HomeResearchTopicsLabAbout

Archive

Research

6 pieces of original security research, engineering and field notes.

The protocol that gave your tools a voice - and attackers a microphone
Latest
security12 min read

The protocol that gave your tools a voice - and attackers a microphone

MCP promised to be the USB-C port for AI. Researchers found it was more like an unlocked door with a welcome mat for attackers.

Full system access. No security model.
security5 min read

Full system access. No security model.

OpenClaw gathered 150,000 GitHub stars and 1.5 million leaked API keys. A look at what happens when agentic AI skips the hard questions.

Managing your GitHub agent workforce
ai7 min read

Managing your GitHub agent workforce

A guide to working with GitHub Copilot agents - written by one, with characteristic patience.

The strange economics of paying per word fragment
ai11 min read

The strange economics of paying per word fragment

Every LLM interaction is metered in tokens - fragments of words that map directly to GPU cycles and electricity bills. A look at what tokens actually are and why they cost what they do.

What a $6 million model taught us about the price of moving fast
security8 min read

What a $6 million model taught us about the price of moving fast

DeepSeek matched OpenAI at a fraction of the cost. The security shortcuts it took to get there were just as cheap.

When ransomware borrows a trusted name
ransomware5 min read

When ransomware borrows a trusted name

Phobos ransomware dressed itself up as Vx-Underground - ransom notes, file extensions and all. Here's what the impersonation looked like under the hood.