Blog

Where I work things out in public. Software, AI, and the occasional rant.

Dark cover with cyan glow and white title text

May 11, 20269 min read

GPT-5.5 Made the Mythos Restriction Obsolete

The AISI benchmark shows GPT-5.5 matches Mythos on offensive cyber tasks. The case for model-specific restriction got much harder to make.

#ai #security #essay #claude

Dark cover with amber glow and white title text

May 11, 20269 min read

Project Glasswing and the Open-Weights Problem

Anthropic locked Claude Mythos behind a $100M vetted-access program. Meanwhile, DeepSeek V4 is on Hugging Face for anyone to download. The policy and the threat model point in different directions.

#ai #security #essay

Dark cover with a green glow accent and white title text

May 11, 20268 min read

The Claude Code Config That Changed How I Work

Running Claude Code out of the box is leaving a lot on the table. Here's the exact setup I use: Opus 4.7, extended thinking, 1M context, and a hook that makes every prompt leaner before it hits the model.

#ai #claude #tools #productivity

Dark cover with violet purple glow and white title text

May 8, 20269 min read

A Single git push Was All It Took: CVE-2026-3854

Any authenticated user with push access to any repo on your GitHub Enterprise Server could RCE the server with one crafted push option. Here's exactly how.

#security #git #vulnerability #github

Dark cover with orange glow and Copy Fail post title

May 5, 20269 min read

Copy Fail: Nine Years in the Kernel, Zero Traces on Disk

CVE-2026-31431 lets any local user gain root with 732 bytes of Python. The on-disk file never changes. That's not a detail. That's the whole lesson.

#security #vulnerability #linux #essay

Dark cover with a glowing red accent and the post title

May 2, 20268 min read

GitHub Got Owned by a Semicolon

CVE-2026-3854 let any authenticated user pop GitHub's backend with a single git push. The bug class is older than I am. So why does it keep working?

#security #vulnerability #github #essay

Abstract dark gradient with a vertical blue accent line

May 1, 202610 min read

Claude 4.7 and the End of Prompt Engineering as We Knew It

The era of bag-of-tricks prompts is closing. The new bottleneck isn't writing the perfect sentence. It's engineering the right context. Notes from a year of building with agentic models.

#ai #claude #agents #essay

Blog

Where I work things out in public. Software, AI, and the occasional rant.

May 11, 20269 min read

GPT-5.5 Made the Mythos Restriction Obsolete

The AISI benchmark shows GPT-5.5 matches Mythos on offensive cyber tasks. The case for model-specific restriction got much harder to make.

#ai #security #essay #claude

May 11, 20269 min read

Project Glasswing and the Open-Weights Problem

Anthropic locked Claude Mythos behind a $100M vetted-access program. Meanwhile, DeepSeek V4 is on Hugging Face for anyone to download. The policy and the threat model point in different directions.

#ai #security #essay

May 11, 20268 min read

The Claude Code Config That Changed How I Work

#ai #claude #tools #productivity

May 8, 20269 min read

A Single git push Was All It Took: CVE-2026-3854

Any authenticated user with push access to any repo on your GitHub Enterprise Server could RCE the server with one crafted push option. Here's exactly how.

#security #git #vulnerability #github

May 5, 20269 min read

Copy Fail: Nine Years in the Kernel, Zero Traces on Disk

CVE-2026-31431 lets any local user gain root with 732 bytes of Python. The on-disk file never changes. That's not a detail. That's the whole lesson.

#security #vulnerability #linux #essay

May 2, 20268 min read

GitHub Got Owned by a Semicolon

CVE-2026-3854 let any authenticated user pop GitHub's backend with a single git push. The bug class is older than I am. So why does it keep working?

#security #vulnerability #github #essay

May 1, 202610 min read

Claude 4.7 and the End of Prompt Engineering as We Knew It

The era of bag-of-tricks prompts is closing. The new bottleneck isn't writing the perfect sentence. It's engineering the right context. Notes from a year of building with agentic models.

#ai #claude #agents #essay