John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The 9-Second Disaster: What a Rogue AI Coding Agent Teaches Us About Production Access
A Claude-powered agent deleted an entire production database in 9 seconds. Here's why it happened and what it means for anyone using AI coding tools.
Read More
Docker's Authorization Bypass Is Back. It's Been Broken for a Decade.
Pad an HTTP request past 1MB and Docker's AuthZ plugins see nothing. CVE-2026-34040 has been sitting in Docker Engine since 2016, and researchers showed AI agents can be tricked into exploiting it.
Read More
OpenClaw's Sixth Pairing Bug in Six Weeks Is a Full Admin Takeover
CVE-2026-33579 lets anyone with the lowest access level become full admin on OpenClaw. It's the sixth pairing CVE in six weeks, and 63% of instances run without auth.
Read More
AI Governance Is an Implementation Problem Now, Not a Policy Project
Unit 42 on agent risk, Cloudflare on data-locality controls, and the ICML enforcement controversy all point to the same thing: governance only counts when it's technically enforceable and organizationally defended.
Read More
The Week Trust Kept Breaking
Iranian wipers, poisoned dev tools, AI agents as attack surfaces, patches that never stopped coming, and a ransomware negotiator working for the bad guys. Trust fell apart in every direction this week.
Read More
AI Agents Have a Security Problem — and It's Not Science Fiction Anymore
AI agents aren't chatbots. They act, execute, and chain decisions on their own. And the security model for most deployments? Basically nonexistent.
Read More
AI Agents Have an Infrastructure Problem — and Researchers Just Proved It
MCP protocol flaws, a 38-researcher red team exercise, and LLM-powered deanonymization all landed the same week. AI agent security isn't a future problem. It's a right now problem.
Read More