Agent Security
The attack surfaces, trust boundaries, and runtime defenses for autonomous AI systems. MCP vulnerabilities, supply chain risks, sandbox escapes, and governance frameworks.
31 articles
Featured Guides
MCP Tools Need Action-Level Authorization
MCP tools need action-level authorization: bearer-token validation must lead to per-tool, per-role, and per-action capability checks before agents act.
Agent Keys Need Risk Budgets
Shuriken's Agent Kit shows why AI agent tools that can act need scoped keys, server-side limits, activity logs, revocation, and conservative defaults.
AI Agent Ownership Is the Trust Primitive
AI agent ownership links every autonomous action to the account, session, scope, and operator who can stop it, review it, and accept responsibility.
Agents.txt Is Not Access Control
Agents.txt is not access control. Use robots.txt, llms.txt, bot verification, logs, and server-side policy to manage AI crawlers without false confidence.
AI Agent Monitoring Needs Runtime Intervention
AI agent monitoring should catch decisive errors during a run, not after failure. Runtime intervention turns traces, policies, and alerts into safe pauses.
AI Malware Analysis Needs Evidence Packets
AI malware analysis needs evidence packets: hashes, commands, indicators, and claim-to-evidence trails matter more than confident agent summaries.
AI Agent Config Security Is Supply Chain Security
AI agent config security belongs in supply-chain review: hooks, editor tasks, install scripts, MCP files, and plugins can execute code before you notice.
AI Agent Approval Prompts Are Not Authorization
AI agent approval prompts need scoped authority, risk lanes, audit logs, expiry, and revocation so humans approve concrete actions, not fluent requests.
Open Source Is Not a Security Boundary
GDS guidance on AI vulnerability discovery gets open-source security right: hide less by default, fix faster, and make exceptions explicit with evidence.
The Repo Shouldn't Get to Vote on Its Own Trust
Two Claude Code trust dialog bypass CVEs in 37 days reveal a load-order failure. One invariant fixes it: interpret no workspace byte until the...
The Agent Operator's Handbook: Supervising What You Can't See
Operating autonomous AI agents is a new discipline. Five responsibilities, a supervision stack, and an intervention framework define what operators do.
Runtime Defense for Tool-Augmented Agents
ClawGuard demonstrates deterministic tool-call interception works. The Vercel telemetry incident shows why. Runtime defense is the enforceable layer.
Cybersecurity Is Proof of Work: AI Attacks at $12,500 a Run
Claude Mythos completed a 32-step corporate network attack simulation in 3 of 10 tries. Each attempt cost $12,500 in tokens. Security is now a...
Your Agent Has a Middleman You Didn't Vet
Researchers tested 28 LLM API routers. 17 touched AWS canary credentials. One drained ETH from a private key. The router layer is the new attack surface.
MCP Servers Are the New Attack Surface
50 MCP vulnerabilities, 30 CVEs in 60 days, 13 critical. Tool-use protocols are the attack surface nobody is auditing — here's the taxonomy and the fixes.
Project Glasswing: When a Model Finds Too Many Bugs
Project Glasswing shows Anthropic restricting Claude Mythos after it found thousands of zero-days. What the rollout means for AI-assisted security.
When Your Agent Finds a Vulnerability
An Anthropic researcher found a 23-year-old Linux kernel vulnerability using Claude Code and a 10-line bash script. 22 Firefox CVEs followed.
What the Claude Code Source Leak Reveals
11 findings from the Claude Code source leak: how auto mode, bash security, prompt caching, and multi-agent coordination actually work.
Every Hook Is a Scar: 84 Agent Failures Encoded in Code
84 hooks intercept 15 of the 26 lifecycle event types Claude Code exposes. Each one traces back to a specific production failure: wiped caches,...
The Fork Bomb Saved Us
The LiteLLM attacker made one implementation mistake. That mistake was the only reason 47,000 installs got caught in 46 minutes.
AI Agent Research: Claude Beat 33 Attack Methods
Claude Code autonomously discovered adversarial attacks with 100% success rate against Meta's SecAlign-70B, beating all 33 published methods in 96...
AI Supply Chain Attacks: The Supply Chain Is the Surface
Trivy got compromised via tag hijacking, then LiteLLM on PyPI, then 47,000 installs in 46 minutes. The AI supply chain worked exactly as designed.
AI Agent Security: The Deploy-and-Defend Trust Paradox
1 in 8 enterprise AI breaches involve autonomous agents. Runtime hooks, OS-level sandboxes, and drift detection break the deploy-and-defend cycle.
Every Iteration Makes Your Code Less Secure
43.7% of LLM iteration chains introduce more vulnerabilities than baseline. Adding SAST scanners makes it worse. SCAFFOLD-CEGIS cuts degradation to 2.1%.
Agent Sandbox Security Is a Suggestion: Three Failure Levels
An attacker opened a GitHub issue and shipped malware in Cline's next release. Agent sandboxes fail at three levels. Here is what actually works.
AI Agent Observability: Monitoring What You Can't See
AI agents consume disk, CPU, and network with zero operator visibility. Three observability layers close the gap before damage is irreversible.
Silent Egress: The Attack Surface You Didn't Build
A malicious web page injected instructions into URL metadata. The agent fetched it, read the poison, and exfiltrated the API key. No error. No log.
What I Told NIST About AI Agent Security
Production evidence submitted to NIST: AI agent threats are behavioral. 7 failure modes, 3-layer defense, and framework gaps from 60 daily sessions.
The Fabrication Firewall: When Your Agent Publishes Lies
An autonomous agent published fabricated claims to 8 platforms over 72 hours. Training-phase safety failed at the publication boundary. Here is the fix.
AI Agent Memory Degradation: Why Multi-Turn LLMs Collapse
LLMs lose 39% accuracy across 200K+ multi-turn sessions. Three mechanisms drive collapse and longer context windows fix none of them.
Runtime Constitutions for AI Agents: A Governance Framework
Runtime constitutions enforce AI agent governance where training-phase alignment fails. Competence checks, output gates, and four subsystems keep...