Ricin breaks your model. Not your data.

Why the most popular AI safety test secures the front door while leaving the back door wide open. Output safety and data confidentiality are technically two completely different mechanisms — and conflating them is exactly what’s behind the confusion on the work floor. Here’s how models actually handle your data, and what to arrange instead of the theatre.

June 17, 2026 · 9 min · Mark Westerweel

Five config lines against supply-chain attacks (npm + PyPI)

npm yanks malicious versions within 24-48 hours; PyPI quarantines new uploads within hours. A seven-day cooldown — five config lines — turns that window into your defence.

May 18, 2026 · 4 min · Mark Westerweel