If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

Happy Trans Day of Visibility to everyone who deserves a glamorous spotlight for embracing a better future for themselves 🕯️

and separately, happy abadidea day of visibility to me (it’s my birthday)(and to everyone’s perpetual confusion, I’m not trans) 🎂

Matin / Morning 👋

#matin #caféAnimé #monday #lundi

The monetary waste aside, and assuming companies using leaderboards and bonus incentives for token use haven't ever heard (!) of Goodhart's Law, the obliviousness to the environmental impact resulting from "tokenmaxxing" is just obscene.

Encouraging and rewarding employees to do maximum environmental damage is positively evil and journalists should call this out in their coverage every single time.

https://www.nytimes.com/2026/03/20/technology/tokenmaxxing-ai-agents.html

Supply chain attacks on AI integrations doubled in 2026 because attackers discovered something developers overlooked: every third-party tool an agent calls is a trust boundary with no monitoring.

You audit your code. Do you audit what your agent does at runtime?

#AIAgents #SupplyChain #Security #InfoSec