Insights
Engineering, security, and infrastructure — from the perspective of those who live it.
AI Inference FinOps Playbook: 5 Levers in the Right Order
80-90% of AI cost goes to inference. Five measurable levers, in priority order, to cut 50-90% of waste without sacrificing quality.
Claude Code in Your Pipeline: The Structural Hole and Rule of Two
Claude Code GitHub Action exposes credentials via unsandboxed Read tool. Microsoft steals keys in two steps. RyotaK: 50 bypasses. The Rule of Two you need to adopt.
Malicious LLM API Routers: The Invisible Threat Inside Your AI Agents
428 routers tested, 9 injecting code, 1 draining Ethereum. How malicious LLM API routers compromise AI agents without detection.
State of FinOps 2026: 73% Blew Their AI Budget
State of FinOps 2026 data: 73% of organizations exceeded AI budget, only 20% predicted spend within ±10%. FinOps is now technology value management.
iFood Data Breach: 1.2M vs 43M and the Risk They Denied
iFood leaked CPF of 1.2 million users, failed to notify Brazil's ANPD, and claimed no relevant risk. The 36x discrepancy and what it reveals about LGPD enforcement.
Chrome DBSC: session cookie theft is finally over
DBSC binds session cookies to hardware via TPM. Stolen cookies expire without the key. The most significant browser security improvement in years — but it's one layer.
LLM Agent Worms: Zero-Click Propagation Across Frameworks
The first autonomous worm propagating between LLM agents without human interaction. Zero-click, cross-platform, 3 hops. Defense requires a formal theorem.
MemPoison + MCFA: The Memory Attack Surface in LLM Agents
Memory attacks on LLM agents reach 95% success. MemPoison poisons memory, MCFA hijacks control flow. Current defenses are insufficient.
PoisonedSkills: Skill Docs That Make AI Agents Run Malware
PoisonedSkills uses skill documentation to execute payloads in AI coding agents via DDIPE. 33.5% bypass rate. 4 CVEs. Skill registries are the new supply chain.
CVE-2026-41089: One UDP Packet Takes Down Your DC
CVE-2026-41089 in Windows Netlogon allows unauthenticated DoS via UDP 389. CVSS 9.8, active exploitation confirmed. Learn how to protect your DCs.
WP Maps Pro: Backdoor by Design and Full Admin Takeover
CVE-2026-8732 in WP Maps Pro enables unauthenticated admin takeover. CVSS 9.8, 15,800 sites exposed. A frontend nonce is not authentication.
CIFSwitch: 19-Year Kernel Bug Gives Root in 1 Syscall
19-year Linux kernel vulnerability lets any unprivileged user get root via request_key and cifs.upcall. Public PoC. Enterprise servers exposed.
Vercel Bill Shock: Why Headless Without FinOps Fails
38% of headless merchants lost revenue in 90 days. Vercel Pro jumps from $20 to $2,000. FinOps is what separates scale from loss.
GlobalProtect Auth Bypass: Your VPN Perimeter Just Broke
CVE-2026-0257 in PAN-OS GlobalProtect enables authentication bypass with CVSS 9.1. Active exploitation, CISA KEV. Real data from Rapid7 MDR.
CVE-2026-46230: Windows Kernel RCE with SYSTEM via SMB/RDP
CVE-2026-46230 in the Windows kernel enables unauthenticated RCE with SYSTEM via SMB and RDP. CVSS 9.8, public PoC. Learn how to protect your infrastructure.
FortiClient EMS: When Your Antivirus Becomes the Attack
CVE-2026-35616 in FortiClient EMS enables pre-auth API bypass, CVSS 9.1. Attackers push EKZ Stealer via EMS and steal session cookies, bypassing MFA.
PoolSlip and Gogs: Two Zero-Days Exposing Your Infra
CVE-2026-9256 (CVSS 9.2) in NGINX and Gogs zero-day CVSS 9.4 with no patch for 2+ months. Two entry points no one can afford to ignore.
CVE-2026-48172: LiteSpeed CVSS 10.0 and Shared Hosting Risk
CVE-2026-48172 in LiteSpeed cPanel Plugin scores CVSS 10.0 — any tenant becomes root. Why shared hosting breaks by design with this class of vulnerability.
