Our 20,000 Eyes and Hands
Here’s a different way to think about the change coming to the workforce and economy from AI. Imagine everyone in the world has 10,000 brains,…
Category: Mix
The Two Primary Limitations to Our Creativity
Two types of creative barriers that limit our potential I think there are two primary ways we limit our own creativity. What I’ll call Type…
Who’s Not Getting Laid Off?
Who’s not being laid off? That’s my question. I’m thinking about all these layoffs and trying to figure out if there’s anything we can learn…
The Third Limitation to Creativity
I just wrote a new piece about the two primary limitations to creativity. You should check it out. But after finishing it I realized there…
MCPs are just other people’s prompts and other people’s APIs
I’ve been thinking about Model Context Protocols (MCPs) for months, and here’s the simplest way to explain what they actually are: MCPs are other people’s…
MCPs are just other people’s prompts and other people’s APIs
The Simple Truth About MCPs I’ve been thinking about Model Context Protocols (MCPs) for months, and here’s the simplest way to explain what they actually…
Exploiting API4 — 8 Real-World Unrestricted Resource Consumption Attack Scenarios (and How to Stop Them) — API Security
Unrestricted Resource Consumption (API4:2023) is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service (DoS) and resource…
![[tl;dr sec] #293 - MCP Security, AWS Enumeration, North Korean Hacker's Files Leaked](https://image.cybernoz.com/wp-content/uploads/2025/08/tldr-sec-293-MCP-Security-AWS-Enumeration-North-Korean.png)
[tl;dr sec] #293 – MCP Security, AWS Enumeration, North Korean Hacker’s Files Leaked
Rage-fueled Rewrite Monday morning I discovered that some tl;dr sec automation I’d built in Zapier randomly stopped working, despite me not touching it for months.…
Protecting Your AI-Powered Infrastructure — API Security
With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language…
AI Models Are Not Safety-Tuned for Kids · Joseph Thacker
It hit me like a lightning bolt during a casual conversation about AI safety: we’re tuning these models for adults, but kids are using them…
The Quest for the Shortest Domain · Joseph Thacker
In the world of bug bounty hunting, having a short domain for XSS payloads can be the difference in exploiting a bug or not… and…
The Third Limitation to Creativity
The moment when you realize what was previously impossible is now trivial I just wrote a new piece about the two primary limitations to creativity.…