Optimizing Skills and the Token Budget
Note: This space moves fast. The limits, budgets, and behaviors described here were accurate at publication, but they may have changed since. Treat the specific numbers as a snapshot and confirm ag...
Chandler Johnson
How to Build AI Hackbots
Introduction Hackbots are not a future thing. They are a now thing. There are a handful of ways to build one, and most of them work to varying degrees. The approach I’m going to walk through here ...
Attacking the MCP Trust Boundary
Note: This blog post was written by Chandler Johnson for the Wallarm 2026 API Security Week event. Wallarm specializes in API security, and the event placed a strong emphasis on AI security, which ...
Hacking Web Applications With AI-Powered Browser Extension
Introduction Web application hacking has always been a hands-on discipline. You perform extensive reconnaissance, learn the authorization controls, see what types of data are passed in input fields...
OffSec Web Expert (OSWE) Review
Introduction What’s up everyone. I recently earned my OSWE (OffSec Web Expert) Certification and wanted to share my experience with the WEB-300 course and the 48-hour exam. Before I get into it, I ...