Archive - Defensible Systems Substack

Time for Security Architects to Shift Right

New threats and the need for speed

Mar 10 • Gunnar Peterson

February 2026

Dust, dirt, and identity

Security engineering lessons from the paydirt of the ancients

Feb 4 • Gunnar Peterson

November 2025

AI's Golden Agent Problem

There are good reasons to think the Agentic version of Golden Ticket - Golden Agent will be worse

Nov 20, 2025 • Gunnar Peterson

Web Authentication is Broken

Attackers logging in means a new approach is a must

Nov 12, 2025 • Gunnar Peterson

May 2025

MCP Security - Thinking in Zones

The New Perimeter is Behavioral

May 17, 2025 • Gunnar Peterson

Who will solve MCP Security?

Security Concerns with Model Context Protocol (MCP) for AI Agents and Who Will Solve Them

May 8, 2025 • Alexis Lavi

April 2025

Some Thoughts Pat Opet's open letter

“The game is the same, just got more fierce” -Slim Charles

Apr 26, 2025 • Gunnar Peterson

OAuth's Role in MCP Security

Limits and Opportunities in the Identity Layer

Apr 19, 2025 • Gunnar Peterson

Join new Defensible Systems subscriber chat

A private space for us to converse and connect

Apr 19, 2025 • Gunnar Peterson

March 2025

Starting a Security Program from Scratch

What are the essential tools?

Mar 28, 2025 • Alexis Lavi

Why a Security Architect Also Needs to Be a Good Solution Architect

Or at least have a solution mindset

Mar 7, 2025 • Alexis Lavi

February 2025

Identity Security Venn

Is OAuth Impersonation a Feature or Threat?

Feb 20, 2025 • Gunnar Peterson

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts