{"slug": "weekly-dev-log-2026-w07", "title": "Weekly Dev Log 2026-W07", "summary": "A developer completed two more sections of a SwiftUI tutorial and published a standalone article about reverse engineering. The developer also began creating UI designs for a portfolio website in Figma, while starting research into Figma MCP for generative AI-assisted design. Additionally, the developer completed the \"Securing AI Systems\" room on TryHackMe as part of an AI security learning path.", "body_md": "##\n๐Ÿ—“๏ธ This Week\n\n- Completed two more sections of the SwiftUI tutorial ๐Ÿฆพ As I continue working through the tutorial, I can feel my understanding of\n**SwiftUI fundamentals becoming more solid**๐Ÿ”ฅ\n- It was\n**my first time posting a standalone article** about reverse engineering๐Ÿ“ If you're interested, feel free to check it out ๐Ÿ‘‡\n-\n**I started creating UI designs for my future portfolio website in Figma.** I was able to roughly sketch out the overall structure of the site, but I also realized **how difficult it is to create modern and stylish UI designs.** (It really made me realize I donโ€™t have much design sense yet ๐Ÿ˜‚๐Ÿ’ฆ)\n- While struggling with the design process, I came across several articles about\n**Figma MCP**. That made me interested in exploring how generative AI could help with UI design ideas, so **I decided to start researching Figma MCP further.**\n- Completed\n**Securing AI Systems** room from the AI Security Learning Path on TryHackMe this week๐Ÿค–\n\n##\n๐Ÿ“ฑ iOS (SwiftUI)\n\n- Worked through the SwiftUI tutorial and completed \"Create an Algorithm for Badges\" and \"Add inclusive features\"\n\n##\n๐ŸŒ Web Development\n\n- Posted my weekly dev log on Dev.to and a standalone article about my first attempt at reverse engineering ๐Ÿ“\n- Created rough portfolio website UI layouts in Figma\n- Used shadcn/ui component library design templates in Figma\n- Started learning UI design in Figma using community resources\n\n##\n๐Ÿ” Security (TryHackMe)\n\n- Completed Securing AI Systems room (part of the AI Security Learning Path) on TryHackMe.\n\n#\n๐Ÿ’ก Key Takeaways\n\n##\n๐Ÿ“ฑ SwiftUI Learning\n\n###\nAdd inclusive features\n\n- Learned that SwiftUI automatically adapts UI elements for Light and Dark Mode by default.\n- Learned how to preview and compare Light and Dark Mode layouts in the Xcode canvas.\n- Understood that system-provided semantic styles help SwiftUI automatically adjust UI appearance.\n- Learned that SwiftUI uses view modifiers to customize\n`ScrollView`\n\nbehavior.\n- Understood that\n`.scrollBounceBehavior(.basedOnSize)`\n\nonly enables bouncing when the content is larger than the visible area.\n- Learned that\n`.defaultScrollAnchor(.center, for: .alignment)`\n\ncenters smaller content inside a `ScrollView`\n\n.\n- Learned that the\n`dynamicTypeSize`\n\nmodifier can be applied to any SwiftUI view.\n- Learned how\n`AttributedString(localized:)`\n\nsupports localization-aware text in SwiftUI.\n- Understood that\n`(inflect: true)`\n\nautomatically changes words like โ€œDayโ€ and โ€œDaysโ€ based on the number value.\n- Learned that SwiftUI can apply different font styles to specific parts of an\n`AttributedString`\n\n.\n- Realized that Apple provides built-in grammar inflection support for more natural localized UI text.\n\n##\n๐ŸŒ Web Development Learning\n\n- Reviewed several useful functions in Figma\n- Learned the importance of focusing on the overall page layout before designing detailed UI components\n\n##\n๐Ÿ” TryHackMe Learning\n\n###\nSecuring AI Systems\n\n####\nTask 2 Anatomy of an AI System\n\n- Traditional apps use deterministic logic, while AI systems rely on probabilistic model inference.\n- AI systems accept free-form natural language, making input validation much harder.