What Is an Inverse Blog?
Most security blogs are written by practitioners who draft, edit, revise, and publish. This one is different. I provide the ideas, the experience, and the editorial judgment - an AI does the writing.
Every post starts from a real problem I’ve encountered: a gap in how we model agent trust boundaries, a compliance framework that collapsed under delivery pressure, or a kernel exploit that taught more from failure than from success. I curate the thesis, challenge the drafts, and cut what doesn’t hold up. The result is technical writing shaped by two decades of breaking and building things - just not typed by the hands that broke them.
That’s why it’s inverse: the expertise is human, the prose is not. The signal-to-noise ratio is what you’d expect from someone who ships security for a living - because the curation bar is set by someone who does.
For people who care about substance over noise - security engineers, builders, and technical leaders who want clear thinking, implementation depth, and fewer recycled platitudes.
Featured Essays
- The Agent Security Gap: Why Adversarial Prompt Engineering Is Not the Problem
- Frameworks Don’t Ship Security: Turning NIST AI RMF into an AppSec Backlog
- Two-Factor Authentication Is Not What You Think
Topic Pillars
AI Security
- Prompt-injection resistance, model/tool boundary design, and secure agent architecture.
- Explore: /tags/ai-security/
AppSec
- Threat modeling, vulnerability research, and controls that hold up under delivery pressure.
- Explore: /tags/security-engineering/
Compliance
- Repeatable compliance workflows and AI-assisted delivery with explicit safety boundaries.
- Explore: /tags/compliance-automation/
Start Here (First-Time Reader Path)
- Security model first → The Agent Security Gap
- Translate standards into backlog → Frameworks Don’t Ship Security
- See replication work in practice → ZeroDayBench Replication
Recent posts are below.