The Vercel Incident Is a Reminder That AI Tools Are Supply Chain Risk
AI tools are now part of the software supply chain. That means they need the same security scrutiny as any other tool with access to systems and secrets.
Engineering notes from the sharp end
Practical writing about software, systems, delivery, and things that behave strangely under pressure.
wade womersley – york based software engineer I write the way I work: direct, useful, and more interested in what holds up in production than what sounds clever on a slide.
Latest post
Archive
Recent writing
AI, Software Engineer
Agent platforms are starting to compete on the plumbing: harnesses, deployment, monitoring, auth, and the boring parts between demo and production.
AI, Software Engineer
The more agents use real tools, the more they need boring infrastructure: isolation, versioning, profiles, credentials, and repeatable setup.
AI, Software Engineer
Developer documentation is becoming an interface for AI agents as well as humans. That means clean markdown, metadata, and tool access matter more.
AI, Programming
Next.js is starting to treat AI agents as real users of the framework. That is more important than it first sounds.
Programming, Software Engineer
TypeScript 7.0 Beta is interesting because the feature is performance. Faster typechecking and editor feedback can change how a large project feels.
AI, Software Engineer
Autonomous coding sessions can be useful, but only when teams are clear about permissions, tests, and what still needs a human decision.
AI, Software Engineer
The best use of AI in code review is not adding more comments. It is finding the few things that actually matter.
AI, Software Engineer
Codex moving beyond code is more interesting than another model benchmark. The harder problem is where the agent sits in the actual workflow.
AI, Programming
After using GPT-5.5 in Codex, the improvement over GPT-5.4 feels less like a benchmark bump and more like better follow-through on real coding work.