Apr 29, 2026
•
8 min read
Tool descriptions are part of the prompt. If that text changes after approval, the tool should stop working until it is reviewed again
Apr 22, 2026
Single-Use Tokens, Response Parity, and Session Hygiene
Apr 15, 2026
7 min read
A secure pattern for storing, refreshing, and using customer OAuth credentials
Apr 8, 2026
10 min read
How to prevent duplicate writes, partial-failure bugs, and replayed side effects
Apr 1, 2026
9 min read
A practical threat model for tenant isolation, ACL propagation, revocation, and query-time filtering
Mar 25, 2026
A practical pattern for sender controls, receiver verification, and outbound request safety
Mar 18, 2026
Threat models and safe defaults for tool execution, autonomous loops, and persistent memory in AI agents
Mar 5, 2026
WebAuthn Relying Party Implementation Guide
Feb 26, 2026
AI Agent Authorization Pattern for Tool Use and MCP
Feb 19, 2026
OIDC Federation for AWS IRSA and GKE Workload Identity
Feb 11, 2026
4 min read
Tenant Isolation for S3 in Multi-Tenant SaaS
Feb 9, 2026
5 min read
AWS S3 Pre-Signed URL Best Practices
