<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Roman Landenband</title><description>Open-source projects, releases, and notes from Roman Landenband.</description><link>https://romansky.dev</link><language>en</language><item><title>Local Sandboxing Trade-offs</title><link>https://romansky.dev/updates/local-sandboxing-trade-offs</link><guid isPermaLink="true">https://romansky.dev/updates/local-sandboxing-trade-offs</guid><description>When process-level isolation is enough, when a VM earns its friction, and how to decide between them.</description><pubDate>Wed, 01 Jul 2026 12:00:00 GMT</pubDate><category>post</category><category>sandboxing</category><category>security</category><category>local-development</category></item><item><title>The TanStack npm Supply-Chain Compromise (and Agentic Coding)</title><link>https://romansky.dev/updates/tanstack-npm-supply-chain-compromise-agentic-coding</link><guid isPermaLink="true">https://romansky.dev/updates/tanstack-npm-supply-chain-compromise-agentic-coding</guid><description>Why npm supply-chain compromises are also a growing risk for people building agents, MCP servers, skills, and small tools.</description><pubDate>Wed, 13 May 2026 12:00:00 GMT</pubDate><category>post</category><category>supply-chain</category><category>security</category><category>agentic-coding</category><category>npm</category></item><item><title>Security for AI Is Catching Up!</title><link>https://romansky.dev/updates/security-for-ai-is-catching-up</link><guid isPermaLink="true">https://romansky.dev/updates/security-for-ai-is-catching-up</guid><description>Mapping the architecture, trust boundaries, and security risks emerging around AI and agent systems.</description><pubDate>Wed, 05 Mar 2025 13:36:17 GMT</pubDate><category>post</category><category>ai-security</category><category>agents</category><category>architecture</category><category>risk</category></item></channel></rss>