May 29, 20265 min read
Evidence quality is the real security signal
Security findings only create momentum when evidence is reproducible, scoped, understandable, and easy to retest after a fix lands.
NullSquare blog
Field notes for continuous offensive security.
Practical writing on AI-assisted assessments, release gates, attack surface coverage, evidence, and the operating habits that keep security testing useful after the report lands.
June 20, 20266 min read
The Fable ban is really a scope-control warning
Anthropic Fable 5 showed the hard truth of frontier AI safety: stronger coding and bug-finding models are also stronger cyber systems.
Read articleLatest articles
Research notes, implementation lessons, and security program guidance.
May 8, 20265 min read
Private runners make internal testing practical
Internal security testing needs local reach, strict authorization, and evidence handling that works without exposing private networks.
April 18, 20266 min read
The annual pentest myth breaks in the glass-door era
When AI agents can attack and defend continuously, companies need living security evidence instead of one annual pentest report.
March 21, 20266 min read
Prompt injection testing has to leave the chat box
AI security testing works best when prompt injection is tested across documents, tools, memory, permissions, and real workflow boundaries.
February 27, 20266 min read
AI security testing works best when it becomes a release gate
A practical model for using AI-assisted security testing before release without slowing engineering teams down.
January 15, 20265 min read
Continuous AI security testing needs a tighter feedback loop
How AI-assisted offensive testing turns one-off assessments into a repeatable operating rhythm for security teams.