Skip to content

The Opviva blog

How the security agent finds, proves, and fixes the gaps AI builders leave behind.

2026-06-28 · 7 min read

AI agent forensics: how to prove what your AI actually did

Scanners can't tell you what your AI agent actually did. Why forensics is the missing layer in AI app security — and how to prove an agent's actions.

2026-06-27 · 8 min read

Vibe-coding security scanners compared (2026): an honest look — including ours

An honest, side-by-side look at the vibe-coding security scanners in 2026 — what each catches, what it misses, and which to use for your AI-built app.

2026-06-25 · 9 min read

MCP security: how to secure Model Context Protocol servers and AI agents

MCP connects AI agents to tools — and to a new attack surface. The complete picture: the risks, how MCP gets exploited, and how to secure it.

2026-06-24 · 8 min read

EU AI Act Article 12: a practical guide to AI logging and record-keeping

EU AI Act Article 12 requires high-risk AI systems to keep logs automatically. What it actually asks for — and a practical way to meet it.

2026-06-23 · 6 min read

Tamper-evident logging explained: how to make a log you can actually trust

An ordinary log can be edited — and proves nothing. What tamper-evident logging is, how hash chaining works, and why it turns logs into evidence.

2026-06-22 · 6 min read

MCP tool poisoning explained: how a tool description can hijack your AI agent

Tool-spec injection is the headline MCP risk. How a poisoned tool description hijacks an AI agent, a concrete example, and how to defend against it.

2026-06-22 · 5 min read

Scan vs fix: why a security report isn't enough for a vibe-coded app

A list of vulnerabilities only helps if you can act on it. Why scan-only tools leave non-developers stuck — and what post-deploy auto-fix really means.

2026-06-21 · 6 min read

AI now finds decades-old security bugs overnight — what it means for your app

Frontier AI now finds bugs that survived 20+ years of human review — overnight. What changed, why it matters for your AI-built app, and how to stay ahead.

2026-06-21 · 8 min read

The 7 security holes in AI-generated apps (and how to fix them)

AI builders ship apps in minutes — and the same security gaps every time. The seven most common holes in vibe-coded apps, and how to close each one.

2026-06-21 · 5 min read

Exposed Supabase service_role key: why it's critical and how to find it

The Supabase service_role key bypasses all security. If it reaches the browser, your whole database is exposed. Here's how to detect and fix a leak.