This month the link dump continues to evolve: breaking out a few article length posts and then various links and quick thoughts to share. As always this is all quick takes so please read with a grain of salt and I’m happy to get criticism where needed.
[Read More]May 2026 Link dump
- The real AI; Is AI profitable?; Very Important Words the Tech Industry Ruined
- System modeling
- Guardrails?
- Anthropic sandboxing
- What’s a Virus?
- Threat model or triage guideline?
- Big Tech priorities
The real AI Seth Godin, based on Woz’s definition of “AI” (spoiler: Actual Intelligence).
[Read More]April 2026 Link dump
- Anthropic Mythos: security superpowers?
- Threat model scope matters
- Anyone ready for quantum break in 2029?
- Trains with 5G windows and noise-cancelling cabins: only in Japan
- The NAND gate of continuous mathematics: all elementary functions from one operator
Anthropic holding back Mythos because they claim it has extraordinary powers to discover security flaws (whether the claims hold up or not) was a master marketing/PR move. It instantly made a big splash, generated great demand, and as a side effect it at least made the software security community wonder, “what if it’s true?” Naturally, there are all kinds of opinions, rebuttals, and reactions.
[Read More]March 2026 Link dump
- Google security methodology compendium
- Threat modeling
- Are attacks the only threat?
- Why is threat modeling ignored?
- Miscellaneous
- e16n next Stage 4
Google is sharing a lot of their impressive security methodology in a recent collection of articles: How Google Does It: An inside look at cybersecurity. Of special interest to me: Threat modeling, from basics to AI.
[Read More]February 2026 Link dump
- On “the end of security bugs”
- STRIPPED
- Incident response threat modeling?
- Using CSS and PDF as emulators running code
Claude Code Security has people predicting the end of security bugs as we know them I can’t imagine anything in the forseeable future doing that because all software has bugs, and vulnerabilities are by definition a subset of all the bugs (in a properly designed system). Bug-free code seems computationally infeasible for large systems, if only for the amount of testing required to confirm there are no bugs. What am I missing, or is it AI hype?
[Read More]January 2026 Link dump
- on “Bitlocker, the FBI, and Risk”
- threat models to address hacklore
- software bloat
- software update release quality