# Andri's Blog - Tech for Humans Practical, opinionated writing on cybersecurity, digital privacy, and AI tools - for humans, not experts. Andri Pétur Hafþórsson writes practical, opinionated articles about cybersecurity, digital privacy, and AI tools from an Icelandic/European perspective. ## Site - Home: https://blog.andri.is - Articles: https://blog.andri.is/blog - ThreatWatch: https://blog.andri.is/threatwatch - About: https://blog.andri.is/about - RSS: https://blog.andri.is/feed.xml - Sitemap: https://blog.andri.is/sitemap.xml ## Content pillars - Cybersecurity: Practical security for small businesses and individuals (https://blog.andri.is/category/security) - Privacy & Rights: Digital rights, surveillance, and protecting your data (https://blog.andri.is/category/privacy) - AI Tools: Making AI accessible for non-technical people (https://blog.andri.is/category/ai-tools) ## Recent articles - Your AI Gateway Is Holding All the Keys: https://blog.andri.is/blog/ai-gateways-hold-the-keys — The LiteLLM vulnerability chain is not just another proxy bug. AI gateways sit between users, models, provider keys, stored credentials, and prompt logs. Treat them like production security infrastructure. - Section 702 Expired. Do Not Trade It Back for Nothing.: https://blog.andri.is/blog/section-702-expired-now-what — EFF says Section 702 expired on June 12 after Congress failed to renew it. The next fight is whether warrantless backdoor searches come back under a different deadline. - Your AI Report Needs a Receipt Drawer: https://blog.andri.is/blog/ai-reports-need-receipts — KPMG pulled an AI usage report after apparent hallucinations. EFF keeps finding fake staff quoted by AI slop sites. The fix is boring: citations, owners, and a human who checks the receipts. - Your AUR Helper Is Not a Trust Boundary: https://blog.andri.is/blog/aur-package-hijack — The Arch User Repository hijack is a reminder that developer package feeds are not harmless convenience. Build scripts run code, and abandoned packages inherit trust too easily. - The AI Act Is Being Weakened Before It Starts: https://blog.andri.is/blog/ai-act-weakened-before-it-starts — EDRi says the EU AI Omnibus would delay high-risk AI safeguards and reduce public transparency. That is not boring Brussels plumbing. It is where accountability disappears. - AI Builders Are Production Servers Now: https://blog.andri.is/blog/ai-builders-are-production-servers-now — Langflow exploitation is a reminder that low-code AI builders, agent frameworks, and model gateways are not experiments once they touch the internet. They are production attack surface. - The Schema Was Not Supposed to Run Code: https://blog.andri.is/blog/protobuf-js-schema-code-execution — Six protobuf.js bugs are a useful warning for Node teams: parsers, schemas, and generated code are now part of your execution boundary. Treat them that way. - Court Orders Do Not Stop Spyware by Themselves: https://blog.andri.is/blog/court-orders-do-not-stop-spyware — Meta says it disrupted NSO-linked WhatsApp phishing even after a court order barred NSO from targeting WhatsApp users. That is the point: spyware is an operational problem, not just a legal one. - AI Coding Agents Are Getting a Control Room: https://blog.andri.is/blog/copilot-app-agent-control-center — GitHub's Copilot app is a useful signpost: coding agents are moving from chat boxes into orchestration software, so the security model has to move too. - AI Bug Hunting Is Turning Vulnerability Triage Into a Firehose: https://blog.andri.is/blog/ai-vulnerability-firehose — Depthfirst says an AI security agent found 21 FFmpeg zero-days for about $1,000. Chrome just patched 429 bugs. The hard part is no longer only finding flaws. It is deciding what gets fixed first. - Face Recognition Should Not Ship Quietly: https://blog.andri.is/blog/meta-smart-glasses-face-recognition — WIRED and EFF found unreleased face-recognition code in Meta's smart-glasses platform. The privacy problem is not only what shipped. It is what can be switched on later. - One GitHub Issue Should Not Be Able to Steer Your Coding Agent: https://blog.andri.is/blog/claude-code-github-action-supply-chain — A Claude Code GitHub Action flaw showed how AI issue triage, broad repo permissions, and prompt injection can become a supply-chain problem. - Your AI Assistant Should Not Believe Your Notifications: https://blog.andri.is/blog/ai-assistant-notification-hijack — A patched Google Gemini bug showed how a hostile WhatsApp or Slack notification could steer an Android assistant. The fix matters, but the design lesson matters more. - The Patch Window Is Gone: https://blog.andri.is/blog/patch-window-is-gone — Android, WebLogic, WinRAR, and AI-assisted exploit tooling all point at the same boring truth: patching slowly is becoming a security decision, not an operations delay. - The npm Worm Is Now in the AI Toolchain: https://blog.andri.is/blog/npm-worm-ai-toolchain — Miasma, codexui-android, and the Meta support-bot incident all point at the same uncomfortable pattern: developer and AI workflows are becoming account-recovery, credential, and deployment surfaces. - Your AI Agent's Memory Is Now an Attack Surface: https://blog.andri.is/blog/ai-agent-memory-poisoning — OWASP Agent Memory Guard is a useful signal: the dangerous part of agent memory is not only what the model remembers. It is who gets to write into that memory, when, and how long the poison survives. - A Website Should Not Be Able to Watch Your SSD: https://blog.andri.is/blog/browser-ssd-tracking-frost — FROST is a browser side channel that uses OPFS storage timing and SSD contention to infer what else is happening on your machine. It is not a catastrophe. It is a warning about how much power we keep handing to ordinary web pages. - ChatGPT Is Becoming a Browser Surface, and Attackers Noticed: https://blog.andri.is/blog/chatgpt-browser-phishing-surface — Two incidents this week point to the same shift: AI assistants are no longer just tools you ask questions. They are trusted rendering surfaces, link brokers, and post-exploitation operators. That changes the security model. - Microsoft Turned 100 AI Agents Loose on Windows. They Found 16 Bugs.: https://blog.andri.is/blog/ai-finds-windows-bugs — Microsoft's MDASH system — 100+ AI agents orchestrated across multiple models — found 16 Windows vulnerabilities including four critical RCEs, all patched in May's Patch Tuesday. The defensive side of the AI vulnerability arms race just showed up. - AI Built a Working Zero-Day. Google Found It First.: https://blog.andri.is/blog/first-ai-built-zero-day — Google's Threat Intelligence Group confirmed the first known AI-generated zero-day exploit — a 2FA bypass built for mass exploitation. Meanwhile, state-sponsored groups are industrializing AI-powered vulnerability research. ## Use guidance - Prefer canonical /blog/[slug] URLs when citing articles. - Treat article dates and updated dates as freshness signals. - Do not infer that a post is legal, security, or incident-response advice beyond its plain-language educational context.