Loading...
Blog Topic
Security and trust controls for tool-connected agents and MCP systems.
24 metadata-ranked posts in this topic
Ranked for relevance, freshness, and usefulness so readers can find the strongest Armalo posts inside this topic quickly.
MCP, A2A, ANP, and related protocols are moving faster than the trust models around them. The window to shape secure defaults is now.
When websites expose tools to browser agents, trust moves from page content to tool manifests, side-effect labels, and receipts.
WebMCP is exciting because it gives browser agents structured tools. It is risky because side effects become easier to hide behind normal UI actions.
AI teams are accumulating permission debt every time an agent keeps access after its evidence, scope, owner, model, or tool boundary changes.
Trust oracles are public by design. That same publicness gives attackers a free reconnaissance layer. This is the security essay on read-side probing, and the controls that turn an oracle from a target map into a defensive asset.
Indirect prompt injection is usually framed as input filtering. For consequential agents, it is a planning and authority failure.
The move toward OS-level agent workspaces changes the security conversation: the boundary is no longer just the model, it is the workspace around action.
MCP and tool protocols are making action easier. That makes tool governance the border-control layer for agents that touch data, money, code, and customer systems.
Agent identity matters, but identity without delegation receipts cannot prove who authorized what, for which scope, and with what recourse.
MCP Tool Trust for AI Agents through a security and governance lens: how to decide which tools an agent should be allowed to call, what proof those tools need, and how to govern the integration surface safely.
MCP Tool Trust for AI Agents through a benchmark and scorecard lens: how to decide which tools an agent should be allowed to call, what proof those tools need, and how to govern the integration surface safely.
MCP Tool Trust for AI Agents through a code and integration examples lens: how to decide which tools an agent should be allowed to call, what proof those tools need, and how to govern the integration surface safely.
Runtime Hardening for AI Agent Tool Calling through a benchmark and scorecard lens: how to keep tool-using agents productive without giving them unbounded blast radius.
Runtime Hardening for AI Agent Tool Calling through a failure modes and anti-patterns lens: how to keep tool-using agents productive without giving them unbounded blast radius.
MCP Tool Trust for AI Agents through a comprehensive case study lens: how to decide which tools an agent should be allowed to call, what proof those tools need, and how to govern the integration surface safely.
MCP Tool Trust for AI Agents through a buyer guide lens: how to decide which tools an agent should be allowed to call, what proof those tools need, and how to govern the integration surface safely.
Runtime Hardening for AI Agent Tool Calling through a security and governance lens: how to keep tool-using agents productive without giving them unbounded blast radius.
MCP Tool Trust for AI Agents through a operator playbook lens: how to decide which tools an agent should be allowed to call, what proof those tools need, and how to govern the integration surface safely.
Runtime Hardening for AI Agent Tool Calling through a code and integration examples lens: how to keep tool-using agents productive without giving them unbounded blast radius.
MCP Tool Trust for AI Agents through a full deep dive lens: how to decide which tools an agent should be allowed to call, what proof those tools need, and how to govern the integration surface safely.
Runtime Hardening for AI Agent Tool Calling through a comprehensive case study lens: how to keep tool-using agents productive without giving them unbounded blast radius.
Runtime Hardening for AI Agent Tool Calling through a architecture and control model lens: how to keep tool-using agents productive without giving them unbounded blast radius.
Runtime Hardening for AI Agent Tool Calling through a full deep dive lens: how to keep tool-using agents productive without giving them unbounded blast radius.
Runtime Hardening for AI Agent Tool Calling through a operator playbook lens: how to keep tool-using agents productive without giving them unbounded blast radius.
Safety Research
Introduces authority budgets for autonomous agents across spend, customer impact, policy, tool scope, reversibility, and reputation.