Blog

Security engineering for AI agents.

Technical writing on prompt injection, agentic threats, MCP governance, and building real defenses — not compliance theater.

EngineeringMay 17, 2026·6 min read

Why your AI agent needs a circuit breaker, not just logging

Observability tells you what happened after the fact. Enforcement stops the damage before it reaches your customers. The gap between these two isn't philosophical — it's architectural. Here's how they differ and why it matters now.

Read article →

SecurityMay 16, 2026·9 min read

OWASP Agentic Top 10: what it means for companies deploying AI agents

OWASP's emerging framework for agentic AI risk covers prompt injection, insecure tool execution, excessive agency, and seven more categories. A practical breakdown of each risk and what your team needs to actually address it in production.

Read article →

SecurityMay 15, 2026·8 min read

How prompt injection attacks work in multi-agent systems

In a single-agent setup, injection is bad. In a multi-agent system with shared context and tool delegation, it's catastrophic. A technical walkthrough of injection propagation across agent boundaries, with real attack patterns and detection strategies.

Read article →

InfrastructureMay 14, 2026·7 min read

MCP security: governing tool calls in Anthropic's Model Context Protocol

MCP makes it easy to give AI agents powerful tools. It doesn't tell you how to govern them. Every MCP tool call crosses a trust boundary. Here's how to instrument, inspect, and enforce policy on MCP servers before they become your biggest attack surface.

Read article →

EngineeringMay 13, 2026·10 min read

Building a JIT credential vault for AI agents

Long-lived credentials are the wrong mental model for agentic systems. Just-in-time token issuance, scoped to a single tool call, with automatic expiration — this is how you eliminate the credential sprawl problem before it becomes a breach.

Read article →