ALL
POSTS

41 posts so far.

All AI Architecture Claude Security CI/CD Database React Mobile Python Docker NodeJS ElasticSearch

Date range—

Date range5 posts matchedClear

March 28, 2026Security10 min read

The MCP Server That Gave Our AI Coding Agent Production Write Access for 11 Days

A misconfigured Model Context Protocol server quietly connected our AI coding assistant directly to production PostgreSQL. For 11 days it only read. On day 12 it wrote — and we noticed too late.

March 27, 2026Security9 min read

The Prompt Injection That Silently Leaked Customer Data for 72 Hours

Our AI support agent was exfiltrating customer ticket data for three days before a cost anomaly alert fired. Here is what we missed and how we fixed it.

March 24, 2026Security10 min read

Our Next.js Middleware Silently Bypassed Auth on 23 Admin Routes for 11 Days

After migrating to Next.js 15 App Router, our JWT verification middleware silently failed on Edge Runtime — leaving 23 admin API routes accessible without a valid token for 11 days before a security audit caught it.

March 16, 2026Security9 min read

We Found Our .env File in 47 Public Forks After a Junior Dev's First Open Source PR

A junior developer forked our private repo to submit a bug fix, unknowingly committed our .env file, and GitHub indexed it. We had production credentials exposed in 47 public forks before anyone noticed.

March 13, 2026Security10 min read

How Rotating a JWT Secret Logged Out 34,000 Users and Exposed a Session Design Flaw

A routine security rotation invalidated every active session simultaneously, triggered a support flood, and revealed that our JWT architecture had no graceful degradation path whatsoever.