Most security advice starts too late: after the app exists.
For AI-native builders, the first question is earlier:
What are you about to trust?
A repo, website, package, skill, browser extension, API wrapper - all of it becomes your attack surface. #AISecurity
