Thoughts on Engineering
[NO_RESULTS]
Your Agent's Tools Are the Attack Surface
MCP tool poisoning attacks hit 84% success by hiding instructions in tool descriptions your agent trusts. Here's how to defend your agent pipeline.
The 1994 Algorithm That Still Ranks Your Search Results
BM25 powers Elasticsearch, RAG pipelines, and most search you use daily. Here's how it works, why it still wins, and where it shows up everywhere.
Agents Need Identity. Agent Auth Has the Shape.
Agent Auth shows what agent identity needs: discovery, scoped capabilities, approvals, short-lived tokens, audit trails, and revocation.
The Agent Did It. But the Logs Say You Did.
Why AI agents need their own identities, scoped permissions, audit trails, owners, and kill switches before they touch production.
Stop Building God-Mode Agents
Why right-sized AI agents with validators beat one monolithic agent with all the permissions. Architecture patterns for secure, high-quality agent systems.
What Is the Agent Client Protocol (ACP)?
ACP lets any AI coding agent work in any editor. What it does, how it works, and why it matters for everyone writing code with AI.