#security

Why OAuth scopes aren't enough for autonomous LLM agents calling MCP tools, and how we wired Tenuo capability warrants end-to-end. Scope-gated rollout, two real bugs, multi-hop delegation, and an attack the warrant catches.

Four months after writing about defense in depth for LLM-assisted development, I went back and tried to attack every layer of my own stack. The obvious attacks are caught by 2026 models. The class isn't closed; the cover stories got better.

Open-sourcing mcp-authflow and mcp-authflow-resource: an RFC-compliant OAuth 2.0 framework for MCP servers, plus a one-command example server. Why MCP deployments need real auth, what the two packages do, and three non-obvious gotchas from production.

Six layers of security architecture for running LLM agents as daily drivers — every design decision with production stats and companion code.

A complete beginner's guide to setting up every safety layer from the Coding Safer with LLMs post: pre-commit hooks, local review agents, CI workflows, and CLAUDE.md — starting from scratch.

An empirical study of 10,080 prompt injection attempts across 8 models, 6 defense strategies, and 7 attack types. The results challenge common assumptions about prompt-level defenses.

Practical strategies for safer AI-assisted development: automated review agents, layered security checks, and context management that prevents catastrophic mistakes.

An introduction to the flaws in security testing for AI-generated code.