NotMint: Building a Self-Hosted Finance Dashboard with Bank-Grade Security
When Mint shut down, I built NotMint -- a self-hosted finance dashboard with SimpleFIN, passkey auth, AES-256-GCM encryption, and zero-trust networking.
Read more
Tool Poisoning and MCP Security: When Your Agent's Toolbox Is the Weapon
MCP tool descriptions are instructions, not metadata. Here's how attackers exploit that — and what the benchmark data actually shows about model safety alignment.
From Pattern Scanner to Security Researcher: The Code Review Upgrade
The code review skill now runs four sequential passes — structural recon, pattern scanning, semantic data flow tracing, and self-verification with confidence ratings.
When AGENTS.md Backfires: What a New Study Says About Context Files and Coding Agents
A new ETH Zurich study finds that LLM-generated context files reduce task success rates and raise inference costs by 20%. Here's what the data actually shows.
The AI Investment Reckoning: No Profits, No AGI, No Plan
OpenAI will burn $143B before turning a profit. AGI has no agreed definition. Data centers are draining aquifers. The architecture has provable limits. The math doesn't work.