LinkedIn message from a 'private investor' pitching a Web3 backend role

A Fake Web3 Job Sent Me a 'Test Project'. It Was a Remote-Access Backdoor

A LinkedIn ‘investor’ offered me a $70-120/hr Web3 job and sent a ‘skill assessment’ repo with a 2-3 hour deadline. The moment its server boots, it fetches code from an attacker’s machine and runs it with full Node.js privileges. I recognized the trap, told him I’d run it (I hadn’t), and handed him back his own command-and-control link. Here is the full teardown.

June 22, 2026 · 11 min · 2261 words

Every Retrieval Is an Authorization Decision: Multi-Tenant RAG Done Safely

In a single-tenant RAG you trust the index. In a multi-tenant one, a shared index plus one missing filter leaks Tenant A’s documents into Tenant B’s answer. Here is the unified mental model that ties the metadata-filtering mechanics and the authorization layer together, treat the tenant filter as a policy decision, not app code, with the same architecture mapped across AWS, Azure, and Google Cloud (diagrams and Python included).

June 20, 2026 · 11 min · 2188 words