The Agent Did What?!

Last week I wrote about an attack surface that’s becoming more and more important: routing and orchestration layers that accumulate credentials and privilege while operating below the security threshold anyone has actually set for them. LiteLLM was the clearest example: a routing library holding API keys for every model it touches, compromised through PyPI, 4TB exfiltrated from Mercor. The argument was that these layers are trusted implicitly yet also monitored poorly, and that the security failures compromising them aren’t new.

security ai agents supply-chain zkml infrastructure

Familiar Security Failures, AI Acceleration

The near-term AI security problem is not only model behavior. It is the routing, scanning, and orchestration layers that now sit in privileged positions across real systems.

security ai infrastructure supply-chain enterprise

The Loop is Closed. The Oversight is Not.

Adding a human review step to AI-assisted development is the right immediate response. The problem is what happens when organizations treat it as the destination.

security AI governance engineering agents

Musings

I remember that I still have a website, and capture some observations since I last posted

personal insight

Enjoying Typescript

I remembered I like this stuff.

tech typescript