\n- Prompt Construction combines the system prompt, user input, and retrieved context before sending data to the LLM.\n-\n**RAG** allows LLMs to retrieve external knowledge from a vector store or other data sources.\n- A vector store contains embedded representations of internal documentation for retrieval-augmented generation (RAG)\n- Trust boundaries are points where data moves between different security contexts.\n- Major trust boundaries include user-to-system, system-to-LLM, LLM-to-tools, and system-to-user.\n- LLM-to-tools is especially sensitive because model output can trigger real actions.\n- Tool layers may execute database queries, API calls, or file operations on behalf of the LLM.\n- Security controls are needed at every boundary to reduce prompt injection and data leakage risks.\n\n####\nTask3 The AI Attack Surface\n\n- Studied the\n**OWASP LLM Top 10** and how major risks affect AI-integrated systems.\n- Learned that\n**MITRE ATLAS** documents adversary tactics and exploitation techniques for AI systems.\n- Studied how\n**the NIST AI RMF** approaches AI security from a governance and risk management perspective.\n- Learned the difference between OWASP (vulnerabilities), ATLAS (attack techniques), and NIST AI RMF (risk governance).\n\n####\nTask4 System-Level Threats\n\n- Studied how LLM10 Unbounded Consumption can cause resource exhaustion and extreme cost increases through excessive requests.\n- Learned that system prompts may leak internal rules, tool information, and architecture details if exposed.(LLM07).\n- Understood that LLM output must never be trusted as safe input for downstream systems.(LLM05)\n- Learned that Excessive Agency occurs when AI systems are given unnecessary permissions, tools, or autonomy.(LLM06)\n- Learned that users may unintentionally leak sensitive information when using AI systems.(LLM02)\n- Studied how the OWASP LLM risks relate to the CIA triad across confidentiality, integrity, and availability.\n\n####\nTask 5 Secure Design Patterns\n\n- Learned that security controls are most effective when applied during the design stage of AI systems.\n- Learned that layered controls reduce the risk of end-to-end attack success.\n- Understood\n**the importance of least privilege for AI tools, API tokens, and database access.**\n- Learned that write operations should require human approval before execution.\n- Studied how input and output validation reduce\n**prompt injection** and downstream injection risks.\n- Learned that\n**MLSecOps** integrates security throughout the AI and machine learning lifecycle.\n\n#\n๐Ÿš€ Next Week\n\n- Complete the badge algorithm in the SwiftUI tutorial.\n- Continue posting small articles on Dev.to.\n- Explore Figma MCP and experiment with generating UI design ideas using AI.\n- Continue working on the AI Security Learning Path.\n\n#\n๐ŸŒˆ Goals for This Year\n\n##\n๐Ÿ“ฑ iOS (SwiftUI)\n\n- Build a solid foundation in SwiftUI and create at least one iOS app.\n\n##\n๐ŸŒ Web Development\n\n- Continue posting learning logs on Dev.to and eventually turn them into a portfolio site using React Router v7.\n\n##\n๐Ÿ” Security (TryHackMe)\n\n- Continue learning cybersecurity on TryHackMe.", "url": "https://wpnews.pro/news/weekly-dev-log-2026-w07", "canonical_source": "https://dev.to/umitomo-lab/weekly-dev-log-2026-w07-3hab", "published_at": "2026-05-29 00:18:11+00:00", "updated_at": "2026-05-29 00:41:21.712938+00:00", "lang": "en", "topics": ["ai-safety"], "entities": ["SwiftUI", "Figma", "TryHackMe", "Dev.to", "shadcn/ui"], "alternates": {"html": "https://wpnews.pro/news/weekly-dev-log-2026-w07", "markdown": "https://wpnews.pro/news/weekly-dev-log-2026-w07.md", "text": "https://wpnews.pro/news/weekly-dev-log-2026-w07.txt", "jsonld": "https://wpnews.pro/news/weekly-dev-log-2026-w07.jsonld"}}