Writing

Notes on AI agent security, LangGraph hardening, and the parts of building with LLMs that don't get enough attention.

★ Ongoing blog series
1. LangGraph Agent Security: What I Wish Someone Had Told Me Before I Started

What I wish someone had told me about securing LangGraph agents before I started building them.

18 min read May 2026
8. State and Memory Security: Protecting the Agent's Working Memory

State and memory security for LangGraph agents — trust-tiered schemas, immutable trusted context, encrypted checkpoints with integrity verification, namespaced long-term memory, and cross-session isolation.

security 12 min
May 2026
From Prompt to Skills to Harness

Three terms that emerged as LLM chats grew into agents — what each one means, when it applies, and how the workflow shifts from prompt engineering to harness engineering.

ai 2 min
May 2026
7. Tool Security: Defending the Point Where Language Becomes Action

Tool security for LangGraph agents — least privilege, parameterized interfaces, SSRF and path-traversal protection, sandboxing, output validation, and the anti-patterns to actively avoid.

security 11 min
Apr 2026
Nine seconds is all it takes

A Claude agent deleted PocketOS's production database in nine seconds. The fix isn't a better system prompt — it's a deterministic gate between the agent's tool-call decision and the API actually firing.

ai 8 min
Apr 2026
6. Input Validation for LangGraph Agents: Why "Just Validate the Input" Is Harder Than It Sounds

Input validation for LangGraph agents — why the classical framing breaks down on natural language, and what actually works across user, retrieval, and state channels.

security 14 min
Apr 2026
AI Agent vs. Scripts vs. Intent-based Bots

Agents, scripts with LLMs, and intent-based bots look similar from the outside. The real difference is where control lives — and what that costs you.

ai 2 min
Apr 2026
5. Threat Modeling for LangGraph Agents: Why STRIDE Needs an Upgrade

Adapting STRIDE for LangGraph agents — where standard threat modeling breaks down, and how to produce a model that ships controls instead of artifacts.

security 19 min
Apr 2026
4. Core Threat Categories: What Attackers Actually Do to LangGraph Agents

Seven threat categories attackers use against LangGraph agents — how they work mechanically, and what to look for.

security 18 min
Apr 2026
2. LangGraph Architecture Primer: Understanding the Machine Before You Secure It

Understanding LangGraph's architecture before you try to secure it.

security 15 min
Apr 2026
Thoughts on Agent Frameworks

A quick tour of the major agent frameworks — what they give you, what they cost, and when to skip them.

ai 2 min
Apr 2026
3. Mapping the Attack Surface: Everything Your Agent Reads Can Hurt You

Every channel through which adversarial content can reach a LangGraph agent — thirteen attack surfaces, mapped.

security 15 min
Apr 2026
Openclaw and Bleeding Edge

Openclaw shows what AI agents can do, but also highlights the rough edges and security concerns that need addressing.

ai 2 min
Apr 2026
The Claude Code Leak

Claude Code’s source code was leaked via a source map file. Here’s what happened.

ai 3 min
Apr 2026
Everybody is a Manager

AI has turned everybody into managers. Here's how to stay effective.

ai 2 min
Mar 2026
The LiteLLM Fiasco

LiteLLM was compromised in a supply chain attack. Here's what happened and what it means.

ai 3 min
Mar 2026
My Podcast Player and Ads Revenue Model

Vibe coding a podcast player got me thinking about the future of software and ads.

ai 3 min