Anthropic Did It Again.
A missing .npmignore line exposed 512,000 lines of Claude Code source. An intern found it. Then axios got hijacked. One config file, two incidents, zero excuses.
Latest Articles
View all 
I Thought March Was Over. Then Anthropic Shipped Claude Computer.
Six products, a Pentagon lawsuit, and a self-graded safety plan. Everything Anthropic shipped in March and what it means for operators.
Anthropic Didn’t Get Hacked. It Still Had a Security Problem.
A CMS misconfiguration exposed roughly 3,000 unpublished assets. One described a model nobody was supposed to see yet. That was enough.
MCP 201: The Governance Deficit
30 CVEs in 60 days. 38 percent of scanned servers with zero authentication. The protocol works. The guardrails do not exist yet.
MCP 103: I Gave Claude Code Someone Else’s Tools (Full Deep Dive)
I wired three MCP servers built by strangers into Claude Code. One sentence. Three external systems. No audit trail.
Your AI Vendor Just Became a Defense Contractor. Now What?
Anthropic refused five words in a Pentagon contract and got designated a supply chain risk. What that means for your enterprise stack.
MCP 102: Claude Already Knows
MCP 101 was the spec. MCP 102 is the behavior. What actually happens when you flip the switch in a real project stack.
MCP 101: I Read the Documentation So You Don’t Have To
Everyone is talking about MCP. Almost nobody has read the actual spec. I did. Here’s what it says and what it doesn’t.
Your Boss Just Saw What Goldman Did With AI. Here’s What Happens Next.
Goldman Sachs automated back-office work with Claude. Your leadership team saw the headline. Here’s what actually happened and what comes next.
The Clean Room Method
Five steps to stop AI tools from leaking your information. A practical method for anyone using AI with sensitive documents.
Your Local AI Agent Is a Security Risk
Local doesn’t mean safe. Here’s the Lethal Trifecta that makes local AI agents a security problem nobody is talking about.
The Fifth Party Problem: Who Pays When AI Agents Go Rogue?
AI agents are making decisions in your name. When something goes wrong, the liability chain is longer than anyone admits.
Karma as Code: The Rise of the Persistent RPG
What if your game remembered everything? A deep dive into persistent karma systems and what they tell us about AI memory.
Fear is Fake: Why You’re Still Not Running Local AI
I waited 14 days to do a 20-minute task because I was overthinking the setup. Here’s what I learned.
How I Turned a Gaming PC Into a Sovereign AI Server
The Nuclear Option. Why I stopped using cloud AI for sensitive work and built a local sovereign AI server on gaming hardware.
Start Here
Everything is free, published on Substack, and organized so you can find what you need without scrolling through a feed.
Your First AI Stack
Five minutes. Four tools. One setup that actually works.
AI Tools I Actually Use Honest reviews of AI tools tested in real workflows. No affiliate links, no sponsored takes.
Prompts That Work Copy-paste ready prompts for real tasks. Tested, refined, and explained in plain language.
Tutorials & Walkthroughs Step-by-step guides that skip the fluff and get to what you actually need to do.
AI at Work Enterprise and workplace AI tips from someone who actually deploys this stuff for a living.
FREE RESOURCE
Getting started with Claude?
ClaudeHQ is a free guide built for people who want to use Claude at work without reading 50 pages of documentation. No account. No paywall.
Visit ClaudeHQ