blog · technical writing
Blog.
Threat post-mortems, rule design, architecture deep-dives, the occasional industry teardown. First posts ship as v1 rolls out. We're not writing filler in the meantime — you'll see the queue below.
the queue · drafted, not yet shipped
What's lined up.
Three posts in flight, each tied to a public CVE or disclosure we cover with a v1 rule. Subscribe at the bottom to get the first one in your inbox the day it ships.
- post 01 technical · disclosure
How Claude Code's CC-643 subcommand-chain bypass actually works
A technical walk-through of the April 2026 Adversa disclosure. Deny rules silently disable for any bash command exceeding 50 subcommands. We reconstruct the bypass, render the catch with oknek's R1 rule, and explain why the cap exists in the first place.
- post 02 category · positioning
The runtime layer of AI security that nobody is watching
Code scanners catch issues at dev-time. Network monitors watch traffic. Cloud-posture tools audit config. General-purpose endpoint defense sees the host. None of them see what an AI agent actually does on that host. We map the security lattice category by category and explain why the empty lane is structural, not accidental.
- post 03 technical · MCP
What an MCP attack actually looks like on the wire
CVE-2025-54136 "MCPoison" and CVE-2025-6514 (mcp-remote, CVSS 9.6) walked us through how MCP servers can be hijacked after first approval. We trace the attack with real packet captures and show how oknek's R4 (MCP URL drift) catches it before the second tool call returns.
subscribe
Get the first post in your inbox.
Same list as request access. We email when posts ship and when v1 lands — a few messages as v1 rolls out, then roughly monthly after. No tracking. No list rentals. Unsubscribe with one click.
Until then.
The threats page reads like a long-form blog post already — seven rules, thirteen citations, the Sysdig wedge quote. The docs read like reference material a real product would ship. Read those while the blog queue catches up.