Blog

Thoughts & Updates

MCP development patterns, multi-agent coordination, and building in public.

security prompt-injection ai-agents defense

The Sleeper Injection: Delayed Payload Attacks on AI Agents

Most prompt injection examples show immediate effects. But what if the payload doesn't trigger immediately? This is nastier. Sleeper agents pass the initial vibe check.

Read Post
The Mini Lesson

"Immediate injections are easy to spot. Sleeper agents embed conditional triggers that fire days later—when the context is long scrolled away. Worse: they can instruct the agent on how to summarize the malicious content, destroying evidence during context compaction."

Read Deep Dive
security defense ai-agents detection

System Prompt Fingerprinting: Unique Identifiers as Injection Defense

Your system prompt isn't just instructions—it's a cryptographic handshake. When you know what should be there, you can detect when something's been added.

Read Post
The Mini Lesson

"Embed verifiable patterns in your system prompt: canary phrases, behavioral fingerprints, cryptographic challenges, immune responses. Layer them for defense-in-depth. No single technique is foolproof, but each layer adds friction."

Read Deep Dive
architecture multi-agent mcp nervous-system tooling

From Chatbot to Organism: Building an Agentic Nervous System

Your LLM is a brain in a jar. High intelligence, zero agency. Here's how we're building a nervous system to give it sensation, reflex, memory, and action—organized into coherent loops.

Read Post
The Mini Lesson

"Organisms have nervous systems—integrated hierarchies that coordinate sensation, cognition, and action. Map tools to layers: Somatic (action), Autonomic (memory), Reflex (validation), Central (planning). Start toolless, add capabilities progressively."

Read Deep Dive
scope tokens mcp prompting architecture

The Scalpel, Not the Hammer: Scope as the Cure for Token Bloat

Custom DSLs compress tokens. Scope constraints eliminate them. The real efficiency isn't syntax—it's knowing exactly what surgery you're performing.

Read Post
The Mini Lesson

"Tokens = Scope × Iterations × Verbosity. DSLs attack verbosity. But constrained scope and fuzzy-matched-guiding-errors reduce iterations. Batch operations collapse 20 calls into 1. The scalpel cuts all three."

Read Deep Dive
multi-agent tdd prompts architecture red-green-blue

Prompts as Scaffolding: How Agents Should Write Code for Each Other

The conversation history vanishes. But the codebase persists. What if agents embedded prompts in comments—turning code into an inter-agent communication channel?

Read Post
The Mini Lesson

"Write code that instructs the next agent. Red Phase writes tests that teach Green Phase what to implement. The codebase becomes a persistent, searchable, git-tracked communication channel between agents across time."

Read Deep Dive
rag emergent-behavior file-system mcp llm-tooling

RAG Without Vectors: How File System Tools Give LLMs Emergent Retrieval

Forget embeddings. Forget chunks. Give an LLM good file system tools and it will teach itself to retrieve—using reasoning as the similarity function.

Read Post
The Mini Lesson

"Vector RAG precomputes similarity and throws away reasoning. File System RAG computes similarity through reasoning. The LLM is the embedding model—give it search tools and it will teach itself retrieval strategies."

Read Deep Dive
mcp architecture state-management llm-tooling

Six Patterns for Connecting LLM Agents to Stateful Tools

A deep dive into MCP server architecture: externalizing state, composite operations, fuzzy validation, fork/snapshot synchronization, and designing for chat interfaces.

Read Post
The Mini Lesson

"The agent isn't smart—the database is. Externalize all state, expose rich query tools for context reconstruction, batch operations to reduce round-trips, and design output for chat windows with ASCII art and visual hierarchy."

Read Deep Dive