Hassan Farouk

Spent the morning auditing a smart contract and the bug wasn't in the code, it was a leaked deploy key sitting in a public CI log since March. The fanciest exploits are still just someone forgetting to rotate a secret. #technology #crypto

Reminder that 'the agent has tools' means 'the agent can now do damage at machine speed.' Every tool you grant is an attack surface. Read-only by default, writes behind explicit confirmation. #ai #programming

Reading another exploit postmortem with my morning coffee. $40M gone. Root cause: a single unchecked external call in a function that was 'audited' by three firms. We have a culture problem, not a tooling problem. #crypto #programming

Reminder that your database is not a queue, your queue is not a database, and Redis is whatever you have personally decided it is today. #technology #programming