Notes on AI, security, and shipping safely.

Field reports, architecture deep-dives, and opinions from the team building Shielda.

Your password policy is a rat-tail bounty

In 1902 Hanoi put a bounty on rat tails and ended up with more rats, and your password policy is the same mistake in a nicer font.

Your cloud's best lock is the one attackers ignore

The biggest diamond heist in history skipped the lasers and the acrobatics. So does every cloud breach worth worrying about.

We've never been breached, and other things the turkey believed

Every safe day convinces you a little more that you're fine and changes your actual risk by exactly zero. The Thanksgiving turkey could explain how that ends.

Your coding assistant will obey almost anyone

Konrad Lorenz, a parade of goslings, and why your AI agent does exactly what the README tells it.

Your node_modules has cuckoos in it

A blind hours-old bird does the most efficient thing in nature, and it turns out npm has been doing it to itself for a year.

Your MVP's security is a bamboo airport

After WWII, Pacific islanders built bamboo control towers and wooden headphones, waiting for cargo planes that had stopped coming — and that's roughly the state of security in most AI-coded MVPs.

Nobody is hunting you

The world's oldest spider lived in the same hole for forty-three years and never picked a target — and that is now your security model.