#security
9 posts tagged with "security".
-
Agent Security Moved to the Action Layer
• 6 min readRuntime authorization — intercepting tool calls before they execute — is becoming the real security boundary for agents, and a standard is forming fast.
-
Injection Stopped Being a Single-Turn Problem
• 5 min readOnce agents got long-term memory, a one-time prompt injection could survive across sessions. Mid-2026 research shows both the attack and the defense moving up the stack.
-
The Skill Supply Chain Got Poisoned Before It Got Secured
• 5 min readAgent skills are an executable supply chain that runs with your agent's full privileges — and the first wave of benchmarks shows our defenses see only half the attacks.
-
Code Is the Action Space Now
• 6 min readFrameworks are quietly replacing JSON tool calls with generated code. That collapses turns and tokens — and pushes isolation down to the single call.
-
The Agent Got Its Own Account
• 6 min readIn ten days of June 2026, agents got their own budget, their own permission manifest, and their own credentials. The agent is now a principal, not a feature.
-
State, Shells, and Shortcuts: The Agent Stack Spent Late May Fixing Its Foundations
• 6 min readMCP went stateless, a wave of coding-agent RCEs landed, and a new benchmark measured reward hacking — the three properties that make an agent useful all became liabilities.
-
Verification Is Becoming the Agent's Substrate
• 5 min readThe agents scaling fastest in mid-2026 share one trait: their output lands in a column a machine can check. The verifier, not the model, is the moat.
-
The Agent Trust Stack Just Got Built: Three Weeks in May 2026
• 6 min readSkill cards, self-hosted sandboxes, MCP tunnels, computer-use verifiers, and a Five Eyes warning all landed in twenty-one days. The boring perimeter around capable agents finally has shape.
-
Security for AI Agents: Prompt Injection, Sandboxing, and Authorization
• 9 min readAgents are systems that take instructions from untrusted text and execute actions. The 2026 threat model — prompt injection that's not solved, tool sandboxing, scoped credentials, and authorization that survives contact with the LLM.