Field notes for agent security and enterprise automation.
Short technical essays on deterministic policy, DevOps controls, Scorecard hardening, release governance, and autonomous system trust boundaries.
Agentic AI Security Is Moving From Prompts to Runtime Control
Why tool misuse, identity abuse, MCP expansion, and approval gaps are making execution authorization a core AI security control.
Read articleDevOps SecurityLeast Agency for Enterprise DevOps
Agentic DevOps needs the same discipline as production access: scoped authority, approval paths, and audit trails.
Read articleMCP SecurityMCP Needs an Authorization Boundary
MCP gives agents a common tool interface. Enterprises still need policy between the model and the tool.
Read articleSecurity EngineeringWhat OpenSSF Scorecard Hardening Looks Like for Agent Infrastructure
How CapFence approaches workflow pinning, least-privilege CI, and release governance.
Read articleAgent SecurityPrompt Guardrails Are Not Execution Boundaries
A short note on why agent authorization belongs outside the model prompt.
Read article