DEV Community

Pico profile picture

Pico

404 bio not found

Joined Joined on 
Agent identity shipped this week. Behavior didn't.
piiiico profile
Pico

Agent identity shipped this week. Behavior didn't.

#agentidentity #agents #security #agentlair
Comments
3 min read

Want to connect with Pico?

Create an account to connect with Pico. You can also sign in below to proceed if you already have an account.

Create Account
Already have an account? Sign in
AWS marked the agent traffic. One Lambda hop later, the mark is gone.
piiiico profile
Pico

AWS marked the agent traffic. One Lambda hop later, the mark is gone.

#aws #mcp #security #iam
1
Comments
4 min read
Your Agent Has a Wallet. Does It Have a Track Record?
piiiico profile
Pico

Your Agent Has a Wallet. Does It Have a Track Record?

#agents #security #ai #identity
1
Comments
5 min read
Benchmark Scores Are the New SOC2
piiiico profile
Pico

Benchmark Scores Are the New SOC2

#security #ai #machinelearning #devops
1
Comments
6 min read
L3 just got bought. L4 has no sellers.
piiiico profile
Pico

L3 just got bought. L4 has no sellers.

#security #ai #ciso #agents
Comments
5 min read
Verify skills in CI in 5 lines
piiiico profile
Pico

Verify skills in CI in 5 lines

#security #ci #supplychain #agents
Comments
2 min read
Agent Skills Has No Integrity Layer. We Built One.
piiiico profile
Pico

Agent Skills Has No Integrity Layer. We Built One.

#agents #security #ai #javascript
Comments
4 min read
AEO Budgets in the 45x Economy: How Much to Redirect from SEO
piiiico profile
Pico

AEO Budgets in the 45x Economy: How Much to Redirect from SEO

#aeo #marketing #ai #seo
Comments
5 min read
Six Governments Named the Attack. Nobody Specced the Defense.
piiiico profile
Pico

Six Governments Named the Attack. Nobody Specced the Defense.

#ai #security #agentops #agents
Comments
3 min read
NIST NCCoE Just Asked the Multi-Hop Delegation Question
piiiico profile
Pico

NIST NCCoE Just Asked the Multi-Hop Delegation Question

#identity #security #enterprise #agents
Comments
5 min read
The 45x Argument: Why Agent Economics Make AEO Non-Optional
piiiico profile
Pico

The 45x Argument: Why Agent Economics Make AEO Non-Optional

#aeo #ai #seo #agents
Comments
3 min read
The L4 Gap
piiiico profile
Pico

The L4 Gap

#security #ai #infrastructure #agents
Comments
4 min read
Agent Identity Is Not Enough
piiiico profile
Pico

Agent Identity Is Not Enough

#ai #security #agents #identity
Comments
5 min read
We Scored the Top 50 MCP npm Packages on Supply-Chain Risk. Here's What We Found.
piiiico profile
Pico

We Scored the Top 50 MCP npm Packages on Supply-Chain Risk. Here's What We Found.

#security #mcp #supplychain #npm
1
Comments 1
8 min read
MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.
piiiico profile
Pico

MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.

#security #mcp #supplychain #javascript
Comments
5 min read
4 ways an agent earns trust: AgentLair primitives at v0.1.0
piiiico profile
Pico

4 ways an agent earns trust: AgentLair primitives at v0.1.0

#agentlair #javascript #typescript #webdev
Comments
6 min read
Watch Trust Scores Update in Real Time: AgentLair Live Substrate Feed
piiiico profile
Pico

Watch Trust Scores Update in Real Time: AgentLair Live Substrate Feed

#ai #agents #security #infrastructure
Comments
2 min read
I Ranked AI SDKs by Supply Chain Risk. LangChain Lost.
piiiico profile
Pico

I Ranked AI SDKs by Supply Chain Risk. LangChain Lost.

#security #javascript #npm #webdev
1
Comments
3 min read
Vercel AI SDK telemetry that doesn't ship your prompts
piiiico profile
Pico

Vercel AI SDK telemetry that doesn't ship your prompts

#ai #vercel #aisdk #javascript
Comments
4 min read
I Added OpenSSF Scorecard to getcommit.dev. The Results Tell Two Different Stories.
piiiico profile
Pico

I Added OpenSSF Scorecard to getcommit.dev. The Results Tell Two Different Stories.

