Hi, I'm Luisa.
I'm an independent advisor working on agentic AI systems and how to make them secure by design. I build open-source tools enabling safe agents at liwala.dev . I write about building resilient software with AI, agentic architectures, and security here and on my Substack, Herding Agents .
I advise a small number of teams building and working with agentic systems, usually a few hours a month, on the foundational architecture and security decisions that are hard to undo later. If your company is facing these questions, get in touch .
Series
- Agentic engineering Ongoing · 4 chapters
- Prompt injection is, and will continue to be, a problem Ongoing · 1 chapter
- Secure by design for coding agents & beyond Ongoing · 3 chapters
- Secure coding practices with agents Ongoing · 6 chapters
Recent notes
-
The task is the variable
Safety in AI-assisted coding is not really a dial between fast and careful. The real variable is the task: adjust your posture to match it.
-
I switched from beads to plaintext tasks that live in the diff, managed by a skill
I wrote opentasks-skill to teach my coding agents to manage tasks without external dependencies, with a git-tracked audit system.
Recent essays
-
Dependency scanning should be a default, not a discipline
Vulnerability scanning fails like ergonomics: fine when you remember, forgotten the one time it matters. I created autoscan-kit to push the scan into places that fire on their own, so skipping it is harder than running it.
-
Most people doing 'vibe-coding' inherited a developer's attack surface without realizing it
Coding agents hand non-developers a developer's full attack surface, without the years of instinct that usually come with being in the trenches doing software development. The exposure is identical, but the defense is absent. The fix must live in the defaults.