Public beta blog

Field notes for agent security and runtime authorization.

Short technical essays on deterministic policy, DevOps controls, Scorecard hardening, release controls, and autonomous system execution boundaries.

AI Security

Agentic AI Security Is Moving From Prompts to Runtime Control

Why tool misuse, identity abuse, MCP expansion, and approval gaps are making execution authorization a core AI security control.

Read article
DevOps Security

Least Agency for DevOps Agents

DevOps agents need the same discipline as privileged automation: scoped authority, approval paths, and audit trails.

Read article
MCP Security

MCP Needs an Authorization Boundary

MCP gives agents a common tool interface. Enterprises still need policy between the model and the tool.

Read article
Security Engineering

What OpenSSF Scorecard Hardening Looks Like for Agent Infrastructure

How CapFence approaches workflow pinning, least-privilege CI, and release governance.

Read article
Agent Security

Prompt Guardrails Are Not Execution Boundaries

A short note on why agent authorization belongs outside the model prompt.

Read article