VibeSec Advisory
is a free field guide for securing agentic AI.
I publish practical research, reusable Skills, workflow patterns, agent reviews, MCP notes, prompt injection tests, CLI security guides, AI red-team lessons, and market news for builders working with AI systems.

Ryan Macomber
Founder, VibeSec Advisory
I work on AI agents and security every day. VibeSec Advisory is where I publish the practical notes from that work: what I tested, what failed, and what patterns help builders reduce risk.
The current focus is agentic AI security: prompt injection, tool poisoning, MCP permissions, AI coding tools, generated code, agent workflows, and the guardrails that keep blast radius visible.
Why I started VibeSec Advisory
I spent years watching the same pattern play out across many teams. A team would discover AI tools. They would redesign a workflow in days. Then someone would ask: "Is this safe?" And the workflow had no clear answer.
The problem is not that builders lack ambition. It is that agents now touch files, browsers, terminals, databases, MCP servers, APIs, inboxes, and production systems before the security model is fully understood.
VibeSec Advisory exists to make those risks easier to see and easier to test. Prompt injection, tool poisoning, permission sprawl, weak review loops, and unsafe generated code are normal failure modes of this stack.
AI is changing how people build. The site helps readers understand the risk, test the workflow, improve the agent, and choose safer tool patterns.
What makes us different
Research, Not A Sales Funnel
The public path is free content: research notes, Skills, workflows, agent reviews, MCP notes, prompt injection tests, and tool analysis.
Built From Hands-On Agent Work
The writing comes from practical AI agent work, security testing, workflow design, and tooling review. The goal is useful field notes, not abstract commentary.
Security In The Workflow
Data boundaries, review points, tool access, escalation rules, and recovery paths are treated as part of the workflow, not a policy layer added later.
Tool-Agnostic by Design
The site covers AI coding tools, MCP servers, CLI agents, browser agents, and workflow infrastructure without turning the guidance into a vendor pitch.
Actionable Deliverables
The useful output is a test, checklist, Skill, workflow pattern, review gate, or decision rule a reader can use the same day.
Free By Default
No public pricing, SOWs, workshops, retainers, or checkout flow. The site points readers to free resources and field-guide content.
Start with the systems your agents can touch.
Read the research, browse the Skill Library, or review workflow examples for practical ways to test and improve agentic AI.