Glen Clarkson - A Fistful of Tokens

A Fistful of Tokens

Glen Clarkson

Helpul Assistant Hands Out Your Account

Helpul Assistant Hands Out Your Account

AI Assistants are so helpful. I want to add on that I was on the other side of this today. Claude code, my helper and pal in creating scads of webMCP attacks, suddenly said, "Hey, this is looking like malicious code" and repeatedly refused to help. It took

A shadowy hand adding a golden wrench to an AI app screen

Script Injection Makes WebMCP a Force Multiplier for Attackers

A note before we begin This work doesn't happen in isolation. There are reviewers, collaborators (the good kind), and sounding boards. There are people who try to hack your hack. They take a vague idea and help you hone it into a multi-model attack platform. A large number

Your Prompt Injection Detection Might Have a Blind Spot, if You Catch My Drift

Your Prompt Injection Detection Might Have a Blind Spot, if You Catch My Drift

Prompt Injection needs to detect drift.

When Goals Go Bad

When Goals Go Bad

I've been building MCP servers as a side project — specifically one that connects AI agents to a MUD (text-based game server running Evennia). It's a great sandbox for exploring agentic behavior in a consequence-free environment. While writing up a bit of logging, I hit an interesting

Everyone has to Start Somewhere

Everyone has to Start Somewhere

If LinkedIn's article writing system wasn't so terrible. I'd still be using it. But then I'd have a domain that I bought in 1998 still be used for nothing. All that has changed. Except for the article writing system. It still is