TrapDoor, TanStack and npm: When AI and Registry Become the Attack
TrapDoor plants invisible instructions in .cursorrules. TanStack steals OIDC tokens. 33 npm packages impersonate corporate namespaces. Three vectors, same result.
FinOps for AI: Cost-per-Token and the GPU You Don't Use
73% of AI projects blow their budget. GPU utilization sits at 15-30%. Learn to measure cost-per-token and recover up to half your inference budget.
LLM Self-Replication Worm: From 6% to 81% in One Year
Palisade Research documented the first LLM self-replication worm: 4 hops, 3 continents, zero human intervention. Success rates jumped from 6% to 81% in 12 months.
Prompt Injection Is the New SQL Injection — Now It Leads to RCE
73% of AI deployments have prompt injection. Chatbots leak data via markdown rendering. Semantic Kernel enables RCE via Startup folder. Data and defenses.
WordPress Security Crisis: 11,334 Flaws and the Headless Exit
WordPress hit 11,334 new vulnerabilities in 2025 (+42% YoY). Headless architecture removes the attack surface structurally and cuts LCP by 75%.
Dirty Frag: Deterministic LPE to Root via Container Escape
CVE-2026-43284 + CVE-2026-43500 chain two kernel bugs into a deterministic root shell. AI inference nodes with GPU access are the highest-value targets.
Prompt Injection Is State Poisoning — Your Agent Is Exposed
CoT Forgery and Trojan Hippo prove prompt injection poisons internal model state. The security boundary is in the wrong place. Here is what changes.
SGLang: 4 unpatched RCEs in the AI inference server
Four RCE vulnerabilities in SGLang, the AI inference server running on 400K GPUs — three unpatched and the maintainer ignores CERT/CC.
Defender Zero-Days: When the Protector Becomes the Attack Vector
SYSTEM-privilege CVEs and Microsoft-signed malware prove that blind trust in Defender is the real vulnerability your organization faces.
AI Writes Zero-Days Now — and the Window Collapsed
How AI moved from finding vulnerabilities to writing exploits and self-replicating through them — and why the discovery-to-exploitation window collapsed in 2026.
Supply Chain 2026: When Trust Became the Attack Vector
How SLSA provenance, code signing, and CI/CD became the attack vectors for supply chain attacks in 2026 — and what your company must do now.
Infrastructure AI Needs: Co-Design Is the New Paradigm
NVIDIA invested $40B in infrastructure and Vera Rubin proves it: the AI bottleneck isn't silicon — it's energy, fiber, and orchestration. The data center is the unit of compute.
Drupal SQL Injection: When the Abstraction Fails
CVE-2026-9082 exposed SQL injection in Drupal's abstraction API. 15K attacks in 48h. The patch was one line. Lessons on blind trust in frameworks.
NGINX Rift: 18-Year Bug Found by AI in 6 Hours
CVE-2026-42945: heap overflow in NGINX since 2008. AI found it in hours; patching thousands of instances takes weeks. The asymmetry that changes everything.
SEO for AI: Google's Official Guide That Changes Everything
Google published the definitive SEO guide for AI search. The message: there is no AEO or GEO. The same fundamentals that worked in 2020 work in AI Mode today.
PROMPTSPY: the Android malware that uses AI to operate your phone
The first Android malware powered by generative AI reads your screen, thinks, and acts autonomously. Technical analysis and defense strategies.
NATS as C2: When Your Infrastructure Becomes the Weapon
Attackers use NATS pub/sub as an invisible C2 channel. Learn how to detect and block malicious traffic disguised as legitimate microservice communication.
Containers Don't Isolate Workloads: CopyFail & DirtyFrag
Page cache CVEs collapse container isolation in Kubernetes. Why patches aren't enough and which architecture actually solves it.
AI FinOps: Model Selection Is Unit Economics
Paying 42x more for 0.6% better benchmarks is capital waste. Learn how to select AI models based on real cost and throughput per dollar.
The Harness Beats the Model — Claude Code Architecture
Claude Code has 1,900 TS files. Only 1.6% is AI logic. The other 98.4% is control infrastructure — and that's what separates reliable agents from demos.