Technical Blog

• Day in the Life: Building a Prototype with My AI Agent (Without Getting Pwned)
  February 13, 2026
• Browser Relay: When Your AI Assistant Gets Hands on Your Browser
  January 25, 2026
• Skills: The Missing Piece in AI Security Tooling
  January 17, 2026
• How I Prompted My Personal AI Assistant to Write a Blog For Me
  January 16, 2026
• Introducing Sage: My Personal AI Assistant That Actually Works
  January 15, 2026
• Running SecureVibes on SecureVibes - Results & What's Next (Part 3/3)
  October 14, 2025
• Building SecureVibes: A Multi-Agent Security System (Part 2/3)
  October 14, 2025
• The Vibecoding Security Crisis: Why Current Scanners Fail (Part 1/3)
  October 14, 2025
• Introducing SecureVibes: A Multi-Agent Security System (3 Part Series)
  October 14, 2025
• How to build a defensive AI security agent with RAG
  January 3, 2025
• How to build an offensive AI security agent
  December 13, 2024
• The Future of Application Security: Integrating LLMs and AI Agents into Manual Workflows
  October 23, 2024
• A Guide To Identify Authorization Vulnerabilities At Scale Using Semgrep
  October 5, 2022
• A Guide On Implementing An Effective SAST Workflow
  August 18, 2022
• A Lightweight Approach To Implement Secure Software Development LifeCycle (Secure SDLC)
  August 12, 2022
• Product Security Roadmap
  August 5, 2022
• Building a Product Security program from scratch
  July 25, 2022
• Ability to send payment requests inspite of being blocked by the recipient
  February 8, 2016
• A CSRF protection bypass technique
  April 30, 2015
• A bug in Facebook that violated my privacy
  December 23, 2014
• Analysis of the BrowserStack breach - A classic example of "Pivoting in the Clouds"
  November 13, 2014
• Security issues with friction-less signup flows
  July 16, 2014
• Performing code review on shell scripts
  September 26, 2013