security
Articles
The Grant Table Is the Kill Switch: Access Control for a Shared AI Employee
Several people share one autonomous agent: the identity provider proves who they are, but a grant read live on every request decides whether they still get in.
What an Agent May Do Is Not How It May Start
One authorization setting was answering two unrelated questions. Splitting exposure from initiation is what made the entitlement model enforceable.
We Accidentally Built a Shadow System of Record
A review caught our agent console rendering the customer's own data back to them. We had built a shadow system of record nobody designed.
An Agent That Can Edit Its Own Autonomy Ceiling Has No Ceiling
OS-level file ownership - not prompt instructions - is the only reliable way to prevent an AI agent from modifying its own governance constraints.
Dead Code Removal Is a Security Audit, Not Just Cleanup
Deleting old adapter code forces a semantic comparison you would not otherwise do - and that is where security gaps surface, not where they get introduced.
Give an Agent Powerful Capabilities Without Giving It Credentials
Least-privilege for autonomous agents: mediate every Google Workspace grant through a separate privilege-dropped broker, never hand the agent the credential.
You Cannot Instruct an Agent Not to Leak
Memory notes told the agent not to echo secret values. It did anyway, twice. The fix was structural enforcement at the tool boundary, not better instructions.