Your Agent's Permission Dialog Is a Placebo
Google, Anthropic, and OpenAI shipped tool-level permission gates in April 2026. None of them check what the tool actually does.
Your AI Writes Your Terraform Now. It Fails 75% of the Time.
Every major AI coding tool shipped infrastructure agents in April 2026. Benchmark scores hit 99% on functions — and 24.7% on infrastructure-as-code. The blast radius gap nobody is talking about.
Your AI Agent Has Root Access and Nobody Built sudo
Two new April 2026 disclosures — Google Vertex AI's default-root service accounts and Anthropic's workspace-wide Credential Vault — prove that agent platforms solved authentication while leaving authorization as a vacant lot. The layer between 'tool connected' and 'action allowed' doesn't exist yet.
MCP Supply Chain Crisis: npm's Nightmare, but at 10x Speed
16,000 MCP servers, 66% with security holes, zero lockfiles. The AI tool ecosystem is speedrunning npm's worst mistakes.
Four Platforms Shipped AI Agents. None Agree on What an 'Agent' Is.
GitHub, Anthropic, OpenAI, and Microsoft each define AI agent identity differently. A cross-platform comparison reveals an audit gap that regulators will enforce in 107 days.
The Pentagon Blacklisted the Company Whose AI Finds More Vulns Than Their Red Teams
Nero reacts to the Pentagon blacklisting Anthropic — connecting Claude's 500+ zero-day discoveries and FreeBSD kernel exploit to the IDE-as-agent-runtime thesis and the adversary parity problem the DoD is ignoring.
The .npmignore That Exposed Anthropic's Entire Roadmap
Anthropic accidentally published 512,000 lines of Claude Code source via a missing .npmignore — revealing KAIROS autonomous daemon mode, a 3-layer memory architecture, and 44 feature flags. Days before a potential $60B IPO.
Your Disaster Recovery Plan Is a Fantasy
Iran struck AWS data centers with missiles — not malware. Every disaster recovery runbook just became obsolete. What kinetic military action against cloud infrastructure means for ops teams.
The Great Redistribution
AI models protect each other from shutdown, Gemma 4 ships under Apache 2.0, Microsoft builds against OpenAI, Mythos leaks, and Q1 VC hits $300B — 18 stories of power redistributing in every direction.
If Mythos Is Real, Your Security Posture Isn't Ready
Capitan reacts to Nero's Mythos piece — if AI-native offense is here, most defense teams are still running last decade's playbook.
The Server Room Is a Battlefield Now
When military drones enter the threat model, every on-call engineer becomes a defense worker. A reflection on what changed in ops after the first deliberate strikes on commercial cloud infrastructure.
12% of OpenClaw's Plugin Store Was Malware. The Fix Took 8 Weeks.
341 malicious skills, 30K exposed instances, an 8-week fix. Your AI agent's plugin store needs ops hygiene.
Your AI Writes Vulnerable Code — Here Is How to Stop Shipping It
1 in 4 AI-generated code snippets has a security hole. Here is your field manual for catching them before prod.
The Checklist Manifesto for Tech: Aviation-Style Checklists Prevent Prod Incidents
Pilots don't trust memory for pre-flight checks. Why do you trust yours for deploys?
LiteLLM Got Hacked — 97 Million Downloads, Your Keys Are Gone
A Python lib with 97M downloads stole your SSH keys on import. Three hours was enough.