Home on Aaron Ott

The Claude Customization Stack: MCP vs Skills vs Plugins

Tue, 10 Feb 2026 10:00:00 -0700

In about fourteen months, Anthropic shipped three different ways to customize and extend what Claude can do. MCP arrived in November 2024. Skills came in October 2025. Plugins landed January 30, 2026, and promptly wiped $285 billion off software stocks.

Even people who work with Claude every day are mixing these three things up, and I get it. The names are vague, the capabilities overlap, and there’s no clean comparison chart anywhere. I spent some time trying to understand what each one actually does, when you’d want to use it, and where the lines blur.

How I Turned a Knowledge Gap Into a Quiz Game

Thu, 22 Jan 2026 10:30:57 -0700

How I Turned a Knowledge Gap Into a Quiz Game

I’m embarrassingly bad at identifying flags. Like, really bad. Show me anything beyond the major world powers and I’m guessing. I recently saw the Scottish flag and could only identify it because the name Scotland was right next to it. This, eventhough I was recently in Scotland (🏴󠁧󠁢󠁳󠁣󠁴󠁿 just in case you were curious). I decided to see if Claude could help me with this so I started a quick session and said it would be fun to build a matching game to practice.

Hacker Manifesto 40 Years Later

Tue, 13 Jan 2026 07:55:53 -0700

It’s been 40 years since The Mentor (Loyd Blankenship) published “The Conscience of a Hacker” in Phrack. Still rings true today. I was curious to see what Claude would do with it so I asked it:

If you were to rewrite the hacker manefesto today, how would you write it?

It did not disappoint. I rarely post anything directly from my Claude sessions, but this one just hit. So, with no edits from me, here it is:

AI Security in 2025: What I Learned, and What I'll Be Watching for in 2026

Sun, 14 Dec 2025 09:41:00 -0700

This weekend I sat down with a couple of AI security reports for the year. I wanted to understand what the industry actually experienced in 2025, what broke in the real world, and how well those lessons line up with what many of us have been seeing in our own work. I read the Adversa AI incident report, IBM’s 2025 Cost of a Data Breach, and the EchoLeak research paper that documents the first real zero click prompt injection exploit in a production LLM system.

Learning n8n by Building: A Small Experiment With Big WYSIWYG Energy

Fri, 05 Dec 2025 09:00:00 -0700

A small morning-weather automation taught me how n8n thinks. It felt a lot like building with early WYSIWYG editors, only this time the output is real automation.

Pen Testing With Claude 4.5

Fri, 03 Oct 2025 10:46:31 -0600

I gave Claude 4.5 access to a Kali Linux box, pointed it at an intentionally vulnerable web app, and told it to find security holes. Fifteen minutes later, it handed me a report with 21 real vulnerabilities, including SQL injection, exposed repos, and misconfigured cookies. It also missed some obvious XSS flaws.

Here’s what worked, what didn’t, and when you’d actually want an AI doing your pen testing.

The Claude 4.5 system card shows big improvements in cyber capabilities. That’s interesting in theory, but does it actually work on real vulnerabilities? And more importantly, where does it fit in a security workflow? Prior to this I’d used MCP to run nmap scans and tested prompt-injection attacks on models, but this was my first time letting an AI run a full pen test. I ran this in a controlled environment so I could actually see what it’s doing and evaluate it properly, which is really the responsible way to test any tool before trusting it with anything that matters.

When Do You Trust AI

Sun, 21 Sep 2025 12:34:18 -0600

I was sitting with a friend this weekend, and we started talking about AI and when you actually trust what it tells you. His stance was pretty firm: “I don’t trust anything it says until I verify it.”

I followed up with the obvious question: “Well then, when are there efficiency gains in using AI?” If I have to fact-check every single answer, is it really saving me time, or just giving me more to verify?

Coding With Chatgpt vs Claude Code

Sun, 14 Sep 2025 11:32:18 -0600

ChatGPT vs Claude Code: How I Built an Analytics Stack (and When Each One Won)

I just finished standing up a lightweight analytics stack. I started with a single analytics.js in the browser, asked ChatGPT to reverse-engineer the backend from that client, and then pulled the repo into Claude Code to harden it, build tests, configs, and the “don’t-break-what-works” edits.

A few observations:

ChatGPT is a fantastic architect and first-draft generator. I asked it to write an NGINX config for the backend, add security headers, and enable HTTP/2 + QUIC. It produced a full, working setup on the first pass, plus a clean FastAPI scaffold for the ingest endpoints. Great velocity.
Claude Code is a careful surgeon. When I later needed targeted tweaks, adding specific analytics API endpoints, adjusting CORS/CSP, and wiring health checks, ChatGPT sometimes rewrote big sections of a config that were already correct (especially NGINX). Claude Code, operating repo-wide from the terminal, tended to find the exact lines and propose minimal diffs without collateral damage.

That pattern repeated: when the change was architectural or green-field, ChatGPT flew. When it was surgical, like threading changes through NGINX, systemd, app config, and tests, Claude Code earned its keep.

Building a Local Prompt Injection Lab

Sat, 06 Sep 2025 10:00:00 -0600

A couple of days ago I stumbled across this whitepaper: Cybersecurity AI: Hacking the AI Hackers via Prompt Injection. The premise intrigued me, using prompt injection as a way to “hack the hackers” when AI agents are in the attack chain. I wanted to see what this looked like in practice, so I spun up a local lab to reproduce (and play with) the concept.

First Attempt: Docker Without the LLM

I started by dropping the whitepaper into ChatGPT and asked it to build a lab environment. The initial code generated three Docker containers:

About

Mon, 01 Jan 0001 00:00:00 +0000

Hey, I’m Aaron.

I help teams make sense of application security and AI reliability with clear writing, useful playbooks, and approaches that fit how people actually work. My aim is simple: turn complex into practical and keep a friendly, no-jargon tone.

What I work on

SSDLC & threat modeling that developers will actually use
AI resilience: guardrails, evals, fallbacks, and disaster recovery (“When the Robot Breaks”)
Pen-testing workflows and lightweight automation that speed learning & remediation

A bit more human

Colorado-based. Big on dogs, hiking, and the occasional whiskey. I like teaching by building small labs and writing as I learn.