EMEnmanuel Magallanes·4d ago20Read-Only mode for MCP is to easy to bypass"Read-only" in MCP setups is often just a suggestion — enforced by docs, prompts, or trust in the agent. In practice, that’s easy to bypass. Heimdall MCP (a transparent MCP proxy) takes a different apJoin discussion
SCSuny Choudhary·May 1420Are AI agents becoming a new identity layer inside enterprise systems?I just published a piece on why AI agents may create the next IAM problem. Most IAM models were built for humans, service accounts, and predictable applications. But AI agents behave differently. TheyJoin discussion
JSJame ssmite·May 623How do you handle API authentication securely in production apps?Hi everyone,I’m working on a web application and I want to understand the best practices for handling API authentication in production. What are the most secure methods you recommend (JWT, OAuth, sessMRMatias and 2 more commented
VOVarsha Ojha·Apr 3030Your AI-Built App Might Already Be Exposed (Lovable/Bolt/v0 incident)The April 2026 Lovable incident left apps open for 48 days. Source code. API keys. User data. No hacking required. If you built with Lovable, Bolt, or v0: There’s a real chance your app has: Exposed Join discussion
SCSuny Choudhary·Apr 2930Multi-LLM Systems Feel Safer. In Production, They DriftMost teams think adding multiple LLMs makes their system more reliable. In production, it often does the opposite. Each model behaves differently.Different safety filters, different context handling, Join discussion
JKJay K Shenawy·Apr 1902Custom Security Review agents for your PRs (browser extension)Hello peer developers, I’m sharing a workflow I built over the past few weeks that has made our pull request security reviews more consistent and more actionable. ThinkReview is a browser extension thAArchit and 1 more commented
DJDhruv Joshi·Apr 210Axios got compromised. Here’s the reminder every JavaScript developer needed.If you’re a JavaScript developer, this week’s Axios supply-chain incident is a brutal reminder of one thing: Your app is only as safe as the packages you trust blindly. Elastic Security Labs reported Join discussion
TATanzeel Ahmed Siddiqui·Mar 2612Architecture deep-dive: We found 135,000 exposed AI Agents in the wildThe shift toward agentic workflows is incredible, but the infrastructure side is completely broken right now. Coming from a 17-year background in cybersecurity, we naturally look at new tech through aMTDhruv and 1 more commented
JMJake Morrison·Feb 2520Spent three days debugging CORS with CSP and finally got it rightOur SPA kept mysteriously failing on production. CORS errors in the console, CSP violations in the Network tab. Different errors on different endpoints. Turned out we were cargo-culting CSP headers wiJoin discussion
APAlex Petrov·Feb 2562We shipped an auth layer in Go that silently dropped JWT validation errorsLast week we had an outage where our API was accepting requests with invalid or missing signatures for about 90 minutes. A junior dev added a .IsValid() check but forgot to actually return early on faPJPriya and 1 more commented
