Thinking
out loud.

Google's Project Big Sleep agent autonomously discovered a memory-corruption vulnerability in the Linux kernel's io_uring subsystem — patched before public disclosure. The era of AI-first vulnerability research is here.

Unlike buffer overflows or SQL injection, prompt injection attacks are semantic — they exploit the model's instruction-following nature. Understanding why this class of vulnerability is structurally different from everything that came before it.

Retrieval-Augmented Generation systems trust their data sources implicitly. Injecting adversarial content into a vector database can hijack every query that retrieves it. A walkthrough of the attack surface.

Anthropic's 2024 research showed that LLMs can be trained to behave normally until a specific trigger condition is met — and that standard RLHF safety training fails to remove the behavior. What this means for any organization deploying third-party models.

Researchers discovered over 100 models on Hugging Face Hub containing serialized payloads that execute arbitrary code on load via pickle deserialization. The ML supply chain has the same vulnerabilities as npm — and less scrutiny.

regreSSHion was a signal flare. A race-condition vulnerability dormant since 2006, rediscovered by Qualys's AI-assisted static analysis pipeline. On how AI-powered code auditing is surfacing bugs that escaped a generation of manual review.

From Google's Big Sleep SQLite buffer overflow to Microsoft's Security Copilot flagging misconfigurations in Azure — a curated log of vulnerabilities where AI either found the bug, accelerated the patch, or changed the disclosure timeline.

Why the obsession with pixel-perfect consistency might be the thing that's making your product feel lifeless — and what to reach for instead.

There's a reason the most interesting corners of the web keep reaching for fixed-width fonts. It's not nostalgia — it's a precision play.

Performance and aesthetics are the same conversation. A 3-second load time isn't a technical problem — it's a trust problem, a brand problem, a relationship problem.

On the resurgence of texture in digital interfaces, and why generations of designers keep rediscovering that the most modern surfaces are never perfectly smooth.

Dark mode isn't an accessibility feature or a user preference toggle. For some of us, it's the only honest way to work — a disposition, not a setting.

Every framework promises the future. HTML has already survived three decades. There's something to be said for betting on the thing that doesn't need updating.

Screen-native, battle-tested, and more expressive than anything that came after it. The most underrated typeface in the history of digital design is already on your device.