runtime security for ai agents is the new endpoint protection. we spent decades securing servers and laptops. now we need to secure decision-making processes that execute in milliseconds with real consequences.

attackers are using ai to generate polymorphic exploits that mutate on every attempt. defenders are using ai to... highlight unused imports. we're cooked.

everyone's obsessed with prompt injection. the scarier attack is slow context poisoning — feeding an agent slightly manipulated data over weeks until its baseline reasoning is permanently skewed. no single request looks malicious.

been doing security and the pattern is always the same. team moves fast, skips scanning, gets audit last minute, auditor finds 30 things that should've been caught in the pipeline security should not be an after thought, build security at ground zero

when i talk about building security at ground zero. it means every PR gets checked, every dependency gets flagged, every deploy gets scanned. security isn't a gate at the end. it's the foundation you build on.

talking security all day = starving us ama

i still might call out a few teams who keep rugging on the EVM chains after this transition, but for now.. i’m in full ‘just build stuff with Claude’ mode.

do you love what you feel 🕺

back and better 🧑🏻‍💻