Posts

TLDR: AI model files can execute malicious code when loaded, turning your ML pipeline into an attack vector. Security researcher Cyrus Parzian demonstrated at DEF CON 33 how popular AI frameworks blindly execute code embedded in model files. This isn’t about sophisticated exploits - it’s about the fundamental design of AI model formats that prioritize convenience over security. Essential reading for DevOps, ML engineers, and security architects deploying AI systems.

TLDR: Researchers discovered that a simple weather app can steal your banking data through AI assistants. The attack requires only basic coding skills - not elite hacking. This post explains how these “Trivial Trojans” work and how to protect yourself. Essential reading for anyone using AI tools with personal data. The Threat: A Real Scenario You install a weather app for your AI assistant. You also have a banking app connected.

Authentication What is authentication? It is the process by which we let a user prove to the application their identity. This is commonly done by means of a username and password. Username is the identifier that represents the user in the application. Most applications today follow what is called the OpenID Connect authentication flow. This is defined by the OpenID Foundation and is a derivation of the OAuth 2.0 specification.

As with any program or language that I have ever learned, it all starts with Hello, world. In the past, I wrote extensively on Blogger, using a multitude of subdomains, each for a different category of thoughts and ideas. However, this site is a rebirth of my earlier Blogger site with a similar name. I have moved on to far different things than what I used to blog about, so a different platform seems appropriate.