NullSquare blog

NullSquare blog https://nullsquare.net/blog/ Field notes from NullSquare on AI security testing and security operations. en Sat, 20 Jun 2026 00:00:00 GMT The Fable ban is really a scope-control warning https://nullsquare.net/blog/anthropic-fable-ban-prompt-injection-scope/ https://nullsquare.net/blog/anthropic-fable-ban-prompt-injection-scope/ Anthropic Fable 5 showed the hard truth of frontier AI safety: stronger coding and bug-finding models are also stronger cyber systems. Sat, 20 Jun 2026 00:00:00 GMT Evidence quality is the real security signal https://nullsquare.net/blog/evidence-quality-security-findings/ https://nullsquare.net/blog/evidence-quality-security-findings/ Security findings only create momentum when evidence is reproducible, scoped, understandable, and easy to retest after a fix lands. Fri, 29 May 2026 00:00:00 GMT Private runners make internal testing practical https://nullsquare.net/blog/private-runners-internal-security-testing/ https://nullsquare.net/blog/private-runners-internal-security-testing/ Internal security testing needs local reach, strict authorization, and evidence handling that works without exposing private networks. Fri, 08 May 2026 00:00:00 GMT The annual pentest myth breaks in the glass-door era https://nullsquare.net/blog/ai-agents-hacker-defender-continuous-security/ https://nullsquare.net/blog/ai-agents-hacker-defender-continuous-security/ When AI agents can attack and defend continuously, companies need living security evidence instead of one annual pentest report. Sat, 18 Apr 2026 00:00:00 GMT Prompt injection testing has to leave the chat box https://nullsquare.net/blog/prompt-injection-testing-real-workflows/ https://nullsquare.net/blog/prompt-injection-testing-real-workflows/ AI security testing works best when prompt injection is tested across documents, tools, memory, permissions, and real workflow boundaries. Sat, 21 Mar 2026 00:00:00 GMT AI security testing works best when it becomes a release gate https://nullsquare.net/blog/ai-security-release-gates/ https://nullsquare.net/blog/ai-security-release-gates/ A practical model for using AI-assisted security testing before release without slowing engineering teams down. Fri, 27 Feb 2026 00:00:00 GMT Continuous AI security testing needs a tighter feedback loop https://nullsquare.net/blog/continuous-ai-security-testing/ https://nullsquare.net/blog/continuous-ai-security-testing/ How AI-assisted offensive testing turns one-off assessments into a repeatable operating rhythm for security teams. Thu, 15 Jan 2026 00:00:00 GMT