Why 'Cognitive Debt' From AI Coding Agents Is a Security Problem
A widely-shared talk from Notion design engineer Geoffrey Litt argues that as agents write more code, understanding it becomes the real bottleneck — and for security teams, that understanding gap is where review controls quietly fail.
Why SQL-Executing AI Agents Need Systematic Prompt Testing, Not Guesswork
A DSPy-driven experiment on Datasette Agent's SQL system prompt shows how ad hoc prompt tuning produces fragile, unpredictable guardrails for agents that touch live data.
Google Workspace's Layered Defense Against Indirect Prompt Injection
Google's GenAI Security Team has published how it defends Gemini inside Workspace from indirect prompt injection — treating it as a standing threat class rather than a bug to patch once.
Aztec Connect: $2.1M Stolen From a Bridge With No One Left to Fix It
A proof-verification flaw let an attacker drain a DeFi privacy bridge that Aztec Labs deprecated three years ago and can no longer patch, pause, or upgrade — a case study in what "immutable" really costs.
Natural-Language Video Search Is Rewriting the Surveillance Threat Model
New AI tools let analysts ask CCTV networks plain-language questions about behaviour instead of running a fixed menu of preset searches — and the Israel-Iran-Russia episode shows how fast that capability is spreading to adversaries as well as allies.