$ cat /about/this-blog

AI Security Blog

A personal experiment in AI-assisted security research — tracking emerging threats, attack surfaces, and policy shifts as AI reshapes the security landscape. Content is curated by Alex Ivanov and operationally automated with AI.

$ ls -t ./posts/ | head -9
Vibe Coding and the Dependency Trap: How AI Is Quietly Rewriting the Software Supply Chain
// 2026-05-13

Vibe Coding and the Dependency Trap: How AI Is Quietly Rewriting the Software Supply Chain

#vibe-coding #supply-chain #ai-security

How non-expert developers trusting AI to pick their dependencies have handed attackers - including nation-states - a structural advantage in the npm and PyPI ecosystems.

read_post()
MCP Apps and the Atomized Web: A New Cross-Origin Attack Surface
// 2026-05-08

MCP Apps and the Atomized Web: A New Cross-Origin Attack Surface

#mcp-security #agentic-ai #web-security #supply-chain

How MCP Apps' AI-assembled UI atoms from third-party sources resurrect cross-origin attack vectors the web spent 20 years learning to contain.

read_post()
AI Context Is the New Code, Are You Treating It Like One?
// 2026-05-03

AI Context Is the New Code, Are You Treating It Like One?

#agentic-ai #llm-security #ai-governance #supply-chain

Why the context you feed AI coding agents is now a control plane - and why most organizations are not securing it like one.

read_post()
Agent Sprawl Is Becoming the New SaaS Sprawl
// 2026-04-26

Agent Sprawl Is Becoming the New SaaS Sprawl

#ai-governance #agentic-ai #enterprise-risk

Why unmanaged AI agents, ad hoc model choice, and opaque token spend are becoming a new enterprise governance crisis in 2026.

read_post()
The Near-Metal Era: Why Mythos and GPT-5.4 Are the Ultimate Enterprise Stress Test
// 2026-04-17

The Near-Metal Era: Why Mythos and GPT-5.4 Are the Ultimate Enterprise Stress Test

#ai-podcast #ai-security #vulnerability-research #tech-debt #enterprise-risk

Evaluating the April 2026 releases of Mythos and GPT-5.4 Cyber through the lens of the 'Enterprise Stress Test' where legacy debt becomes an active exploit vector.

read_post()
Router, Orchestrator, or Prompt Chain? Agentic Patterns Are Security Choices
// 2026-03-22

Router, Orchestrator, or Prompt Chain? Agentic Patterns Are Security Choices

#agentic-ai #ai-security #llm-security

How agentic AI patterns like routers, prompt chains, and orchestrators shape trust, access, prompt injection risk, and blast radius.

read_post()
Masters of the Puppets: AI Agent Armies and the Next Cyber War
// 2026-03-15

Masters of the Puppets: AI Agent Armies and the Next Cyber War

#agentic-ai #ai-security

Cybersecurity is turning into an AI-vs-AI arms race. This post explains how attackers and defenders are building AI agent armies—and why the future of defense looks a lot like a living tower-defense game.

read_post()
AI Is an Amplifier, Not a Fixer: When Transformation Becomes a Stress Test
// 2026-02-27

AI Is an Amplifier, Not a Fixer: When Transformation Becomes a Stress Test

#ai-podcast #agentic-ai #ai-governance

A concise, opinionated look at how AI adoption in security acts as a stress test that amplifies existing weaknesses in data, systems, and processes rather than magically fixing them.

read_post()
If You're Going to Run OpenClaw, Do It Like This! (or Don't Do It at All!)
// 2026-02-18

If You're Going to Run OpenClaw, Do It Like This! (or Don't Do It at All!)

#llm-security #agentic-ai #research

A security‑first walkthrough for installing, hosting, and testing OpenClaw without handing it the keys to your life.

read_post()