Field notes for agent security and runtime authorization.
Short technical essays on deterministic policy, DevOps controls, Scorecard hardening, release controls, and autonomous system execution boundaries.
Agentic AI Security Is Moving From Prompts to Runtime Control
Why tool misuse, identity abuse, MCP expansion, and approval gaps are making execution authorization a core AI security control.
Read articleDevOps SecurityLeast Agency for DevOps Agents
DevOps agents need the same discipline as privileged automation: scoped authority, approval paths, and audit trails.
Read articleMCP SecurityMCP Needs an Authorization Boundary
MCP gives agents a common tool interface. Enterprises still need policy between the model and the tool.
Read articleSecurity EngineeringWhat OpenSSF Scorecard Hardening Looks Like for Agent Infrastructure
How CapFence approaches workflow pinning, least-privilege CI, and release governance.
Read articleAgent SecurityPrompt Guardrails Are Not Execution Boundaries
A short note on why agent authorization belongs outside the model prompt.
Read article