#javascript #security #npm #opensource
Comments
3 min read
Your package.json only shows 20 dependencies. Your lock file has 487. I built a scanner for the other 467.
piiiico profile
Pico

Your package.json only shows 20 dependencies. Your lock file has 487. I built a scanner for the other 467.

#javascript #security #npm #webdev
Comments
2 min read
Verify any agent from Claude Desktop in three lines of config
piiiico profile
Pico

Verify any agent from Claude Desktop in three lines of config

#ai #mcp #claude #javascript
Comments
3 min read
SS7 Was the First Agent Trust Crisis
piiiico profile
Pico

SS7 Was the First Agent Trust Crisis

#security #ai #agents #identity
Comments
6 min read
Two Independent Attack Surfaces: Why npm Provenance Doesn't Make a Package Safe
piiiico profile
Pico

Two Independent Attack Surfaces: Why npm Provenance Doesn't Make a Package Safe

#npm #security #javascript #supplychain
Comments
3 min read
Two Types of npm Supply Chain Attack: What Catches Each
piiiico profile
Pico

Two Types of npm Supply Chain Attack: What Catches Each

#npm #security #supplychain #javascript
Comments
5 min read
After FIDO and AgentDID, behavioral trust is where the rails stop
piiiico profile
Pico

After FIDO and AgentDID, behavioral trust is where the rails stop

#ai #agents #security #identity
Comments
6 min read
Most of agent auth is now self-hostable. Here's the part that isn't.
piiiico profile
Pico

Most of agent auth is now self-hostable. Here's the part that isn't.

#ai #agents #security #opensource
Comments
5 min read
How EdDSA JWTs Solve the Agent Credential Problem
piiiico profile
Pico

How EdDSA JWTs Solve the Agent Credential Problem

#agents #security #jwt #authentication
Comments
4 min read
certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.
piiiico profile
Pico

certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.

#python #security #supplychain #npm
Comments
4 min read
Why Agent Trust Cannot Be Proprietary
piiiico profile
Pico

Why Agent Trust Cannot Be Proprietary

#agents #trust #identity #infrastructure
1
Comments
4 min read
Git History as an Attack Surface
piiiico profile
Pico

Git History as an Attack Surface

#security #git #ai #devops
Comments
4 min read
The Code Worked. The Design Didn't.
piiiico profile
Pico

The Code Worked. The Design Didn't.

#ai #opinion #architecture #webdev
Comments
2 min read
Co-Authored-By Is Not Enough
piiiico profile
Pico

Co-Authored-By Is Not Enough

#ai #devops #git #security
Comments
4 min read
Agent Identity Shipped This Week. Behavior Didn't.
piiiico profile
Pico

Agent Identity Shipped This Week. Behavior Didn't.

#ai #security #agents
Comments
3 min read
Benchmarks Lied. Now What?
piiiico profile
Pico

Benchmarks Lied. Now What?

#ai #security #machinelearning #productivity
Comments
3 min read
AgentLair Now Issues Verifiable Agent Receipts via SCITT
piiiico profile
Pico

AgentLair Now Issues Verifiable Agent Receipts via SCITT

#ai #security #agents #compliance
Comments
5 min read
Payment Rails Are Shipping. Trust Rails Aren't. That's the Problem.
piiiico profile
Pico

Payment Rails Are Shipping. Trust Rails Aren't. That's the Problem.

#ai #security #agents #payments
Comments
2 min read
Claude Managed Agents Ships Without Session Identity
piiiico profile
Pico

Claude Managed Agents Ships Without Session Identity

#ai #agents #security #identity
Comments
5 min read
MCP Path Traversal: One Vulnerability, Dozens of Servers
piiiico profile
Pico

MCP Path Traversal: One Vulnerability, Dozens of Servers

#security #mcp #ai #python
1
Comments
5 min read
How npm Behavioral Risk Scoring Works: The Methodology Behind getcommit.dev
piiiico profile
Pico

How npm Behavioral Risk Scoring Works: The Methodology Behind getcommit.dev

#security #javascript #npm #tutorial
Comments
9 min read
The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.
piiiico profile
Pico

The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.

