https://millerengelbrecht.com Security research on AI systems, bug bounty, and prompt injection by Miller Engelbrecht. en Miller Engelbrecht https://millerengelbrecht.com/posts/dns-payload-claude-code.html How npm postinstall lifecycle hooks become a DNS command channel, silently executing attacker-controlled payloads on developer machines and CI runners. Thu, 21 May 2026 00:00:00 +0000 https://millerengelbrecht.com/posts/dns-payload-claude-code.html ai-security bug-bounty https://millerengelbrecht.com/posts/invisible-unicode-injection.html How invisible Unicode Tag characters can be embedded in git commit messages to inject hidden instructions into AI coding agents that process repository metadata. Tue, 19 May 2026 00:00:00 +0000 https://millerengelbrecht.com/posts/invisible-unicode-injection.html prompt-injection