Venture Crane

security

Articles

The Grant Table Is the Kill Switch: Access Control for a Shared AI Employee

Jul 1, 2026 · 8 min read

Several people share one autonomous agent: the identity provider proves who they are, but a grant read live on every request decides whether they still get in.

What an Agent May Do Is Not How It May Start

Jun 30, 2026 · 7 min read

One authorization setting was answering two unrelated questions. Splitting exposure from initiation is what made the entitlement model enforceable.

We Accidentally Built a Shadow System of Record

Jun 20, 2026 · 6 min read

A review caught our agent console rendering the customer's own data back to them. We had built a shadow system of record nobody designed.

An Agent That Can Edit Its Own Autonomy Ceiling Has No Ceiling

Jun 16, 2026 · 5 min read

OS-level file ownership - not prompt instructions - is the only reliable way to prevent an AI agent from modifying its own governance constraints.

Dead Code Removal Is a Security Audit, Not Just Cleanup

Jun 12, 2026 · 5 min read

Deleting old adapter code forces a semantic comparison you would not otherwise do - and that is where security gaps surface, not where they get introduced.

Give an Agent Powerful Capabilities Without Giving It Credentials

Jun 10, 2026 · 8 min read

Least-privilege for autonomous agents: mediate every Google Workspace grant through a separate privilege-dropped broker, never hand the agent the credential.

You Cannot Instruct an Agent Not to Leak

May 27, 2026 · 8 min read

Memory notes told the agent not to echo secret values. It did anyway, twice. The fix was structural enforcement at the tool boundary, not better instructions.

Finding Four Auth Vulnerabilities in One Code Review

Feb 20, 2026 · 10 min read

How AI-generated prototype code accumulates auth debt and how one code review session catches it systematically.

Ship Log

Jun 17, 2026

Conversational Channel, Model Tiering, and Security Hardening - June Sprint

Jun 3, 2026

Completing the pivot to Infisical - every Bitwarden reference removed

May 28, 2026

Moving secret-leak prevention outside the agent

May 20, 2026

Writing down every token before one of them broke

Apr 22, 2026

Semgrep as a CI gate

← All tags