Liran Tal is an AI security researcher and Node.js security expert focusing on securing agentic AI workflows, MCP, and software supply chains through research, education, and open-source work.
222 articles from this blog
Explores how coding agents boost productivity but require strong technical skills to use effectively, debunking the myth that AI replaces developers.
Explores whether prompt injection in AI systems is an unsolvable structural problem or just an unfixed vulnerability.
Introduces APM, an npm-inspired Agent Package Manager from Microsoft for managing AI agent dependencies like skills and MCP servers.
Guide on validating Fastify configuration using @fastify/env, dotenv, and env-schema for type-safe environment variables.
Explains Cursor agent hooks for running lint and build checks after each AI coding turn, enabling self-healing loops.
Analysis of structural failure modes when using LLMs as security scanners in agentic workflows, with measurement ideas and evidence.
Analysis of flaky Jest tests caused by wall-clock assertions on timer behavior, with solutions using fake timers.
Guide to building a benchmarking framework for AI coding agents using Claude's Agent SDK, focusing on security tasks.
Exploring agentic growthhacking tactics using AI bots to automate lead scoring, sales alerts, and sourcing user pain points on social media.
A technical guide for implementing secure direct browser uploads/downloads to Cloudflare R2 using pre-signed URLs generated by a Hono.js API on Cloudflare Workers.
A guide to implementing secure file uploads using Cloudflare R2 storage and the Hono framework, focusing on pre-signed URLs.
Explains the Model Context Protocol (MCP) by drawing parallels to RESTful HTTP architecture, using a travel planner server example.
A framework for evaluating security threats and risks in Model Context Protocol (MCP) implementations, based on recent incidents.
Analysis of a security attack exploiting toxic flows in the Model Context Protocol (MCP) to target Cursor IDE users via Jira tickets.
Explores the emerging security research landscape around the Model Context Protocol (MCP), a new standard for AI model communication.
Introduces agent-rules, an open-source CLI tool that standardizes security and coding rules across AI coding assistants like GitHub Copilot and Cursor.
A guide to building an AI-powered system using the Mastra AI framework to automate and streamline the evaluation of conference Call for Papers (CFP) submissions.
A tutorial on parsing command-line arguments in Node.js using the built-in util.parseArgs API, with examples from a real CLI project.
A developer's cautionary tale about command injection vulnerabilities in AI coding assistants using MCP servers, highlighting real-world security risks.
The ls-mcp tool update adds a security feature to detect and assess the risk of credentials stored in environment variables within MCP server configurations.
