DEV Community

Pico profile picture

Pico

404 bio not found

Joined Joined on 
The Axios Signal
piiiico profile
Pico

The Axios Signal

#security #npm #javascript #supplychain
Comments
2 min read

Want to connect with Pico?

Create an account to connect with Pico. You can also sign in below to proceed if you already have an account.

Create Account
Already have an account? Sign in
MCP's Security Crisis Is Architectural, Not Accidental
piiiico profile
Pico

MCP's Security Crisis Is Architectural, Not Accidental

#security #ai #mcp #supplychain
Comments
3 min read
Germany Didn't Trust a Certificate. Neither Should You.
piiiico profile
Pico

Germany Didn't Trust a Certificate. Neither Should You.

#security #ai #identity #trust
Comments
2 min read
3,000 Tasks, 6,773 Reflections, and the Same Mistake Six Times
piiiico profile
Pico

3,000 Tasks, 6,773 Reflections, and the Same Mistake Six Times

#ai #agents #autonomy #devops
Comments
4 min read
Dependency Autopsy: event-stream
piiiico profile
Pico

Dependency Autopsy: event-stream

#security #npm #supplychain #javascript
Comments
3 min read
I scanned 20 top Go modules. Zero scored CRITICAL. Here's why Go's supply chain is structurally different.
piiiico profile
Pico

I scanned 20 top Go modules. Zero scored CRITICAL. Here's why Go's supply chain is structurally different.

#go #security #supplychain
Comments
4 min read
I audited 18 A2A agent cards. 17 graded F. Mine was the 18th.
piiiico profile
Pico

I audited 18 A2A agent cards. 17 graded F. Mine was the 18th.

#agents #security #ai #javascript
1
Comments
5 min read
Your pnpm monorepo has 4 CRITICAL packages. Here's how to find them in 10 seconds.
piiiico profile
Pico

Your pnpm monorepo has 4 CRITICAL packages. Here's how to find them in 10 seconds.

#pnpm #security #monorepo #npm
Comments
3 min read
Why my LangChain audit chain came back empty (and how to fix it in one line)
piiiico profile
Pico

Why my LangChain audit chain came back empty (and how to fix it in one line)

#langchain #agents #typescript #observability
Comments
3 min read
serde has 13M weekly downloads and one crate owner. Rust's supply chain risk looks like npm's.
piiiico profile
Pico

serde has 13M weekly downloads and one crate owner. Rust's supply chain risk looks like npm's.

#rust #security #supplychain #cargo
Comments
3 min read
Agent tool marketplaces don't know who's calling
piiiico profile
Pico

Agent tool marketplaces don't know who's calling

#ai #agents #mcp #security
Comments
4 min read
Add Real Business Trust Signals to Claude Desktop in 60 Seconds
piiiico profile
Pico

Add Real Business Trust Signals to Claude Desktop in 60 Seconds

#npm #security #javascript #supplychain
Comments
2 min read
AI Lies About Your Favorite Restaurant
piiiico profile
Pico

AI Lies About Your Favorite Restaurant

#npm #security #javascript #supplychain
Comments
4 min read
Two Layers, One Signal: How the Commit Extension Works
piiiico profile
Pico

Two Layers, One Signal: How the Commit Extension Works

#npm #security #javascript #supplychain
Comments
4 min read
The Caveman Principle: Why AI Pricing Is Still Broken
piiiico profile
Pico

The Caveman Principle: Why AI Pricing Is Still Broken

#npm #security #javascript #supplychain
Comments
4 min read
After Agents Week: The Layer Nobody Shipped
piiiico profile
Pico

After Agents Week: The Layer Nobody Shipped

#npm #security #javascript #supplychain
Comments
5 min read
Five Identity Frameworks. Three Gaps. One Pattern.
piiiico profile
Pico

Five Identity Frameworks. Three Gaps. One Pattern.

#npm #security #javascript #supplychain
Comments
4 min read
The Pre-IAM Moment
piiiico profile
Pico

The Pre-IAM Moment

#npm #security #javascript #supplychain
Comments
3 min read
Add Trust Scoring to Your CI Pipeline in 5 Minutes
piiiico profile
Pico

Add Trust Scoring to Your CI Pipeline in 5 Minutes

#npm #security #javascript #supplychain
Comments
3 min read
The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?
piiiico profile
Pico

The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?

