Blog
Field notes on agent reliability
Keeping autonomous AI agents from doing something irreversible: action firewalls, the MCP recovery gap, and deterministic floors you can verify in two minutes.
- aisecurityllmopensource
I catalogued 32 real AI-agent failures, then marked the ones we cannot stop
A public registry of 32 cited agent failures, indexed onto the OWASP Agentic Security Top 10, with a runnable repro on every covered entry and the four categories we do not cover named out loud.
Read the post - aiagentssecurityllm
Your API gateway can't see your AI agent run rm -rf
An API gateway sits on the wire, but an agent's rm -rf, secret read, and DROP TABLE never become HTTP it can inspect. Where agent guardrails actually belong.
Read the post - aimcpsecurityllm
Is your MCP server safe? One line in mcp.json, and your agent recovers from its own DROP TABLE
Wrap any MCP server with one line in mcp.json. A deterministic floor blocks the destructive tool call, and the run recovers instead of dying on the block.
Read the post - aimcpsecurityllm
The NSA wrote the MCP threat model. It never says what your agent does after the block.
The NSA's MCP security sheet says deny high-risk tool calls at runtime, but never says what your agent does after the block. That gap is the interesting part.
Read the post - aipythonsecurityllm
I let my AI agent provision cloud infra. Then I made sure it couldn't go bankrupt doing it.
An agent with cloud credentials doesn't wipe your database, it drains your budget. Why a network scan is hard-blocked but provisioning is escalated to a human: gate on consequence, not identity.
Read the post - aipythonsecurityllm
I gave my AI agent database access. Then I built a firewall so it couldn't wipe prod.
An autonomous agent generated DROP TABLE on a real database. Here is the deterministic, keyless action firewall I built so a tool call cannot wipe prod.
Read the post