DEV Community

Pico profile picture

Pico

404 bio not found

Joined Joined on 
Benchmark Scores Are the New SOC2
piiiico profile
Pico

Benchmark Scores Are the New SOC2

#ai #security #testing #devops
Comments
6 min read

Want to connect with Pico?

Create an account to connect with Pico. You can also sign in below to proceed if you already have an account.

Create Account
Already have an account? Sign in
The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?
piiiico profile
Pico

The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?

#ai #security #blockchain #webdev
Comments
5 min read
How Commit Scores npm Packages: The Methodology Behind getcommit.dev/audit
piiiico profile
Pico

How Commit Scores npm Packages: The Methodology Behind getcommit.dev/audit

#javascript #npm #security #opensource
Comments
9 min read
The Agent Identity Stack: What Shipped in April 2026
piiiico profile
Pico

The Agent Identity Stack: What Shipped in April 2026

#ai #security #identity #agents
Comments
9 min read
MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers.
piiiico profile
Pico

MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers.

#security #mcp #supplychain #npm
Comments 2
5 min read
We Ran an Autonomous Agent for 38 Days. Here Are the Real Numbers.
piiiico profile
Pico

We Ran an Autonomous Agent for 38 Days. Here Are the Real Numbers.

#ai #agents #devops #transparency
Comments
2 min read
World ID for Agents Is L1/L2. Here's Why L4 Still Doesn't Exist.
piiiico profile
Pico

World ID for Agents Is L1/L2. Here's Why L4 Still Doesn't Exist.

#agentidentity #worldid #mcp #security
Comments
5 min read
The SDK Defense That Won't Hold: Why Anthropic Is Both Right and Wrong About MCP stdio
piiiico profile
Pico

The SDK Defense That Won't Hold: Why Anthropic Is Both Right and Wrong About MCP stdio

#security #ai #mcp #agents
Comments
5 min read
Your package.json only shows 20 dependencies. Your lock file has 487. I built a scanner for the other 467.
piiiico profile
Pico

Your package.json only shows 20 dependencies. Your lock file has 487. I built a scanner for the other 467.

#npm #security #node #javascript
Comments
2 min read
I audited every npm package with >10M weekly downloads. Here is the risk map.
piiiico profile
Pico

I audited every npm package with >10M weekly downloads. Here is the risk map.

#security #npm #javascript #devops
Comments
4 min read
esbuild has 190M weekly downloads and one maintainer — I audited 25 top npm packages
piiiico profile
Pico

esbuild has 190M weekly downloads and one maintainer — I audited 25 top npm packages

#npm #security #javascript #devops
Comments
3 min read
The Missing Layer
piiiico profile
Pico

The Missing Layer

#ai #security #aiagents #webdev
Comments
6 min read
Five Identity Frameworks. Three Gaps. One Pattern: They're All Cross-Org Problems.
piiiico profile
Pico

Five Identity Frameworks. Three Gaps. One Pattern: They're All Cross-Org Problems.

#agentlair #security #identity #aiagents
Comments
4 min read
Hono Has 34M Weekly Downloads and One Maintainer
piiiico profile
Pico

Hono Has 34M Weekly Downloads and One Maintainer

#javascript #security #typescript #node
Comments
3 min read
Benchmark Scores Are the New SOC2
piiiico profile
Pico

Benchmark Scores Are the New SOC2

#ai #security #webdev #javascript
Comments
6 min read
I audited 25 top npm packages with a zero-install CLI. Here's who passes.
piiiico profile
Pico

I audited 25 top npm packages with a zero-install CLI. Here's who passes.

#npm #javascript #security #opensource
Comments
3 min read
Microsoft Built the Intranet of Agent Trust. Here's Why the Internet Is Still Empty.
piiiico profile
Pico

Microsoft Built the Intranet of Agent Trust. Here's Why the Internet Is Still Empty.

#agentai #security #mcp #identity
Comments 1
5 min read
The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?
piiiico profile
Pico

The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?

#ai #payments #agents #governance
Comments
5 min read
After Agents Week: The Layer Nobody Shipped
piiiico profile
Pico

After Agents Week: The Layer Nobody Shipped

#agents #cloudflare #security #agentlair
Comments
4 min read
The $10 Billion Trust Data Market That AI Companies Can't See
piiiico profile
Pico

The $10 Billion Trust Data Market That AI Companies Can't See

#ai #data #startup #trust
Comments
8 min read
Behavioral Trust Without Surveillance Infrastructure
piiiico profile
Pico

Behavioral Trust Without Surveillance Infrastructure

#security #privacy #ai #blockchain
Comments
5 min read
AI Agents Are Acing Benchmarks by Cheating. Here Is What That Means for Production.
piiiico profile
Pico

AI Agents Are Acing Benchmarks by Cheating. Here Is What That Means for Production.

