Liran Tal is an AI security researcher and Node.js security expert focusing on securing agentic AI workflows, MCP, and software supply chains through research, education, and open-source work.
213 articles from this blog
A technical guide for implementing secure direct browser uploads/downloads to Cloudflare R2 using pre-signed URLs generated by a Hono.js API on Cloudflare Workers.
A guide to implementing secure file uploads using Cloudflare R2 storage and the Hono framework, focusing on pre-signed URLs.
Explains the Model Context Protocol (MCP) by drawing parallels to RESTful HTTP architecture, using a travel planner server example.
A framework for evaluating security threats and risks in Model Context Protocol (MCP) implementations, based on recent incidents.
Analysis of a security attack exploiting toxic flows in the Model Context Protocol (MCP) to target Cursor IDE users via Jira tickets.
Explores the emerging security research landscape around the Model Context Protocol (MCP), a new standard for AI model communication.
Introduces agent-rules, an open-source CLI tool that standardizes security and coding rules across AI coding assistants like GitHub Copilot and Cursor.
A guide to building an AI-powered system using the Mastra AI framework to automate and streamline the evaluation of conference Call for Papers (CFP) submissions.
A tutorial on parsing command-line arguments in Node.js using the built-in util.parseArgs API, with examples from a real CLI project.
A developer's cautionary tale about command injection vulnerabilities in AI coding assistants using MCP servers, highlighting real-world security risks.
The ls-mcp tool update adds a security feature to detect and assess the risk of credentials stored in environment variables within MCP server configurations.
A tutorial on training a neural network in JavaScript to solve ASCII mazes using the brain.js library.
Qodo AI's new Package Health Reviewer uses Snyk Advisor to automate security and maintenance checks for open-source dependencies in CI/CD pipelines.
A tutorial on using Python, Ultralytics YOLO, and Supervision for computer vision tasks like object detection and image annotation.
A guide to securely loading and managing Google Cloud Storage service account credentials in Node.js applications, covering JSON files, environment variables, and direct specification.
A proposed security evaluation framework for Model Context Protocol (MCP) servers, focusing on configuration and implementation risks for developers.
A guide for Developer Relations (DevRel) professionals on creating engaging, value-driven content and measuring KPIs for effective go-to-market tactics on X/Twitter.
Explores how zero-trust environments like defense and finance can securely adopt AI using local-first agents and semi-autonomous workflows.
Explores key traits of AI-native products designed for efficient consumption by AI agents, focusing on context optimization and tool execution.
Explores five key pillars for optimizing AI-powered agentic coding workflows, including system instructions and spec-driven development.
