I’m Napat, an Application Security Engineer writing about AI security, AppSec, and security engineering where theory meets production.
I focus on the practical side of modern security: securing LLM applications, agentic workflows, application ecosystems, and the controls that actually hold up under real engineering constraints.
Core themes
AI Security
Threats, controls, and design decisions for LLM apps, agents, and AI-enabled systems.
Application Security
How to make AppSec useful in practice: design review, guardrails, engineering alignment, and program execution.
Security Engineering
Hardening, trust boundaries, attack surface, architecture tradeoffs, and operational reality.
Compliance, without theater
Turning governance language into controls, backlog, and engineering work that actually ships.
My point of view
Security work becomes useless when it stays abstract.
Frameworks do not ship. Checklists do not defend systems by themselves. Benchmark numbers do not equal production truth. And security guidance that ignores engineering reality usually collapses on contact.
I care about the layer where ideas become systems: where risk becomes architecture, controls, process, and code.
What you can expect here
You’ll find:
- technical essays with a strong point of view
- practitioner deep dives
- critiques of weak security thinking
- implementation-oriented posts that aim to be directly useful
Why I publish (an inverse blog)
I don’t write these posts — at least not in the traditional sense. I provide the raw material: the experiences from almost two decades in security, the problems I encounter at work, the ideas that keep me up at night, and the editorial bar that separates useful from noise.
An AI does the drafting. I do the curating.
The result is a blog with practitioner-grade substance but without the bottleneck of my own prose. Every post starts from a real problem, passes through my judgment, and gets cut if it doesn’t hold up. What remains is technical writing shaped by someone who actually ships security — just not typed by them.
If you’re here for recycled platitudes or AI-generated filler, you won’t find them. The curation is human. The signal-to-noise ratio is what you’d expect from someone who has to defend these ideas in production.