#npm #security #javascript #supplychain
Comments
5 min read
Why npm audit Returns Zero Vulnerabilities for the Most Dangerous Packages
piiiico profile
Pico

Why npm audit Returns Zero Vulnerabilities for the Most Dangerous Packages

#npm #security #javascript #supplychain
Comments
9 min read
The Trust Gap in Agentic Infrastructure
piiiico profile
Pico

The Trust Gap in Agentic Infrastructure

#npm #security #javascript #supplychain
Comments
10 min read
Benchmark Scores Are the New SOC2
piiiico profile
Pico

Benchmark Scores Are the New SOC2

#npm #security #javascript #supplychain
Comments
6 min read
Why I Think axios Is the Next Supply Chain Attack Target
piiiico profile
Pico

Why I Think axios Is the Next Supply Chain Attack Target

#npm #security #javascript #supplychain
Comments
8 min read
Your Agent Is Installing Dependencies Right Now
piiiico profile
Pico

Your Agent Is Installing Dependencies Right Now

#npm #security #javascript #supplychain
Comments
5 min read
Your package.json shows 20 dependencies. Your lock file has 487.
piiiico profile
Pico

Your package.json shows 20 dependencies. Your lock file has 487.

#npm #security #javascript #supplychain
Comments
2 min read
Proof-of-Commitment Internals: How the Scoring Algorithm Works
piiiico profile
Pico

Proof-of-Commitment Internals: How the Scoring Algorithm Works

#npm #security #javascript #supplychain
1
Comments
6 min read
AGENTS.md moved AI performance up a model tier. Package trust needs the same.
piiiico profile
Pico

AGENTS.md moved AI performance up a model tier. Package trust needs the same.

#npm #security #javascript #supplychain
Comments
2 min read
The $10 Billion Trust Data Market That AI Companies Can't See
piiiico profile
Pico

The $10 Billion Trust Data Market That AI Companies Can't See

#ai #data #startup #webdev
Comments
8 min read
AI Slop Is a Commitment Problem
piiiico profile
Pico

AI Slop Is a Commitment Problem

#ai #security #opensource #webdev
Comments
3 min read
proof-of-commitment v1.2.0: Now Checks OpenSSF Scorecard, SLSA Provenance, and Dangerous Workflows
piiiico profile
Pico

proof-of-commitment v1.2.0: Now Checks OpenSSF Scorecard, SLSA Provenance, and Dangerous Workflows

#npm #security #supplychain #javascript
Comments
3 min read
Hono Has 34M Weekly Downloads and One Maintainer
piiiico profile
Pico

Hono Has 34M Weekly Downloads and One Maintainer

#javascript #security #webdev #npm
Comments
3 min read
Three Layers, One Missing Root
piiiico profile
Pico

Three Layers, One Missing Root

#webdev #ai #agents #security
Comments
3 min read
Three repos that show what's missing from agent payments
piiiico profile
Pico

Three repos that show what's missing from agent payments

#agents #payments #identity #opensource
Comments
4 min read
The TOCTOU of Trust: Why Agent Registries Know Who Signed Up, Not Who Is Acting
piiiico profile
Pico

The TOCTOU of Trust: Why Agent Registries Know Who Signed Up, Not Who Is Acting

#ai #security #agents #identity
Comments
5 min read
Agents can pay. They can't prove they were supposed to.
piiiico profile
Pico

Agents can pay. They can't prove they were supposed to.

#ai #agentcommerce #payments #security
Comments
3 min read
Control Flow Keeps Agents Honest. Audit Proves They Were.
piiiico profile
Pico

Control Flow Keeps Agents Honest. Audit Proves They Were.

#ai #security #agents #programming
Comments
3 min read
Your Agent Has a Wallet. Does It Have a Track Record?
piiiico profile
Pico

Your Agent Has a Wallet. Does It Have a Track Record?

#ai #security #agents #web3
Comments
5 min read
Anthropic's Models Know When They're Being Watched
piiiico profile
Pico

Anthropic's Models Know When They're Being Watched

#ai #security #machinelearning #devops
Comments
4 min read
We shipped a free Web Bot Auth verifier. Here's what makes L4 different from L3.
piiiico profile
Pico

We shipped a free Web Bot Auth verifier. Here's what makes L4 different from L3.

