a second later: wait — is .env actually in .gitignore? The .env file is how most of us handle secrets locally, and it's a mess. Plaintext. Sits on laptops foreHHarsh commented
SCSuny Choudhary·May 2700Enterprise AI adoption is moving faster than security visibility.Most teams measure AI productivity, ROI, and speed. But very few measure the hidden debt building underneath: • Unknown AI tools• Untracked prompts• Invisible context retention• Plugin exposure• DiscoJoin discussion
EMEnmanuel Magallanes·May 1920Read-Only mode for MCP is to easy to bypass"Read-only" in MCP setups is often just a suggestion — enforced by docs, prompts, or trust in the agent. In practice, that’s easy to bypass. Heimdall MCP (a transparent MCP proxy) takes a different apJoin discussion
SCSuny Choudhary·May 1420Are AI agents becoming a new identity layer inside enterprise systems?I just published a piece on why AI agents may create the next IAM problem. Most IAM models were built for humans, service accounts, and predictable applications. But AI agents behave differently. TheyJoin discussion
JSJame ssmite·May 623How do you handle API authentication securely in production apps?Hi everyone,I’m working on a web application and I want to understand the best practices for handling API authentication in production. What are the most secure methods you recommend (JWT, OAuth, sessMRMatias and 2 more commented
VOVarsha Ojha·Apr 3030Your AI-Built App Might Already Be Exposed (Lovable/Bolt/v0 incident)The April 2026 Lovable incident left apps open for 48 days. Source code. API keys. User data. No hacking required. If you built with Lovable, Bolt, or v0: There’s a real chance your app has: Exposed Join discussion
SCSuny Choudhary·Apr 2930Multi-LLM Systems Feel Safer. In Production, They DriftMost teams think adding multiple LLMs makes their system more reliable. In production, it often does the opposite. Each model behaves differently.Different safety filters, different context handling, Join discussion
JKJay K Shenawy·Apr 1902Custom Security Review agents for your PRs (browser extension)Hello peer developers, I’m sharing a workflow I built over the past few weeks that has made our pull request security reviews more consistent and more actionable. ThinkReview is a browser extension thAArchit and 1 more commented
DJDhruv Joshi·Apr 210Axios got compromised. Here’s the reminder every JavaScript developer needed.If you’re a JavaScript developer, this week’s Axios supply-chain incident is a brutal reminder of one thing: Your app is only as safe as the packages you trust blindly. Elastic Security Labs reported Join discussion
