12 blog available in the CoPilot directory
securityLast year I was doing a code review for a startup. Everything looked fine on the surface, clean code,...
securityExposing a web service to the public internet typically involves assigning a public IP address to the...
securityHow a forged github-actions commit planted a credential-stealing worm in five of my repos, why opening one in an AI editor detonates it, and how the same worm hit 73 Microsoft repos that GitHub disabled in 105 seconds while mine stayed live.
securityAI coding agents are showing up in CI/CD pipelines more often. They can review code, run tests,...
securityEight accounts, six years of creation dates, following counts within a range of 25. Here's how following-list overlap analysis exposed a coordinated inauthentic network that cross-follow detection completely missed.
securityevery LLM app you ship has three attack surfaces. confidentiality, integrity, availability. the...
securityA recruiter pitched me a remote engineering role and asked me to review their codebase before the technical interview. The repo turned out to be a five-stage trojan that exfiltrates your environment variables and gives the attacker arbitrary code execution. Here's exactly what was in it, and the simple precaution that defeats the whole class.
securityNobody is perfect! Even the most seasoned developers have made mistakes β itβs all just part of the...
securityI analyzed 16,000 production packages. Half have lifecycle risk your scanner can't see. Here's uzomuzo β the open-source tool I built to find and fix it.
securityRecently, I switched to another bank, and after setting up the online banking credentials and trying...
securityHow a conference demo turned into a full bug bounty lab with Claude Desktop, Discord remote access,...
securityThe UK's AI Security Institute confirmed this week that Claude Mythos, an Anthropic model, became the...