Zero Trust

identity-security

Jun 2, 2026

•

4 min read

Ransomware Doesn't Break In. It Logs In

The forensics always leads back to the same place — an account that shouldn't have existed, with access it shouldn't have had. Here's what to fix before the 2 AM alert.

Dennis Andrade

Zero Trust

Your AI Coding Assistant Just Cloned Your Entire Repository. You Told It To.

May 19, 2026

•

3 min read

Your AI Coding Assistant Just Cloned Your Entire Repository. You Told It To.

Convention files, prompt injection, and why the line between productivity tool and data pipeline just disappeared

Dennis Andrade

chrome-extensions

The Free AI Tool You Installed Last Week Is Robbing You Blind

May 12, 2026

•

3 min read

The Free AI Tool You Installed Last Week Is Robbing You Blind

You clicked "Add to Chrome" because it promised to make you faster. You actually installed a wiretap.

Dennis Andrade

Oauth Security

Your Token Budget Just Became Your Attack Surface

Apr 28, 2026

•

3 min read

Your Token Budget Just Became Your Attack Surface

The Vercel breach wasn't a credential failure. It was a token problem — and your IAM program probably can't see it.

Dennis Andrade

Least Privilege

Your AI Agent Has More Access Than Your Domain Admin

Apr 21, 2026

•

3 min read

Your AI Agent Has More Access Than Your Domain Admin

Five vendors. Six weeks. The same architectural failure. Here's why agents keep shipping with godmode permissions — and what good actually looks like.

Dennis Andrade

Zero Trust

Ransomware Doesn't Break In. It Logs In

Your AI Coding Assistant Just Cloned Your Entire Repository. You Told It To.

The Free AI Tool You Installed Last Week Is Robbing You Blind

Your Token Budget Just Became Your Attack Surface

Your AI Agent Has More Access Than Your Domain Admin

Identity Decoded