I asked my AI agent to summarise a webpage.
It leaked its own system prompt.
No errors. No warnings. It just complied.
Full demo from my GDG Dublin talk — indirect prompt injection + tool poisoning via MCP, run against my own agent.
#AgenticAI#AISecurity
many people asked me to make a video about my complete agentic engineering workflow
excited to share it's finally here!!!
it took me about 20 hours in total to record this 45 minutes of walkthrough - it covers everything i do to ship production quality code at an average 40+ PRs/day velocity
hope this can be a useful reference to everyone exploring good ways to use AI. and would appreciate a reshare with anyone you think might benefit from this!
enjoy! https://t.co/oA0UCrBvqo
Both passed every test.
Both failed people.
I gave a talk for Women in AI Ireland on a bias audit that catches what unit tests miss — three checks, twelve questions, for generative and agentic AI.
YouTube link in reply. 👇
#AIbias#ResponsibleAI
Full video → https://t.co/e1Eusqog1o
Code → https://t.co/SWmjYJQvXT
Covers:
→ pass^k math (why 1 trial isn't enough)
→ LLM-as-judge with cross-family calibration
→ TPR/TNR calibration vs raw agreement
→ Drift detection across runs
0.97 × 0.97 × ... = 0.73
If your agent is 97% reliable per step, it's only 73% reliable across 10 steps.
Most teams never measure this. They ship the demo and hope.
New video: building your first eval pipeline from scratch.
~200 lines of Python. No frameworks.
Last month I hacked my own AI agent with malicious HTML.
This week I published the follow-up: how to actually defend against it.
5 production patterns for securing agentic AI systems — a thread 🧵
#AgenticAI#AISecurity
6/ Defence in depth.
No single layer is a magic bullet — each catches what the one before missed.
Built on Google ADK, but the patterns translate to LangGraph, OpenAI Agents SDK, Strands.
Full demos against the same malicious page from Ep 1 in the video below ↓
I asked my AI agent to summarise a webpage.
It leaked its own system prompt.
No errors. No warnings. It just complied.
Full demo from my GDG Dublin talk — indirect prompt injection + tool poisoning via MCP, run against my own agent.
#AgenticAI#AISecurity
+1 for "context engineering" over "prompt engineering".
People associate prompts with short task descriptions you'd give an LLM in your day-to-day use. When in every industrial-strength LLM app, context engineering is the delicate art and science of filling the context window with just the right information for the next step. Science because doing this right involves task descriptions and explanations, few shot examples, RAG, related (possibly multimodal) data, tools, state and history, compacting... Too little or of the wrong form and the LLM doesn't have the right context for optimal performance. Too much or too irrelevant and the LLM costs might go up and performance might come down. Doing this well is highly non-trivial. And art because of the guiding intuition around LLM psychology of people spirits.
On top of context engineering itself, an LLM app has to:
- break up problems just right into control flows
- pack the context windows just right
- dispatch calls to LLMs of the right kind and capability
- handle generation-verification UIUX flows
- a lot more - guardrails, security, evals, parallelism, prefetching, ...
So context engineering is just one small piece of an emerging thick layer of non-trivial software that coordinates individual LLM calls (and a lot more) into full LLM apps. The term "ChatGPT wrapper" is tired and really, really wrong.