Simon Willison’s Weblog

Subscribe

Saturday, 14th March 2026

Research CSRF Protection Demo: Modern Browser-Based Defenses — Modern browser security now enables robust Cross-Site Request Forgery (CSRF) prevention without requiring tokens. This demo project contrasts a vulnerable FastAPI bank app with a protected version, showcasing how browser-sent headers like `Sec-Fetch-Site` and `Origin` empower servers to automatically reject cross-origin POST requests.
14th Mar 2026, 4:34 am

My fireside chat about agentic engineering at the Pragmatic Summit

Visit My fireside chat about agentic engineering at the Pragmatic Summit

I was a speaker last month at the Pragmatic Summit in San Francisco, where I participated in a fireside chat session about Agentic Engineering hosted by Eric Lui from Statsig.

[... 3,350 words]

6:19 pm / speaking, youtube, careers, ai, prompt-injection, generative-ai, llms, ai-assisted-programming, coding-agents, lethal-trifecta, agentic-engineering

GitHub’s slopocalypse – the flood of AI-generated spam PRs and issues – has made Jazzband’s model of open membership and shared push access untenable.

Jazzband was designed for a world where the worst case was someone accidentally merging the wrong PR. In a world where only 1 in 10 AI-generated PRs meets project standards, where curl had to shut down its bug bounty because confirmation rates dropped below 5%, and where GitHub’s own response was a kill switch to disable pull requests entirely – an organization that gives push access to everyone who joins simply can’t operate safely anymore.

Jannis Leidel, Sunsetting Jazzband

# 6:41 pm / github, open-source, python, ai, ai-ethics

Friday, 13th March 2026
Sunday, 15th March 2026

2026 » March

MTWTFSS
      1
2345678
9101112131415
16171819202122
23242526272829
3031