The problem I ran into: “Trust” that changes every run I spent a weekend trying to make AI outputs auditable in a CI/CD pipeline. The goal was simple...
I fell into this rabbit hole because I kept seeing the same pattern in my telemetry: outbound connections from a service to a set of TLS endpoints kep...
The problem I kept hitting in software supply chain security I got tired of “trust me” release pipelines. Even when I used code signing and pinned d...
I fell into this rabbit hole because I kept seeing the same annoying pattern in my homelab: my CI pipeline would mint short-lived API tokens, those to...
The weekend problem I couldn’t stop thinking about I was building an “AI assistant” that had to call internal tools (like fetching account metadata)...
I got tired of treating “threat intelligence” like a blob of text—some feeds said “APT29”, others said “malware family”, and in practice my SOC (secur...
I stumbled into a weird corner of software supply chain security while debugging a “perfectly signed” release that still felt untrustworthy: the signa...
The problem that got me curious I hit a weird failure in a CI pipeline that “looked secure” on paper: the pipeline was verifying artifacts, but it w...