Liran Tal is an AI security researcher and Node.js security expert focusing on securing agentic AI workflows, MCP, and software supply chains through research, education, and open-source work.
213 articles from this blog
Explores the evolution from AI-augmented IDEs to Agentic Development Environments (ADEs) and the future of autonomous AI in software engineering.
Argues that companies built solely on the Model Context Protocol (MCP) are unlikely to succeed, while those using MCP as an integration layer have a better chance.
A guide to automating the fine-tuning of AI agent workflows using the Qodo CLI, based on analyzing execution logs to improve instructions.
A guide to creating a Home Assistant automation for announcing Shabbat candle lighting times using sensors and YAML configuration.
Explains the complex interplay between CORS, SameSite cookies, and CSRF attacks in cookie-based web authentication systems.
Explores gamified learning for developers, using examples like a security game built with Kaboom.js and an LLM prompt injection game.
Analyzes outdated marketing and product strategies causing DevRel failures, advocating for faster, focused launches in fast-paced tech environments like AI.
Explores building Node.js CLI apps without third-party dependencies, using built-in modules for colors, argument parsing, and debugging.
A guide to building neural networks using JavaScript and the Brain.js library, covering fundamental concepts for web developers.
A Developer Advocate explains how to use Generative AI to automate and accelerate the creation of demo applications for security vulnerability education.
Explains the LLMs.txt file, a new standard for providing context and metadata to Large Language Models to improve accuracy and reduce hallucinations.
Analyzes common tight coupling patterns in Node.js code, such as global variables and hardcoded dependencies, and their impact on maintainability.
A guide to using PDF.js for reading/parsing PDFs and PDF Lib for creating/modifying PDFs in Node.js, with code examples.
Explores the ongoing challenges of publishing TypeScript packages for both ESM and CJS in 2025, covering Node.js updates and tooling like tsup.
A technical guide on setting up Home Assistant with AdGuard DNS to block YouTube, using Lovelace UI buttons for easy control.
A technical guide on customizing the Astro Starlight documentation sidebar to dynamically show/hide content based on user authentication status.
A step-by-step tutorial on setting up a Google Cloud project and using Google Cloud Storage to store and serve images.
Applying behavioral economics principles from 'Thinking, Fast and Slow' to improve application security practices and decision-making.
A guide to implementing automatic component imports for MDX files in the Astro framework using the astro-auto-import package.
Explains how to use the new Promise.withResolvers API in Node.js v22+ to manage asynchronous operations in nested tests.
