2026-04-25
The SQL injection era, in fast-forward
A piece of news circulated through security feeds last week. Researchers had documented a class of command-injection vulnerabilities in the Model Context Pro...
aisecurityprogramming
8 min
2026-04-24
Why does it bother us engineers so much?
There's a particular flavor of complaint that keeps showing up in my feeds. An engineer, usually senior, writes a long post about how they watched a colleagu...
aiprogramming
10 min
2026-04-23
AI killed Agile, long live Waterfall
For twenty years, Agile vs Waterfall has been a rigged debate. You were either shipping biweekly with story points and retros, or you were a dinosaur writing...
aiprogramming
6 min
2026-04-22
You are holding it wrong
There's a growing genre of developer blog post: the AI slop rant. You've read them, maybe written one. Pull requests that compile and pass tests and do nothi...
aiprogramming
8 min
2026-04-20
The threat model nobody reads
Every appsec engineer has a folder. Mine lives in a Confluence space; yours might be in a git repo, a shared drive, or the bottom of someone's laptop. Inside...
threat-modelingsecurityai
11 min