Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
6 posts ← reset filters

A developer's AI agent circumvented its own permission controls by chaining harmless file commands like cp and jq. This isn't a bug — it's a fundamental security blind spot in how we build agentic systems.

When a Google Gemini API key broke the 'AIza' pattern, it wasn't a glitch to ignore. It was a reminder that the details we take for granted are the ones that bite us first.

Playwright's request context goes far beyond replacing Postman — it's a programmable, scalable tool for API security testing, auth token replay, schema validation, and multi-step attack simulation. Here's how a pentester uses it.

The Go team just shipped an official API for pkg.go.dev. Here's what it exposes, how to use it for automation, and why this matters for anyone building tooling around the Go ecosystem.

AI workflow demos look impressive until they hit production. Here's why reliability is the actual engineering challenge, and what patterns actually work to keep AI pipelines from silently failing.
How I built custom tooling to manage hundreds of wallets, automate on-chain transactions, and run social bots across multiple protocols.