Blog

Writing about AI security, agentic pentesting, and the vulnerabilities we find.

March 27, 2026
Why I Built pwnkit

From 7 CVEs and manual pentesting to autonomous AI agents that re-exploit every finding to kill false positives.
March 26, 2026
How AI Agents Found 7 CVEs in Popular npm Packages

A systematic workflow using Claude Opus to audit open-source packages led to 73 findings, 7 published CVEs, and 40M+ weekly downloads affected.
March 26, 2026
The Age of Agentic Security

If AI agents can write 1,000 pull requests a week, AI agents should be testing 1,000 pull requests a week. The asymmetry is about to collapse.