Latest

When applications interact with LLMs or MCP servers, every request and response is a potential attack surface. One way to add protection is to put a proxy at the edge, where you can inspect traffic and enforce security rules. Just as firewalls and WAFs shield web apps from SQL injection or XSS, a proxy can serve as an "AI firewall" to defend against risks like those in the OWASP Top 10 for LLMs. In this article, I will walk through how to build such a firewall using Nginx, OpenResty, and Lua.

Earlier this month, attackers compromised a popular npm maintainer via a phishing attack, then published malicious versions of 18 widely-used packages (including debug) that together have over 2 billion weekly downloads. These packages injected browser-side malware that intercepted cryptocurrency transactions, replacing wallet addresses with attacker-controlled ones using visually similar strings to evade detection. This was a supply chain attack with no CVE assigned at the time, meaning regular SCA scanners, which rely on published CVEs, could not detect it. In this post, I will explore an alternative approach of scanning for behavioral patterns and heuristics using small language models.

If you are writing conventional web interfaces, it will be a good idea to take a pause and rethink your strategy. Instead of coding static UI for every workflow, what if we could generate UI on demand, directly from a users prompt? In this post, I explore the idea of intent-driven user interfaces that leverage AI to determine user intent and generate dynamic UIs on the fly.

If you are exposing AI-enabled capabilities in your product and supporting external integrations, there is a good chance you will implement an MCP (Model Context Protocol) server to handle tool calls from LLMs. When you do, you will need to manage authentication, input validation, multi-tenant isolation, and more. Instead of starting from scratch, I have put together a starter-kit that gives you all this out of the box: JWT-based tenant authentication, input validation, per-function metadata, cloud-native & container-ready with Docker, and standard endpoints as per the MCP spec.

A custom web application firewall (WAF) can help protect your web application from various threats like SQL injection, cross-site scripting (XSS), etc. If you ship software to customers or even if you host your services in the cloud but want more control, agility and/or simplicity, a custom WAF can help. In this article, I will show you how to build a custom WAF using OpenResty, a powerful web platform based on Nginx and Lua.