Blog

Field notes on building secure MCP servers — the pitfalls that cost me a day, the guardrails the model can't be trusted to enforce itself, and the attack surface underneath it all. Written from shipping them for clients, not reading about them.