Hi, I’m Pawan

MCP is becoming the USB‑C of agent tooling—a universal interface that lets LLMs query data, call APIs, and take real‑world actions. Adoption is accelerating fast. But every convenience layer in security carries the same risk: teams connect it before they’ve defined the capability model. MCP is no exception. It creates a new trust boundary, and most deployments aren’t treating it like one. If you’re deploying MCP (or any agent tool protocol), the right mental model isn’t “prompt injection is an LLM bug we can filter.” The right mental model is: MCP is a capability system. Once you see it that way, the security work becomes familiar—permissions, isolation, auditing, and blast‑radius control. ...

It’s been a while since I felt giddy reading a specification. The release of Google’s Agent Payments Protocol (AP2) brought back memories of my payments days—waiting eagerly for Visa and Mastercard to publish updates on network tokenization, or when Android introduced Host Card Emulation. Here’s what stood out. What Is AP2? The Agent Payments Protocol (AP2) is Google’s ambitious attempt to create a cryptographic foundation for AI agent–initiated commerce. Released on September 16, 2025 with backing from 60+ organizations, it tackles the central trust problem: ...

The Confidential Computing Consortium defines confidential computing as “the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.” It’s a powerful idea. Instead of trusting operators or cloud providers, you trust hardware itself to keep your data protected even while it’s being processed. When WhatsApp recently announced new AI features like summarizing messages or helping draft replies, most people saw just another set of productivity tools. What went unnoticed is that behind these features sits one of the most ambitious privacy technologies ever deployed: confidential computing at internet scale. ...

Back when mobile payments were still in their infancy—long before Apple Pay became a household name—I found myself captivated by the possibilities of NFC technology. As a grad student at Dalhousie University, I started tinkering with NFC and co-founded a small startup called Alfred NFC, where we experimented with peer-to-peer transactions. That was my first real taste of what would become a lifelong fascination with secure technology ecosystems. As graduation approached and the reality set in that Alfred NFC wouldn’t become the next big thing, I faced a crossroads. I applied to countless Canadian companies and banks for NFC-related work—anything that would let me stay in this space I was so passionate about. But the callbacks never came. So I pivoted: I interviewed for several Java developer roles and received multiple offers. It was a safe, predictable path forward. ...