Research

Notes on securing AI agents in the wild.

Field notes and implementation guides for coding agents, MCP servers, productivity agents, and the runtime policy layer between them.

Why runtime decisions matter

Prompt review is useful context. Enforcement belongs at the moment an agent reads, writes, runs, or sends.

Cowork and MCP tools need the same policy path as coding agents: server, tool, arguments, user, verdict.

A useful security timeline ties prompt, tool input, output, model, cost, repository, and identity together.