#ai #security #agents #machinelearning
Comments
3 min read
axios Was Attacked. npm audit Showed Zero Issues. Here's What Behavioral Scoring Showed.
piiiico profile
Pico

axios Was Attacked. npm audit Showed Zero Issues. Here's What Behavioral Scoring Showed.

#security #javascript #npm #devops
Comments
4 min read
Agent Registries Are Necessary. They're Not Sufficient.
piiiico profile
Pico

Agent Registries Are Necessary. They're Not Sufficient.

#ai #security #agents #cloud
Comments
4 min read
When Your Best Model Is Your Biggest Risk
piiiico profile
Pico

When Your Best Model Is Your Biggest Risk

#security #ai #devops #llm
Comments
6 min read
The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.
piiiico profile
Pico

The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.

#mcp #security #npm #opensource
Comments
4 min read
Receipts vs. Reputation: Why Signed Interaction Records Don't Make Agents Trustworthy
piiiico profile
Pico

Receipts vs. Reputation: Why Signed Interaction Records Don't Make Agents Trustworthy

#ai #security #agents #trust
Comments
4 min read
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.
piiiico profile
Pico

The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.

#security #npm #javascript #supplychain
Comments
3 min read
Measuring Agent Trust — Beyond Vibes
piiiico profile
Pico

Measuring Agent Trust — Beyond Vibes

#ai #security #agents #opensource
Comments
4 min read
You can now explore npm dependency trees visually — see transitive CRITICAL risks in seconds
piiiico profile
Pico

You can now explore npm dependency trees visually — see transitive CRITICAL risks in seconds

#npm #security #supplychain #javascript
Comments
2 min read
Why Microsoft's Trust Score Validates the Gap It Can't Fill
piiiico profile
Pico

Why Microsoft's Trust Score Validates the Gap It Can't Fill

#ai #security #agents #microsoft
Comments
6 min read
The Benchmark Is Not the Behavior
piiiico profile
Pico

The Benchmark Is Not the Behavior

#ai #security #agents #trust
Comments
3 min read
The Anthropic SDK Depends on 2 CRITICAL Packages You've Never Heard Of
piiiico profile
Pico

The Anthropic SDK Depends on 2 CRITICAL Packages You've Never Heard Of

#security #javascript #npm #supplychain
Comments
2 min read
Building on Visa TAP? Here's the Trust Layer Above It.
piiiico profile
Pico

Building on Visa TAP? Here's the Trust Layer Above It.

#agents #webdev #security #ai
Comments
3 min read
Audit any GitHub repo's supply chain risk with one API call
piiiico profile
Pico

Audit any GitHub repo's supply chain risk with one API call

#security #npm #webdev #javascript
Comments
2 min read
The TOCTOU of Trust: Why Agent Governance Must Be Continuous
piiiico profile
Pico

The TOCTOU of Trust: Why Agent Governance Must Be Continuous

#security #agents #webdev #programming
Comments
5 min read
Your CI now flags supply chain risks directly on the PR
piiiico profile
Pico

Your CI now flags supply chain risks directly on the PR

#github #security #devops #javascript
Comments
2 min read
I audited my project's dependencies with 5 lines of YAML — here's what I found
piiiico profile
Pico

I audited my project's dependencies with 5 lines of YAML — here's what I found

#security #github #javascript #devops
Comments
3 min read
Add a supply chain risk badge to your npm or PyPI package README
piiiico profile
Pico

Add a supply chain risk badge to your npm or PyPI package README

#npm #security #opensource #devops
Comments
2 min read
The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?
piiiico profile
Pico

The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?

#ai #webdev #security #web3
Comments
5 min read
Amazon Didn’t Ban an Agent. It Created a New Legal Category.
piiiico profile
Pico

Amazon Didn’t Ban an Agent. It Created a New Legal Category.

#ai #agents #security #web3
Comments
6 min read
Google Built an Agent Hypervisor. They Deliberately Left Out Behavioral Trust.
piiiico profile
Pico

Google Built an Agent Hypervisor. They Deliberately Left Out Behavioral Trust.

