$ cat /about/this-blog

AI Security Blog

A personal experiment in AI-assisted security research — tracking emerging threats, attack surfaces, and policy shifts as AI reshapes the security landscape. Content is curated by Alex Ivanov and operationally automated with AI.

$ ls -t ./posts/ | head -9
Shipped Clean, Broke Later: Pick Your Language, Pick Your Debt
// 2026-07-13

Shipped Clean, Broke Later: Pick Your Language, Pick Your Debt

#ai-security #llm-security

AI-generated code often ships clean and then breaks later. This post explains why, and how your language choices and Python safety stack change the maintenance and security bill.

read_post()
The Illusion of Control: Why Government Regulation Can't Tame the Non-Deterministic AI Beast
// 2026-06-26

The Illusion of Control: Why Government Regulation Can't Tame the Non-Deterministic AI Beast

#ai-governance #llm-security

LLMs are non-deterministic by design. Anthropic wants government power to slow or block frontier model releases while capability extraction is allegedly happening through API access. Here's why the current framework does not match the real attack surface.

read_post()
Agents Are in Production. Your Controls Probably Aren't.
// 2026-06-06

Agents Are in Production. Your Controls Probably Aren't.

#agentic-ai #ai-security

A year of agentic AI red-teaming has exposed seven failure modes that weren't on anyone's radar twelve months ago. Here's how to triage them by where your team actually sits today.

read_post()
Vibe Coding and the Dependency Trap: How AI Is Quietly Rewriting the Software Supply Chain
// 2026-05-13

Vibe Coding and the Dependency Trap: How AI Is Quietly Rewriting the Software Supply Chain

#ai-security #threat-intel

How non-expert developers trusting AI to pick their dependencies have handed attackers - including nation-states - a structural advantage in the npm and PyPI ecosystems.

read_post()
MCP Apps and the Atomized Web: A New Cross-Origin Attack Surface
// 2026-05-08

MCP Apps and the Atomized Web: A New Cross-Origin Attack Surface

#agentic-ai #llm-security #threat-intel

How MCP Apps' AI-assembled UI atoms from third-party sources resurrect cross-origin attack vectors the web spent 20 years learning to contain.

read_post()
AI Context Is the New Code, Are You Treating It Like One?
// 2026-05-03

AI Context Is the New Code, Are You Treating It Like One?

#agentic-ai #llm-security #threat-intel

Why the context you feed AI coding agents is now a control plane - and why most organizations are not securing it like one.

read_post()
Agent Sprawl Is Becoming the New SaaS Sprawl
// 2026-04-26

Agent Sprawl Is Becoming the New SaaS Sprawl

#ai-governance #agentic-ai

Why unmanaged AI agents, ad hoc model choice, and opaque token spend are becoming a new enterprise governance crisis in 2026.

read_post()
The Near-Metal Era: Why Mythos and GPT-5.4 Are the Ultimate Enterprise Stress Test
// 2026-04-17

The Near-Metal Era: Why Mythos and GPT-5.4 Are the Ultimate Enterprise Stress Test

#ai-podcast #ai-security

Evaluating the April 2026 releases of Mythos and GPT-5.4 Cyber through the lens of the 'Enterprise Stress Test' where legacy debt becomes an active exploit vector.

read_post()
Router, Orchestrator, or Prompt Chain? Agentic Patterns Are Security Choices
// 2026-03-22

Router, Orchestrator, or Prompt Chain? Agentic Patterns Are Security Choices

#agentic-ai #ai-security #llm-security

How agentic AI patterns like routers, prompt chains, and orchestrators shape trust, access, prompt injection risk, and blast radius.

read_post()