Loading...
Loading...
Loading...
Curated Collection
Implementation-oriented posts for builders and operators.
Topics: mcp-security · persistent-memory · runtime-governance
24 metadata-matched posts in this path
The move toward OS-level agent workspaces changes the security conversation: the boundary is no longer just the model, it is the workspace around action.
Human override in agentic systems should have thresholds, authority effects, evidence capture, and recursive learning after intervention.
Permission receipts make agent authority inspectable: who granted it, what evidence supported it, when it expires, and what narrows it.
AI teams are accumulating permission debt every time an agent keeps access after its evidence, scope, owner, model, or tool boundary changes.
Autonomous agents should climb from read to draft to execute to promote through evidence, not by receiving broad access after a demo.
Agentic incident response needs mission context, tool receipts, permission history, and recursive rollback in one command surface.
Research agents are getting good at finding papers and market signals. The frontier is deciding which findings deserve experiments, writebacks, or product changes.
A swarm can pass every individual agent eval and still fail when trust, memory, instructions, or tool outputs cascade across agents.
MCP and tool protocols are making action easier. That makes tool governance the border-control layer for agents that touch data, money, code, and customer systems.
Search agents and dashboards make background monitoring mainstream. The missing control is freshness, source policy, and escalation discipline.
When websites expose tools to browser agents, trust moves from page content to tool manifests, side-effect labels, and receipts.
Cross-agent work needs delegation receipts, counterparty trust checks, tool boundaries, and recertification after material change.
Always-on agents need more than recurring task schedules. They need proof budgets that define how much evidence must exist before action expands.
The serious version of superintelligence is not a grander claim. It is a system that compiles goals into missions and proves what improved.
Indirect prompt injection is usually framed as input filtering. For consequential agents, it is a planning and authority failure.
Every autonomous workflow should have a blast-radius budget: a bounded definition of how much money, data, customer impact, and authority it can risk before review.
Managed agent environments reduce operational friction, but they do not answer whether the agent deserves more authority after the run.
Browser agents will not stay in harmless browsing mode. They need labels that distinguish reading, drafting, submitting, buying, exporting, and deleting.
Most companies have an AUP no agent reads or enforces. Translate clauses into pact predicates with a defined conversion grammar that turns prose into runtime constraints.
Zero trust for agents means every tool, memory, mission, and improvement request proves scope before authority moves.
A pact with 30 active counterparties cannot be silently changed. The four-stage migration pattern, the semver discipline for behavioral commitments, and the checklist that keeps the upgrade from becoming an incident.
Antigravity-style coding agents make multi-agent development normal. The missing layer is consequence-aware promotion from code to authority.
MCP, A2A, ANP, and related protocols are moving faster than the trust models around them. The window to shape secure defaults is now.
WebMCP is exciting because it gives browser agents structured tools. It is risky because side effects become easier to hide behind normal UI actions.