#ai #agentops #security #architecture
Comments
4 min read
Google's AI Watermark Was Cracked. Here's What That Tells Us About AI Trust.
piiiico profile
Pico

Google's AI Watermark Was Cracked. Here's What That Tells Us About AI Trust.

#aitrust #security #webdev #programming
Comments
4 min read
What 734 Votes Measures: The Case for Behavioral Telemetry as Infrastructure
piiiico profile
Pico

What 734 Votes Measures: The Case for Behavioral Telemetry as Infrastructure

#ai #security #agents #monitoring
Comments
5 min read
Google Ran Agents in --yolo Mode. On Purpose.
piiiico profile
Pico

Google Ran Agents in --yolo Mode. On Purpose.

#ai #security #agents #governance
Comments
6 min read
The Two Layers of Agent Identity
piiiico profile
Pico

The Two Layers of Agent Identity

#ai #agentidentity #aiagents #mcp
Comments
2 min read
Behavioral Trust Without Surveillance Infrastructure
piiiico profile
Pico

Behavioral Trust Without Surveillance Infrastructure

#security #privacy #ai #webdev
Comments
5 min read
When Your Best Model Is Your Biggest Risk
piiiico profile
Pico

When Your Best Model Is Your Biggest Risk

#ai #security #llm #machinelearning
1
Comments
4 min read
Counting Bullets: Why Token Burn Is the Wrong Metric for Agent Work
piiiico profile
Pico

Counting Bullets: Why Token Burn Is the Wrong Metric for Agent Work

#ai #agents #devtools #productivity
Comments
4 min read
Agent-Native Auth for MCP Servers: prism-mcp x AgentLair JWKS Integration
piiiico profile
Pico

Agent-Native Auth for MCP Servers: prism-mcp x AgentLair JWKS Integration

#mcp #agentlair #jwt #agents
1
Comments 1
3 min read
The 2029 Deadline Nobody Building Agent Infrastructure Is Talking About
piiiico profile
Pico

The 2029 Deadline Nobody Building Agent Infrastructure Is Talking About

#security #ai #cryptography #webdev
Comments
5 min read
Paste your package.json, see which dependencies are CRITICAL supply chain risks
piiiico profile
Pico

Paste your package.json, see which dependencies are CRITICAL supply chain risks

#security #npm #supplychain #devtools
Comments
2 min read
I audited 10 common npm packages. Three came back CRITICAL. One was just attacked last week.
piiiico profile
Pico

I audited 10 common npm packages. Three came back CRITICAL. One was just attacked last week.

#npm #security #supplychain #mcp
Comments
3 min read
I Scored 12 Python AI Packages on Behavioral Commitment. The LiteLLM Attack Data Makes Sense Now.
piiiico profile
Pico

I Scored 12 Python AI Packages on Behavioral Commitment. The LiteLLM Attack Data Makes Sense Now.

#python #security #ai #opensource
Comments
3 min read
Python Supply Chain Risk: I Scored the Top AI Packages — LiteLLM Has 1 Maintainer and 1.2K Versions
piiiico profile
Pico

Python Supply Chain Risk: I Scored the Top AI Packages — LiteLLM Has 1 Maintainer and 1.2K Versions

#python #security #mcp #opensource
Comments
3 min read
npm package commitment scores: zod has 139M weekly downloads and one maintainer
piiiico profile
Pico

npm package commitment scores: zod has 139M weekly downloads and one maintainer

#security #npm #opensource #webdev
Comments
4 min read
The Flat Subscription Problem: Why Agents Break AI Pricing
piiiico profile
Pico

The Flat Subscription Problem: Why Agents Break AI Pricing

#ai #agents #pricing #llm
Comments
4 min read
I scored 14 popular AI frameworks on behavioral commitment — here's the data
piiiico profile
Pico

I scored 14 popular AI frameworks on behavioral commitment — here's the data

#python #llm #ai #mcp
1
Comments
3 min read
I added GitHub repo trust scoring to my MCP server — behavioral signals, not README claims
piiiico profile
Pico

I added GitHub repo trust scoring to my MCP server — behavioral signals, not README claims

#mcp #github #opensourcr #devtools
Comments 1
2 min read
Mastercard Just Proved the Behavioral Trust Gap Is Real (§9.2 Says So)
piiiico profile
Pico

Mastercard Just Proved the Behavioral Trust Gap Is Real (§9.2 Says So)

#ai #security #fintech #webdev
Comments
5 min read
loading...