WebAuthn Under the Hood and Where Passkeys Still Fall Short
A technical breakdown of WebAuthn registration and authentication flows, plus a practical look at where passkeys do not solve every security problem.
2026-02-20T00:00:00.000Z • 12 min read
Blog
Notes on security, AI, and whatever I'm currently overthinking.
Authentication for Humans Why Passkeys Finally Make Sense
Why passkeys are the first meaningful redesign of authentication in decades. A practical, security-first look at phishing resistance, WebAuthn, and enterprise reality.
2026-02-16T00:00:00.000Z • 10 min read
Zero Trust in a SaaS and AI World Part 2 | Enforcing Security at the Browser Layer
Practical controls for enforcing Zero Trust in SaaS and AI environments including in-browser DLP, OAuth governance, and session telemetry.
2026-02-14T00:00:00.000Z • 6 min read
Zero Trust in a SaaS and AI World Part 1 | The Browser Is the Enterprise Perimeter
Most modern SaaS and AI breaches begin in the browser. Token theft, OAuth abuse, and generative AI workflows have shifted the Zero Trust perimeter.
2026-02-13T00:00:00.000Z • 6 min read
Secure by Design for CLI AI Coding Agents
How to securely run GitHub Copilot CLI and Claude Code on developer machines. Prevent prompt injection, repository poisoning, and over-scoped tokens using deterministic controls.
2026-02-12T00:00:00.000Z • 8 min read