#ai-security | Brooks McMillin

A Coding Agent Read a File That Didn't Exist Five Times, Then Blamed the Tools

June 3, 2026 10 min read

A Claude Code session confabulated a nonexistent Python file, persisted against five truthful "does not exist" errors, then self-diagnosed as corrupted tool output. A reconstruction from the raw transcript, a corpus scan across 3,001 sessions on whether the failure is worse in Opus 4.8, and a model-independent mitigation.

#ai-security #agents #claude-code #llm-failure-modes

Read article →

Does Your System Prompt Actually Stop Prompt Injection? We Tested 10,000 Times to Find Out

February 26, 2026 13 min read

An empirical study of 10,080 prompt injection attempts across 8 models, 6 defense strategies, and 7 attack types. The results challenge common assumptions about prompt-level defenses.

#security #AI #LLM #prompt-injection #ai-security #benchmark

Read article →

The Call is Coming from Inside the House: When your Agentic Coder Writes Dangerous Code

September 7, 2025 4 min read

An introduction to the flaws in security testing for AI-generated code.

#security #AI #LLM #vibe-coding #ai-security

Read article →