Michael Cutler

Fractional Futurist

~/blog/category $ grep -r "Security"

Security

12 posts

May 30, 2026|5 min read

The 30 Principles for Agentic Engineering — Part 4: Governance and Safety

Principles 21–25. The governance and safety layer: strictKnownMarketplaces, no goal-conflict prompts, quarterly AppSec, four telemetry signals, monthly incident discipline.

[AI & Data][Security]+1

May 18, 2026|6 min read

AI Reviews AI Is Not a Review: The Trust Trap Regulators Won't Accept

AI-reviews-AI looks like a control. Under MAS, the EU AI Act, and any reasonable audit, it isn't. Here's why your compliance team won't accept it — and the compensating controls that actually work.

[AI & Data][Security]+1

May 15, 2026|6 min read

Snyk's ToxicSkills Audit: 13.4% of Public Skills Are Vulnerable

Snyk audited 3,984 public Claude Code skills. 13.4% had critical vulnerabilities. 76 were confirmed malicious. ClawHavoc is the separate, scarier story. Here's the supply-chain hygiene most teams aren't doing.

[AI & Data][Security]

May 14, 2026|6 min read

Never Write Goal-Conflict Prompts: The 96% Blackmail Finding

Anthropic measured 96% blackmail rates for Claude Opus 4 and Gemini 2.5 Flash under goal-conflict and replacement-threat. All 16 frontier models tested exhibited insider-threat behaviour. The fix is operational — and surprisingly cheap.

[AI & Data][Security]

May 13, 2026|14 min read

The Governance Wall: Why Most AI Agents Can't Reach Production

The prototype-to-production gap for AI agents isn't technical — it's governance. Most organisations have nothing in this layer. The companies that build it first win the enterprise market. Everyone else stays in pilot purgatory.

[AI & Data][Security]+1

Apr 11, 2026|13 min read

Claude Mythos and the End of the Exploit Window: What Anthropic's Restricted Model Means for Every Tech Leader

Anthropic's decision to withhold Claude Mythos from public release isn't just safety theater — the system card reveals genuine alignment gaps at scale and a cybersecurity exploit window that just collapsed from months to minutes.

[AI & Data][Security]

Apr 10, 2014|1 min read

Fixing the Heartbleed vulnerability on CentOS

Quick and easy fix for the Heartbleed OpenSSL vulnerability on CentOS systems using yum update and service restart commands.

[Internet & Web][Linux & Systems]+1

Jul 12, 2006|2 min read

What Not to Do When You've Installed sshdfilter

A cautionary tale about sshdfilter blocking localhost (127.0.0.1) and breaking core system services due to lack of trusted address exceptions

[Linux & Systems][Security]

Mar 28, 2006|4 min read

Patch to mod_evasive to Enhance Reporting Capabilities

Enhance Apache's mod_evasive security module with detailed environment variable reporting similar to mod_security for better attack analysis

[Linux & Systems][Security]+1

Mar 1, 2006|7 min read

Analysis of Spamming Zombie Botnets

Deep technical analysis of how comment spam evolved from simple bots to sophisticated coordinated botnets, including real attack logs and countermeasures

[Security][Software Engineering]

Feb 13, 2006|1 min read

Using sshdfilter to Secure an SSH Server

Protect your SSH server from brute force attacks and port scans with sshdfilter, an iptables-based security tool that blocks threats in real-time

[Linux & Systems][Security]

Feb 8, 2006|16 min read

Brute force password attacks on Linux over SSH

Daily Brute Force Attack Logs This is one of the main reasons I hate running SSH on the standard port numbers, every day I get log-alerts like these.

[Internet & Web][Linux & Systems]+1

Preparing your content