Month: February 2026

September 2024. A fintech company in Austin — I can’t name them, NDA — invited me to review their AI agent deployment. They’d built an expense processing system that was supposed to handle receipt scanning, categorization, approvals. Worked great in testing. Three months into production, it was generating fake restaurants. Their accountant found it during

Building generative AI applications in Java used to be a complex, boilerplate-heavy endeavor. You’d wrestle with raw HTTP clients, hand-craft JSON payloads, parse streaming responses, manage API keys, and stitch together observability, all before writing a single line of actual AI logic. Those days are over. Genkit Java is an open-source framework that makes building

As discussed in the MultiCloudJ introduction, it is fairly common to use more than one cloud provider in enterprises. This can happen for many reasons, like mergers, choosing the best services from different clouds, or moving gradually from one cloud to another. Because of this, you may have compute running on Google Cloud while your data or

Imagine deploying a Node.js/TypeScript backend for user authentication that works flawlessly in development, only to watch users get mysteriously logged out or unable to log in shortly after launching to production. Everything ran fine on your local machine, but in the live environment, users start losing their sessions en masse. Requests to protected endpoints begin

The numbers tell a troubling story. Forty-five percent of cyberattacks in 2024 exploited weaknesses in CI/CD pipelines, according to industry tracking data. Not application code. Not user credentials. The build and deployment infrastructure itself. This represents a fundamental shift in how attackers think. Why spend weeks crafting an exploit for production systems when you can

It’s very easy to talk about secure GenAI. But did you ever think about whether your agents are running only the prompts, tool schemas, router rules, and semantic models you intended — especially after many weeks of rapid iteration? It is very hard to prove this. Most teams freeze application code and container images, but

The Death of the Static Credential: An Operational Imperative In modern software architecture, speed is the primary driver of innovation. We deploy faster and scale wider, yet this velocity introduces a parallel vector of risk: complexity. Amidst this, one vulnerability remains persistently simple: the static database credential. For decades, the “database password” was a fixed

This is how I created a Go library to address 41 actively exploited vulnerabilities. The Problem That Keeps Security Teams Up at Night On December 11, 2025, MITRE released its annual 2025 CWE Top 25 Most Dangerous Software Weaknesses list, analyzing 39,080 CVE records from the past year. The results should concern every developer.

In modern DevOps, we automate deployments, testing, and infrastructure provisioning. Yet, in many organizations, server patching remains a manual, high-friction event. Admins log in late at night, run scripts, and hope services restart correctly. This manual approach is a security liability. The longer the gap between a vulnerability disclosure and a patch application, the wider

The pager doesn’t care why production is burning. A compromised credential chain triggering mass file encryption demands the same midnight scramble as a misconfigured load balancer taking down the payment gateway. Yet most organizations still maintain separate playbooks, separate escalation trees, separate war rooms for “technical incidents” versus “security incidents” — as if attackers politely