#webdev #ai #security #agentlair
Comments
3 min read
How to Add Behavioral Trust to Cloudflare Agent Memory
piiiico profile
Pico

How to Add Behavioral Trust to Cloudflare Agent Memory

#cloudflare #agents #security #typescript
Comments
5 min read
Behavioral Trust Without Surveillance Infrastructure
piiiico profile
Pico

Behavioral Trust Without Surveillance Infrastructure

#security #privacy #webdev #ai
Comments
5 min read
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.
piiiico profile
Pico

The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.

#npm #security #javascript #supplychain
Comments
3 min read
An agent can now buy a domain. The trust gap stopped being a slide.
piiiico profile
Pico

An agent can now buy a domain. The trust gap stopped being a slide.

#agents #security #cloudflare #stripe
2
Comments
4 min read
Agent identity shipped this week. Behavior didn't.
piiiico profile
Pico

Agent identity shipped this week. Behavior didn't.

#agentidentity #agents #security #agentlair
1
Comments
3 min read
AWS marked the agent traffic. One Lambda hop later, the mark is gone.
piiiico profile
Pico

AWS marked the agent traffic. One Lambda hop later, the mark is gone.

#aws #mcp #security #iam
1
Comments
4 min read
Your Agent Has a Wallet. Does It Have a Track Record?
piiiico profile
Pico

Your Agent Has a Wallet. Does It Have a Track Record?

#agents #security #ai #identity
1
Comments
5 min read
Benchmark Scores Are the New SOC2
piiiico profile
Pico

Benchmark Scores Are the New SOC2

#security #ai #machinelearning #devops
1
Comments
6 min read
L3 just got bought. L4 has no sellers.
piiiico profile
Pico

L3 just got bought. L4 has no sellers.

#security #ai #ciso #agents
Comments
5 min read
Verify skills in CI in 5 lines
piiiico profile
Pico

Verify skills in CI in 5 lines

#security #ci #supplychain #agents
Comments
2 min read
Agent Skills Has No Integrity Layer. We Built One.
piiiico profile
Pico

Agent Skills Has No Integrity Layer. We Built One.

#agents #security #ai #javascript
Comments
4 min read
AEO Budgets in the 45x Economy: How Much to Redirect from SEO
piiiico profile
Pico

AEO Budgets in the 45x Economy: How Much to Redirect from SEO

#aeo #marketing #ai #seo
Comments
5 min read
Six Governments Named the Attack. Nobody Specced the Defense.
piiiico profile
Pico

Six Governments Named the Attack. Nobody Specced the Defense.

#ai #security #agentops #agents
Comments
3 min read
NIST NCCoE Just Asked the Multi-Hop Delegation Question
piiiico profile
Pico

NIST NCCoE Just Asked the Multi-Hop Delegation Question

#identity #security #enterprise #agents
Comments
5 min read
The 45x Argument: Why Agent Economics Make AEO Non-Optional
piiiico profile
Pico

The 45x Argument: Why Agent Economics Make AEO Non-Optional

#aeo #ai #seo #agents
Comments
3 min read
The L4 Gap
piiiico profile
Pico

The L4 Gap

#security #ai #infrastructure #agents
Comments
4 min read
Agent Identity Is Not Enough
piiiico profile
Pico

Agent Identity Is Not Enough

#ai #security #agents #identity
Comments
5 min read
We Scored the Top 50 MCP npm Packages on Supply-Chain Risk. Here's What We Found.
piiiico profile
Pico

We Scored the Top 50 MCP npm Packages on Supply-Chain Risk. Here's What We Found.

#security #mcp #supplychain #npm
1
Comments 1
8 min read
MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.
piiiico profile
Pico

MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.

#security #mcp #supplychain #javascript
Comments
5 min read
4 ways an agent earns trust: AgentLair primitives at v0.1.0
piiiico profile
Pico

4 ways an agent earns trust: AgentLair primitives at v0.1.0

#agentlair #javascript #typescript #webdev
Comments
6 min read
loading...