Field Notes
Four Rooms, One AI: How Claude's Execution Environments Actually Work
Artifacts, Claude Code, Cowork, and Code-on-the-web don't just look different — they run in fundamentally different places with different security boundaries. Here's the architecture explained simply, with the risks mapped for each.
Diagram: Claude Code vs Cowork — Execution & Sandbox Flow
A single visual showing where each environment runs, what each sandbox layer contains, and exactly where the MCP connector path breaks out of the VM boundary.
MCP + API Keys = A Security Gap Most Organisations Are Not Ready For
API keys bypass device policies. Personal AI subscriptions bypass enterprise account controls. MCP bypasses the visibility your security team spent years building. Here's what to do about it.
Claude Security for Organizations: A Practical Hardening Guide
Least privilege, monitor everything, isolate what you can, put humans in the loop. A settings-level walkthrough across Claude.ai, Desktop, Code, Cowork, Chrome, Connectors, Extensions, and Plugins — with the rationale behind each call.
Shadow AI: how note-taking apps are leaking company secrets
Employees are signing up for free AI note-takers, pasting in client lists, credentials and strategy decks — and feeding it all to someone else's training pipeline. This is the new face of Shadow IT, and most security teams aren't measuring it yet.
The Hidden Risks of MCP
Model Context Protocol is transforming how AI connects to your infrastructure — and creating an attack surface most organizations aren't prepared for. A briefing for CISOs, security architects, and AppSec teams.
The agentic AI revolution: what it means right now
We're no longer just using AI to generate text. Autonomous agents that think, plan, and execute are here — reshaping security, software, and careers. Notes from my deep-dive.
Learning Claude — capabilities, connectors & the ecosystem
A practitioner's notes on what Claude can actually do — from the API and MCP connectors to the broader Anthropic ecosystem, and where security professionals should pay close attention.
I Was Burning Through Claude Tokens Without Knowing It
577 million tokens in four weeks — and 95% was cache reads. Here's what the session logs revealed, why long sessions are so expensive, and the five changes that fixed it.
Topics
AI security & risk
Threat models, attack surfaces, and security practices for AI systems — MCP exploits, prompt injection, model poisoning, agentic AI risks, and what CISOs need to know.
Learning AI
Practical notes from learning AI hands-on — agentic frameworks, local LLMs, automation tools, and how AI is reshaping how we work, build, and ship.
Learning Claude
Exploring Anthropic's Claude — capabilities, the API, MCP connectors, and building with Claude. Written from a security practitioner's perspective.
Security by day. AI curious always.
I'm Ravi Ahir — a cybersecurity professional with a growing obsession with how AI is reshaping the security landscape. This blog is where I think out loud: processing what I'm learning, documenting risks I see, and sharing perspectives I hope are useful to other practitioners.
I write about AI security and risk because most existing material is either too technical or too shallow. I'm trying to find the middle ground — clear enough for a CISO, honest enough to be useful to a security architect.
No sponsored posts. No hype. Just notes from someone genuinely figuring this out.
The ideas are mine. AI helps me find the words.