The Confused Deputy
Writing on AI agents, security, and governance — and the decades-old lessons that already predicted them.
Stop red-teaming the model. Red-team the application.
· ai-security, red-teaming, opinionGeneric jailbreak suites grade chat replies. Your risk lives in the tools, data, and permissions wired around the model.
Your agents' worst incidents have already happened
· ai-security, security-history, agentsMorris. The Flash Crash. Knight Capital. Target. Equifax. Every "novel" AI-agent risk arrives with a paid-for lesson attached.
We're speed-running 30 years of security mistakes
· ai-security, agents, opinionInsecure defaults, flat trust, single points of failure — agent frameworks are replaying our greatest hits. The good news: we know how every episode ends.
The most powerful code in your repo is unsigned
· ai-security, supply-chain, governanceSKILL.md, .cursorrules, MCP manifests — executable instructions for the most prolific committer in your org, with none of the supply-chain checks.
Your intern gets a background check. Your agent gets an API key.
· ai-security, governance, identityNon-human identities are becoming the majority of actors in the enterprise — and we still govern them like scripts.
The confused deputy rides again
· ai-security, prompt-injection, security-historyPrompt injection isn't a new vulnerability. It's a 1988 idea wearing a 2026 outfit — and the old literature already tells us what to do.
Prompt injection is SQL injection, minus the happy ending
· ai-security, prompt-injection, opinionWe beat SQLi by separating code from data. LLMs merge the two by design — so the fix has to live somewhere else.