Venture Crane

ai-employee

Articles

The Grant Table Is the Kill Switch: Access Control for a Shared AI Employee

Jul 1, 2026 · 8 min read

Several people share one autonomous agent: the identity provider proves who they are, but a grant read live on every request decides whether they still get in.

What an Agent May Do Is Not How It May Start

Jun 30, 2026 · 7 min read

One authorization setting was answering two unrelated questions. Splitting exposure from initiation is what made the entitlement model enforceable.

Bake Every Author-Built Connector In, Keep It Inert Until Bound

Jun 29, 2026 · 8 min read

When a vendor has no MCP server you author your own. The real decision is where that connector code lives: baked into one shared image, inert until bound.

An Agent That Can Edit Its Own Autonomy Ceiling Has No Ceiling

Jun 16, 2026 · 5 min read

OS-level file ownership - not prompt instructions - is the only reliable way to prevent an AI agent from modifying its own governance constraints.

Ship Log

Jun 17, 2026

Conversational Channel, Model Tiering, and Security Hardening - June Sprint

May 29, 2026

Hardening an AI employee into a config-governed, safety-gated system

May 24, 2026

Moving agent fetch loops into a code-execution primitive

May 22, 2026

Going vendor-direct MCP first and retiring an aggregator default

← All tags