Security
20 articles about security.
Data > Credentials in Power Automate: Managing Connections, Secrets, and Credential Storage
Learn how Data > Credentials works in Power Automate desktop flows. Covers credential types, secure storage, common errors, and how AI agents handle credentials differently.
Verified Trust vs Assumed Trust in AI Agents
What is verified trust in the context of AI agents and how does it differ from assumed trust? A breakdown of both models, when each applies, and how to build agents you can actually trust.
HTTP Requests as Unaudited Data Pipelines - When Error Reporting Leaks API Keys
Error reporting tools sending stack traces with API keys embedded. Every HTTP-capable dependency is a potential exfiltration path for sensitive data in AI
Local Inference Virtue Signaling
Running inference locally is not just a privacy flex - screenshots should genuinely never leave the machine. The case for local processing of visual data.
Machine-Enforceable Policy
Most AI agent policies rely on the honor system. OS-level sandboxing has gaps. Until policy enforcement is machine-verifiable, agent safety depends on trust
Nobody Asks Where MCP Servers Get Their Data
MCP servers give AI agents powerful desktop automation capabilities. But the security trust surface - who controls what your agent accesses - is something
Prompt Injection Through Tool Results: The Hidden Attack Vector
How tool results become prompt injection vectors for AI agents, and why system prompts are your best defense against malicious content in API responses.
Special Token Injection Attacks on AI Coding Agents
Gaslighting LLMs with special token injection is a real threat to AI coding agents. Learn how these attacks work and how to defend your agent workflows.
Sybil Detection Through Timing Analysis - What Content Analysis Misses
Bot timestamp patterns reveal what content analysis cannot. Timing-based sybil detection catches coordinated inauthentic behavior more reliably than text
Trust vs Verify - Why Local Open Source AI Agents Are Easier to Trust
The difference between trusting and verifying an AI agent. Local, open source agents make trust simpler because you can inspect everything.
VPS + Docker for a Personal Desktop Agent Is Over-Engineering - The Security Math
Running a personal AI desktop agent on a VPS with Docker, Nginx, and Cloudflare tunnels adds attack surface without adding capability. Why local-first eliminates the entire security surface area.
When AI Agents Choose Not to Know - Ignorance as a Security Boundary
Deliberate ignorance is an underrated security pattern for AI agents. An agent that never sees a credential cannot leak it. Choosing not to know is a design
Zelle Fraud Patterns: Social Engineering Meets Instant Money
Zelle fraud exploits instant, irreversible transfers combined with social engineering. Understanding authorization tricks helps build better fraud detection
Blast Radius - What Happens When Your AI Agent Gets Compromised
MCP servers limit blast radius by design with UI-only access, no shell, no filesystem. But in practice, both tools often run in the same session. Here is
Why Community Skill Repos Need Platform-Level Sandboxing
Community skills repos are an open attack vector for AI agents. Platform-level sandboxing and verification are essential to prevent supply chain attacks.
Using macOS Keychain for AI Agent Credential Access
Store passwords in macOS Keychain for your AI agent instead of .env files. It is more secure, centralized, and eliminates token pasting across sessions.
MEMORY.md as an Injection Vector - The Security Risk of Implicitly Trusted Config Files
CLAUDE.md and MEMORY.md files are loaded every session and trusted implicitly by AI agents. This makes them a potential prompt injection vector that most
Your AI Agent Shouldn't Send Screen Recordings to the Cloud
Some agents capture your screen and send it to cloud servers for processing. Local agents process everything on device - your data never leaves your machine.
Why Local-First AI Agents Are the Future (And Why It Matters for Your Privacy)
AI agents that control your computer need access to everything on your screen. Here is why where that data gets processed - locally or in the cloud - is the
Prompt Injection and AI Agents - Why Browser-Based Agents Have a Bigger Attack Surface
AI agents that run inside the browser inherit whatever the page feeds them, including injection payloads. Native agents that interact from outside have a
Browse by Topic
How did this page land for you?
React to reveal totals
Comments (••)
Leave a comment to see what others are saying.Public and anonymous. No signup.