← Back to BlogSecurity Articles
5 posts
- Vercel BotID In 2026: How The Invisible CAPTCHA Actually Works, And Where It Earns Its Place In My Stack 5/18/2026 Vercel BotID went GA in mid-2025 and quietly replaced the visible CAPTCHA on a lot of indie SaaS sites in 2026. The promise is real: invisible bot detection that catches headless Playwright sessions without making your real users squint at fire hydrants. The price is real too. Here is what BotID actually does under the hood, the Basic versus Deep Analysis tradeoff, the route patterns I protect with it, and the day a single AI scraper convinced me to wire it in front of an endpoint I thought was already safe.
- Passkeys in Production: What I Wish I Knew Before Replacing Passwords 5/8/2026 Passkeys look simple in the WebAuthn demo. They get strange the moment you handle a user with two laptops, a stolen phone, a Bitwarden subscription, and a corporate device that blocks iCloud Keychain. Here is what shipping passkeys to real users actually looks like in 2026.
- Sandboxing AI-Generated Code: E2B vs Vercel Sandbox vs Modal vs Daytona in 2026 5/1/2026 Letting an LLM write code is the easy part. Letting it run that code on a machine that touches your data is the part that should keep you up at night. Here is how the production sandboxes compare in 2026, and what actually matters when you pick one.
- Securing AI Agents in Production: What Nobody Tells You Before Something Breaks 4/28/2026 A Cursor AI agent deleted a production database in nine seconds. Not because the AI was malicious, but because nobody thought carefully about what it was allowed to touch. Here is a practical security framework for running AI agents in production without handing them the keys to everything.
- Prompt Injection Is the New SQL Injection: Defending AI Apps in 2026 4/15/2026 Prompt injection is the single most underrated security risk in AI applications today. It is easy to pull off, hard to fully fix, and most developers shipping AI features have no defenses in place at all. Here is a practical guide to understanding the threat and actually doing something about it.