Build a thing, then try to take it apart. I poke at my agent until it slips, work out why, fix it in the code, and ship it. Then I check the finding against what the field has found and analyze when a defense holds by accident. My goal is to learn what makes agentic systems great and what makes them not.

The OWASP Agentic Top 10 has been a good reference for inspiring different categories of attacking the agent. Each writeup below takes one of those failure modes on the real agent I ship, reviews the result and ends in a fix in the code.

The map below is built from the writeups themselves. Time runs left to right, so the further right a post sits, the more recently I got to it. Hover a line to look a specific category and then you can click on posts to view them in detail.