Blog
Runtime guardrails, compliance frameworks, and lessons from building the trust layer for production agentic systems.
You do not need a fine-tuned classifier to catch the bulk of prompt injection and tool-misuse attempts against production agents. Six boring rule-based detectors cover most of the real-world signal. Here is the code.
Prompt-level defenses treat every tool call the same. But an AI agent deleting a log file is not the same as one deleting an IAM role. Here is how to score blast radius at runtime, before the action runs, and use that score as a gate.
Append-only is not tamper-evident. Here is how to build an audit log that proves nothing in the past has changed, using HMAC-SHA256, a canonical schema, and a Postgres advisory lock. Lessons from production.
System prompts are suggestions. Gateways are enforcement. Here is why bolting safety instructions onto a prompt does not secure your agent in production, and what to build instead.
A practical breakdown of the OWASP Top 10 for Agentic Applications 2026, with real examples of what each risk looks like in production and the runtime controls that stop it.
Your AI agent does not need a permanent API key. Here is how to issue short-lived, least-privilege credentials per task using each cloud's native identity federation, and why the old way will eventually burn you.