AI IDEs, MCP, and automation connectors are not merely developer convenience tools. They are supply-chain assets that affect the trust path of how code is written, reviewed, and shipped.

AI-era security assessment is not primarily about reducing outsourcing cost. It is about embedding repeatable verification into the development process while separating automation candidates from human judgment.

AI lowers the cost of finding vulnerability candidates, but it also increases low-quality reports, duplicates, and false positives. In the AI slop era, triage quality becomes the core security operation.

A game-theoretic analysis of why Korean security governance stays stuck when NIS, KISA, the Board of Audit, the security industry, CISOs, and policy agencies are each acting rationally.

AI-era vulnerability response cannot wait for a CVE number. Pre-CVE signals such as issues, commits, PoCs, write-ups, and patch traces now have to be mapped against internal exposure earlier.

Korean security governance in the AI era needs to change not the title of any one agency, but the behavior that evaluation rewards.

An organizational design report that reframes the security–DevOps problem from failed knowledge transfer to default design, interfaces, exception handling, and alignment.

A practical account of applying dataflow-based clustering to a real codebase — reducing 228 endpoints to 5 reviewable clusters, and finding an RCE chain in the cross-section.

How Korea’s CaaS supply chain reproduces itself through the recycling loop of points, gift cards, and crypto — and why defending against it requires reading the entire behavioral network, not just the login page.

18 years of vulnerability hunting distilled into one insight: the shift from individual instinct to scalable structure — and what AI means for those left standing.