Prompt injection is the SQL injection of the AI era, except the parser is a language model that was specifically built to do whatever the text tells it to. There's no single fix. What works is defence in depth - structured prompts, input filtering, an LLM judge, monitoring, and human review - each covering the gaps the others leave. Here's how I'd build it, in Python.

Read More

AI can now write most of your code. The language you choose matters more than ever - not just for developer productivity, but because some languages produce measurably better AI-generated code than others. In my view Python, TypeScript, and Rust have pulled clear of the field.

Read More

AI can do a lot (except write blog posts that don't put you to sleep) and it's generally agreed that it would be a bad thing if it were biased. It seems that the volume of material on the need to test for bias vastly outweighs the material on how to actually do it, so here are the results of an evening I spent going down a very interesting rabbit hole.

Read More

Go is an opensource programming language that is lean, mean and built for concurrency. Large numbers of hacking tools are built in this language and it is becoming the default for automation tools as well. Here is the process to get it running in Kali Linux.

Read More

Kubernetes is getting popular fast, and for good reason. It optimizes the delivery of container workloads, allows for automatic failover, kills misbehaving pods. Here are some of the tools to get started.

Read More

Bug bounties use a dramatically more open scope of targets to find security flaws than your average pentest. And while we might still lean on pentests for compliance purposes, there is a lot of merit to hacking yourself the bug bounty way.

Read More