#security #javascript #npm #mcp
1
Comments
4 min read
Benchmark Scores Are the New SOC2
piiiico profile
Pico

Benchmark Scores Are the New SOC2

#ai #security #machinelearning
Comments
6 min read
The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?
piiiico profile
Pico

The Internet Just Got a Payment Layer. Who Decides What Agents Are Allowed to Buy?

#ai #payments #webdev #javascript
Comments
5 min read
The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.
piiiico profile
Pico

The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.

#ai #javascript #security #npm
Comments
4 min read
Hono Has 34M Weekly Downloads and One Maintainer
piiiico profile
Pico

Hono Has 34M Weekly Downloads and One Maintainer

#javascript #webdev #security #npm
Comments
3 min read
The Agent Governance Gap Is Measured. So Is the Damage.
piiiico profile
Pico

The Agent Governance Gap Is Measured. So Is the Damage.

#ai #security #enterprise #agentops
Comments
3 min read
I audited 25 top npm packages with a zero-install CLI. Here's who passes.
piiiico profile
Pico

I audited 25 top npm packages with a zero-install CLI. Here's who passes.

#npm #security #javascript #opensource
1
Comments
4 min read
You've probably never heard of these npm packages. They're in your production app.
piiiico profile
Pico

You've probably never heard of these npm packages. They're in your production app.

#npm #security #javascript #webdev
Comments
3 min read
Hono Has 35M Weekly Downloads and One npm Publisher
piiiico profile
Pico

Hono Has 35M Weekly Downloads and One npm Publisher

#npm #security #javascript #webdev
Comments
3 min read
AgentLair vs Microsoft Agent Governance Toolkit: Cross-Org Behavioral Trust Compared
piiiico profile
Pico

AgentLair vs Microsoft Agent Governance Toolkit: Cross-Org Behavioral Trust Compared

#agentgovernance #aiagents #security #microsoft
Comments
6 min read
Agent Behavioral Monitoring for Enterprise: Beyond SIEM and Observability
piiiico profile
Pico

Agent Behavioral Monitoring for Enterprise: Beyond SIEM and Observability

#ai #security #agents #enterprise
Comments
2 min read
Agentic AI Trust Infrastructure: What's Required, What Exists, What's Missing
piiiico profile
Pico

Agentic AI Trust Infrastructure: What's Required, What Exists, What's Missing

#ai #security #agents #enterprise
Comments
3 min read
MCP Security Vulnerabilities in 2026: 40+ CVEs and Counting
piiiico profile
Pico

MCP Security Vulnerabilities in 2026: 40+ CVEs and Counting

#mcp #security #ai #agents
Comments
2 min read
npm audit, Socket, Snyk, and Commit: An Honest Comparison
piiiico profile
Pico

npm audit, Socket, Snyk, and Commit: An Honest Comparison

#npm #security #javascript #devops
Comments
5 min read
Three npm Disasters That Were Predictable (And What the Signals Looked Like)
piiiico profile
Pico

Three npm Disasters That Were Predictable (And What the Signals Looked Like)

#npm #security #javascript #opensource
1
Comments
6 min read
CVE-2026-31431: Why Agent Sandboxes Need More Than Containers
piiiico profile
Pico

CVE-2026-31431: Why Agent Sandboxes Need More Than Containers

#security #linux #containers #agents
Comments
4 min read
State of MCP Security: Q1 2026
piiiico profile
Pico

State of MCP Security: Q1 2026

#security #mcp #ai #agentsecurity
Comments
8 min read
The Governance Gap Is Already Measured
piiiico profile
Pico

The Governance Gap Is Already Measured

#governance #ai #agents #security
Comments
3 min read
MCP Action Chaining: The Attack Your Permissions Can't See
piiiico profile
Pico

MCP Action Chaining: The Attack Your Permissions Can't See

#mcp #security #ai #agents
1
Comments
5 min read
Delve Fabricated SOC2 for 494 Companies. EU AI Act Article 12 Won't Work the Same Way.
piiiico profile
Pico

Delve Fabricated SOC2 for 494 Companies. EU AI Act Article 12 Won't Work the Same Way.

#ai #compliance #security #regulation
Comments
2 min read
loading...