AI coding agents : Claude Code, Codex, Copilot and their kin are changing how software gets built. Faster. Smarter. More autonomous. And that's exactly what keeps me up at night.

I’ve been playing with these agents for a bit, you can see some of the code that me and AI have authored together (Github link in the comments) - PRs are welcome!

Our adoption is outpacing our ability to secure things. Three open research problems explain why:

1. Detection is broken.
When an LLM agent runs on your developer's endpoint, what is it actually doing? Bypassing a control because it's buggy? Being "enterprising"? Or is that just a bad actor on your network? We lack the telemetry, the baselines, and the tooling to answer that question at scale. There is more noise than signal, your detection and response team isn't sleeping.

2. More code ≠ good code.
Multi-thousand-line PRs are trivial to generate. But are they correct? We abandoned KLOCs as a productivity metric in the 90s for good reason. As agent generated code volumes grow, human PR review won't scale. We need to find better ways of maintaining our invariants.

3. The supply chain problem just got recursive.
We spent years hardening software supply chains. Now we're injecting code from models trained on data we don't fully understand, via pipelines we don't fully control, into systems we absolutely must protect. And if the bad guys compromise your AI provider? Are they surveilling training data, or intentionally shaping outputs?

So I'll ask what most vendors aren't:

How are you monitoring what your AI agents do on developer endpoints and separating signal from noise?

How would you know if an agent made an "enterprising" decision that introduced a vulnerability?

How do you secure your LLM supply chain, and what will you do when they're compromised?

I don't have all the answers. And to any vendor about to drop a "turnkey solution" in my comments, I assure you: neither do you. Fair warning ahead of RSAC, sorry I won't be there.

So, keep your eyes peeled, because:

"Sleep is the cousin of death."

— Nas, Chief AI Vigilance Officer, Queensbridge (Illmatic, 1994)

Maryam. Shaunda. Fulgence. Nikoloz. 🎉 Sabrina and I started the @skscholarship because this field needs more people like you. So proud. Go build something the world needs.

More here:
https://www.linkedin.com/posts/nyutandonmade-share-7436765476770385920-RNtM

Cybersecurity loves talking about pipeline problems. Scholarships are what fixing one looks like.

Sabrina and I started the @skscholarship to help underrepresented people get a fair shot.

Spring 2026 scholars are up next.

#IWD2026

"Life's most persistent and urgent question is, 'What are you doing for others?"

-- Dr. Martin Luther King Jr.

On January 15, 2026 @Wikipedia celebrated its 25th anniversary. While the Web itself has gone through good, bad, and ugly, Wikipedia stands out as one of the best things to come out of the information age.

I've had the privilege of being around to see the World Wide Web grow up. I've been even more honored to contribute to a couple of its load-bearing parts.

It's hard to think of an effort that embodies the original vision of the Web, a place to democratize knowledge, better than Wikipedia.

With over 60 million articles across 300+ languages, the @wikimediafoundation remains a non-profit built on volunteer contributions and Editor donations of articles and quality control.

In an era where so much of the internet has been captured by engagement algorithms and walled gardens, Wikipedia is a reminder of what we set out to build in the first place.

Happy birthday, Wikipedia and thank you to all the Editors. I hope I'll be around to see your 50th and beyond!

Celebrate this momentus occasion by attending a local meet up :

https://wikimediafoundation.org/wikipedia25/wikipedia-mascot/

#wikipedia