THOUGHTS & RESEARCH

Blog Posts

Practical thinking on product, AI, and execution.

Published • April 2026

What OWASP's #1 LLM risk actually looks like in production

Prompt injection has topped OWASP's LLM Top 10 for two years running. While most developers have heard the term, fewer have seen what it looks like when it lands in a real production system. This is what it actually looks like.

Open post

Published • March 2026

We're Shipping AI Like It's 2005

The pattern is familiar. Capability ships first, security follows, and everyone learns the hard way in between. AI is just the latest wave, and the stakes are higher.

Open post