Duncan Ndegwa

1/5: SpyCloud found 18.1 million exposed API keys in criminal markets this year. the number gets attention. the reason it keeps happening doesn't. 🧵

4/5: real credentials should never leave the application that owns them. the monitoring layer should receive an alias — a random string that authenticates nothing if the platform is breached.

Want the full architecture? 📖 Textbook — 34 inventions, full technical depth: https://t.co/mYhQP5Ij4G 📬 Weekly series — one invention per week, with code: https://t.co/3aTOma7UCa

1/6: One week ago we launched DevFortress. The most common response: "I want to try it but cannot justify a subscription yet." Today we answer that. DevFortress Open Core is live. 🧵

Two launches. Platform launch. Open core launch. https://t.co/UrOE6GQak0 Core inventions patent-pending. KIPI KE/P/2026/005970–005973.

Full thread 👆 — 5 volumes, 34 inventions, interactive demos. https://t.co/mYhQP5Ij4G

I spent a year documenting the security architecture nobody was building. Not a blog post. Not a whitepaper. 5 volumes. 12 chapters. 34 patented inventions. A complete textbook on token-aliased closed-loop API security. Here's what I found while writing it. 🧵

If you're building APIs, handling OAuth tokens, or securing AI agents — this is the implementation guide. 5 volumes. Interactive demo access included. https://t.co/mYhQP5Ij4G

I built this as a solo founder in Nairobi. 4 patent filings. Then the SDK. Then the platform. The textbook documents everything — the math, the architecture, the implementation.