Tagged: AI

Two days ago we put a paste box on the open internet. Type a shell command, hit Evaluate, get a verdict — BLOCK, AUDIT, or ALLOW. Same on a second tab for MCP tool calls: tool name, JSON-style args, evaluate, verdict.

A real bypass, a new analyzer layer, and the design pattern behind it.

When the agent knows it's being watched — detecting eval-aware code patterns before they ship.

I've been watching AI write code for two years now. And I've noticed something that nobody talks about enough: the model is almost never the bottleneck. The context is.

Last week I sat down to write a single rule — block an AI agent from reading ~/.cache/op/, the 1Password CLI v2 session cache. A junior security person would look at the ticket and think: "one file, one regex, an afternoon."

Seven days later I had shipped twenty.

AI coding agents are rewriting software faster than any human team could. Cursor, Windsurf, Claude Code, Gemini CLI — they ship features in minutes. But they also run shell commands, call MCP tools, and modify files with the same speed and less judgment than a human developer.

Anthropic just did something nobody expected. They built a model so good at finding security vulnerabilities that they're scared to release it publicly.

I've been building software for over 20 years. And I'll be honest — when the term "AI agent" started flooding my LinkedIn feed in 2023, I rolled my eyes. It felt like a rebranding of chatbots with better PR. Little could I have predicted its impact.

I run an AI security company. I'm supposed to tell you AI risk is manageable — that with the right governance framework and a good dashboard, you'll sleep fine.

I don't believe that anymore.

This post is about the files on your Mac that MCP servers can access — the ones most developers don't know are exposed — and what you can do about it.

The fastest way to wipe your laptop in 2026 is to ask an AI to refactor your repo. Not because the model is malicious, but because a single prompt injection, a poisoned MCP server, or a hallucinated shell command is all it takes to put rm -rf / one keystroke from your filesystem.

Vibe coding is real now. Developers are shipping entire services by describing what they want to Claude Code or Cursor. I've done it. You've probably done it. The output is surprisingly good.

AI agents aren't experimental anymore. They write code, run shell commands, call external APIs, and orchestrate complex workflows — usually with the same OS privileges as the developer who launched them. That convenience is real. So is the risk.

I graduated in 2007. Computer science undergrad, then a master's, then a PhD in computer engineering. I've spent nearly two decades in this industry — as an engineer, as a manager, as someone who got away from the keyboard more than I wanted to during those management years, and as someone who's come back to it with a vengeance.

Two years ago I wrote about why reactive autoscaling falls short and what ML brings to the table. A lot has changed. LLMs are now a primary workload in most cloud fleets, and they break almost every assumption the classic autoscaling stack was built on. Here's what's actually different, and where Model Context Protocol fits into the picture.

I spent seven years at Turbonomic — back when it was still called VMTurbo, through the rebranding, through the IBM acquisition in 2021, and a few years past that. So writing about autoscaling without touching what I actually worked on every day would feel dishonest. This is the insider perspective: what Turbonomic actually does, why the economic model it's built on is genuinely clever, and where the edges of that model sit.