$ cat /about/this-blog

AI Security Blog

A personal experiment in AI-assisted security research — tracking emerging threats, attack surfaces, and policy shifts as AI reshapes the security landscape. Content is curated by Alex Ivanov and operationally automated with AI.

$ ls -t ./posts/ | head -9
The Illusion of Control: Why Government Regulation Can't Tame the Non-Deterministic AI Beast
// 2026-06-26

The Illusion of Control: Why Government Regulation Can't Tame the Non-Deterministic AI Beast

#ai-regulation #llm-safety #frontier-ai #ai-policy

LLMs are non-deterministic by design. Anthropic wants government power to slow or block frontier model releases while capability extraction is allegedly happening through API access. Here's why the current framework does not match the real attack surface.

read_post()
Agents Are in Production. Your Controls Probably Aren't.
// 2026-06-06

Agents Are in Production. Your Controls Probably Aren't.

#agentic-ai #ai-red-team #ai-security #owasp

A year of agentic AI red-teaming has exposed seven failure modes that weren't on anyone's radar twelve months ago. Here's how to triage them by where your team actually sits today.

read_post()
Vibe Coding and the Dependency Trap: How AI Is Quietly Rewriting the Software Supply Chain
// 2026-05-13

Vibe Coding and the Dependency Trap: How AI Is Quietly Rewriting the Software Supply Chain

#vibe-coding #supply-chain #ai-security

How non-expert developers trusting AI to pick their dependencies have handed attackers - including nation-states - a structural advantage in the npm and PyPI ecosystems.

read_post()
MCP Apps and the Atomized Web: A New Cross-Origin Attack Surface
// 2026-05-08

MCP Apps and the Atomized Web: A New Cross-Origin Attack Surface

#mcp-security #agentic-ai #web-security #supply-chain

How MCP Apps' AI-assembled UI atoms from third-party sources resurrect cross-origin attack vectors the web spent 20 years learning to contain.

read_post()
AI Context Is the New Code, Are You Treating It Like One?
// 2026-05-03

AI Context Is the New Code, Are You Treating It Like One?

#agentic-ai #llm-security #ai-governance #supply-chain

Why the context you feed AI coding agents is now a control plane - and why most organizations are not securing it like one.

read_post()
Agent Sprawl Is Becoming the New SaaS Sprawl
// 2026-04-26

Agent Sprawl Is Becoming the New SaaS Sprawl

#ai-governance #agentic-ai #enterprise-risk

Why unmanaged AI agents, ad hoc model choice, and opaque token spend are becoming a new enterprise governance crisis in 2026.

read_post()
The Near-Metal Era: Why Mythos and GPT-5.4 Are the Ultimate Enterprise Stress Test
// 2026-04-17

The Near-Metal Era: Why Mythos and GPT-5.4 Are the Ultimate Enterprise Stress Test

#ai-podcast #ai-security #vulnerability-research #tech-debt #enterprise-risk

Evaluating the April 2026 releases of Mythos and GPT-5.4 Cyber through the lens of the 'Enterprise Stress Test' where legacy debt becomes an active exploit vector.

read_post()
Router, Orchestrator, or Prompt Chain? Agentic Patterns Are Security Choices
// 2026-03-22

Router, Orchestrator, or Prompt Chain? Agentic Patterns Are Security Choices

#agentic-ai #ai-security #llm-security

How agentic AI patterns like routers, prompt chains, and orchestrators shape trust, access, prompt injection risk, and blast radius.

read_post()
Masters of the Puppets: AI Agent Armies and the Next Cyber War
// 2026-03-15

Masters of the Puppets: AI Agent Armies and the Next Cyber War

#agentic-ai #ai-security

Cybersecurity is turning into an AI-vs-AI arms race. This post explains how attackers and defenders are building AI agent armies—and why the future of defense looks a lot like a living tower-defense game.

read_post()