Latest

Weight loss plateaus are a common problem for those trying to lose weight. This post explains the fundamentals of weight loss and how to fix plateaus.

Lately, I have been working on a high-throughput API where most reads are served from Redis. Redis is already fast, but my goal was to understand how low I could push **p99 latency**, and more importantly, how stable I could make the tail. This post is about end-to-end p99 tuning for a Redis-backed API. Some optimizations target Redis directly. Others target the client, request shape, and network behavior. While I use Redis here, these optimizations targeting the network stack, request shape, and client-side caching apply to almost any distributed system.

The most complex risks in the 2026 OWASP list are not about a single bad action, but about how agents exist over time, interact with each other, and propagate behavior across systems. Unchecked blast radius occurs when **probabilistic agent behavior becomes persistent, trusted, and shared across systems**. This post continues from my previous two pieces on [Loss of Intent as a Failure Mode in OWASP Agentic AI Risks](/blog/loss-of-intent-as-a-failure-mode-in-owasp-agentic-ai-risks-2026) (Part 1) and [Identity and Execution Risks in Agentic AI – The Capability Gap](/blog/identity-and-execution-risks-in-agentic-ai-the-capability-gap-owasp-2026) (Part 2) and is the final part of the series.

When moving from intent to execution, the security model for Agentic AI shifts from intent interpretation to traditional systems hardening. Once an LLM can invoke tools and assume identities, the capabilities we grant an agent become the primary attack surface. This post continues from my first piece on [Loss of Intent as a Failure Mode in OWASP's Agentic AI Risks](/blog/loss-of-intent-as-a-failure-mode-in-owasp-agentic-ai-risks-2026). Here, I focus on the second bucket in the [OWASP Top 10 for Agentic Applications 2026](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/): agents with too much power.

OWASP recently released the Top 10 Vulnerabilities for Agentic Applications (2026). One thing is clear that the agentic systems fail differently than traditional applications or simple LLM integrations. The failure mode is not bad output, but the system taking a valid action for the wrong reason. In this post, I break down three OWASP vulnerabilities that stem from loss of intent, explain how they show up in real systems, and outline some mitigations.