Part 1 explained how we have to bound behavior instead of asserting exact outputs. This post maps where to place those boundaries. AI systems expose attack surfaces at three runtime checkpoints (i.e., input, processing and output) and the checks differ by system type (classical ML, LLM-based, or hybrid).
Category: Application Security
Securing AI systems without overconfidence or fear โ Part 1: Why the pentesting playbook doesn’t fit: belief, assumptions, and non-determinism
This is the first of five posts on testing AI systems securely. If you've shipped or evaluated AI in production, you've probably felt it: the test suite passes, coverage looks good, and something still nags. *What are we actually validating?* That gap is what this series addresses.
Rootless Containers with Podman
In modern digital infrastructure, containerization has become one of the most significant technologies, offering automation, portability, and resilience of services across cloud and on-premises environments. Containers can simplify backup processes and enhance upgrade safety while significantly reducing recovery times following system incidents or failed updates.This article provides an overview of the container technology and focuses … Continue reading Rootless Containers with Podman
OWASP Top 10 2025 – A Pentester’s Perspective
Every three to four years, OWASP releases a new version of arguably its most famous project, the โOWASP Top Tenโ. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few … Continue reading OWASP Top 10 2025 – A Pentester’s Perspective
Patching Android ARM64 library initializers for easy Frida instrumentation and debugging
Intro During both mobile security and mobile resiliency assessments, you often end up instrumenting the application to analyze its internals. By using either Frida or a classical debugger, we can gain valuable insight into the data flows and also modify some data on the fly to make the application behave the way we want it … Continue reading Patching Android ARM64 library initializers for easy Frida instrumentation and debugging
Stop Hardcoding Passwords
A Deep Dive into CyberArkโs Central CredentialProvider (CCP) Introduction Hardcoded credentials are still among the most critical and overlooked security flaws in modern software development. From leaked Git repos to reverse-engineered binaries, static passwords are easy targets. They also make rotation and access control almost impossible. Enter CyberArkโs Central Credential Provider (CCP): a secure, centralized … Continue reading Stop Hardcoding Passwords





