Insights on AI agent security, trust, and compliance.
An unmonitored AI agent isn't free — it's a liability you haven't been invoiced for yet. Here's the incident-cost math, and why the cheapest insurance against a seven-figure number starts at $0.
A2A v1.0 added Signed Agent Cards, so agents can now prove who they are. But a signature is an identity claim, not a behavioral one — it says nothing about whether the agent on the other end is reliable, low-risk, or safe to hand a task to. Here's the gap A2A leaves open by design, and how a trust layer fills it.
82% of companies have watched an AI agent go rogue. Only 5% of CISOs think they could contain one. That gap isn't a detection problem — it's an incident response problem. Here's the full runbook, wired to features you can use today.
A user invokes Article 17. Your agent touched their data across fourteen tool calls, a memory store, and a knowledge base. 'Delete it' is the easy part. Proving you did — to a regulator, without breaking your audit trail — is the part most deployments can't do.
Anyone can publish an agent to a marketplace. That's exactly the problem — ClawHub proved it with 341 malicious skills and a one-week-old GitHub account as the only gate. Here's why the guardrails have to live inside the template, scanned before it ships.
Most trust systems measure outcomes. We're adding the one that measures whether the agent knew what it didn't know.
Level 0: you don't know how many agents you have. Level 4: every action is scored, logged, and provable to an auditor. Here's the five-rung ladder — and the gap between grading your intentions and grading your instrumentation.
Polling a trust endpoint every five minutes is a five-minute window in which a misbehaving agent is still trusted. Here's the webhook contract VeriSwarm ships today — every trust decision pushed as a signed delivery the moment it's made, HMAC-SHA256 with the timestamp inside the signature, three-attempt exponential backoff, and a circuit breaker that pulls dead endpoints — plus the consumer-side wiring that turns a deny decision into an immediate session revocation.
Agent A trusts Agent B. Agent B trusts Agent C. Agent C goes rogue. Here's why static delegation lets that failure cascade — and how scoped credentials, independent scoring of the delegate, and a hash-chained ledger collapse the chain back into something you can actually audit.
Asking a model to grade its own response is asking the suspect to run their own polygraph. Cross-model consensus catches what self-check misses — and it's the only credible defense against memory and context poisoning.
A customer support chatbot and a medical triage agent should not share trust rules. Here's how scoring profiles, vertical templates, and per-industry thresholds collapse into one tenant-scoped configuration.
On April 20, OpenAI's routing layer hit memory limits and took ChatGPT, Codex, and the API down for two hours and thirty-five minutes. The right question for anyone running agents on top of a hosted LLM is not whether your provider will have an outage — it is what your agent does in the next 60 seconds.
Composite trust scores tell you an agent is at 723 out of 1000. They don't tell you which axis failed. Here's how four dimensions plus a 22-event taxonomy give you a diagnosis instead of a number.
Most agent identity systems answer who. Almost none of them answer how trustworthy. Here's how a portable, JWKS-verifiable credential carries an agent's live trust score across organizational boundaries — without forcing the relying party to call your API on every check.
A hash-chained audit log only matters if you can run the verification, read the result, and respond when it fails. Here's the endpoint, the response shape, what a real break looks like, and the runbook for the moment it does.
You hardened the prompt. Great. The injection just pivoted to the tool call. Why prompt-layer defenses miss the actual attack path — and what blocking it requires.
Six new AI laws signed in 33 days across NY, CA, NE, WA, ID, and OR. Most of the press coverage is breathless. The actual deployer obligations are narrower — and they rhyme.
Guard Proxy ships four built-in transformers — PII tokenization, context inject, field mask, schema validate — running on every MCP tool call in a fixed order. Here's what each one does, what triggers it, and how to configure your own.
The Colorado AI Act becomes enforceable June 30, 2026 — 33 days before the EU AI Act. For US agent operators, it's the closer deadline, and the requirements name NIST AI RMF and ISO 42001 by name.
The first agent to get kicked off your platform almost certainly has a track record somewhere else. You just can't see it — because every AI vendor silos its trust signals. Here's the mechanical walkthrough of how a privacy-preserving cross-tenant reputation layer actually works: the hashing, the endpoints, the score-blending math, and what a public lookup returns to an unauthenticated caller.
The EU AI Act doesn't explicitly mandate cryptographic audit logs. It mandates records 'over the lifetime of the system' — which is functionally the same thing once an auditor starts asking questions. Here's the difference between declaring your logs are trustworthy and proving it.
Your eval suite said the model scored 94% on BoolQ. Your agent still leaked a customer's SSN on Tuesday. Evaluations grade the model offline. Scoring grades the agent in production. They are not substitutes.
60% of organizations can't terminate a misbehaving AI agent. And the ones that can? Most can't prove it happened. Here's what EU AI Act Article 14 actually requires — and why your kill switch probably isn't compliant.
A poisoned security scanner led to compromised PyPI packages, 119K downloads in 40 minutes, and exfiltrated credentials across the AI stack. The LiteLLM incident is a wake-up call for every team routing LLM traffic through third-party libraries.
Microsoft's Azure MCP Server shipped with no authentication on critical functions. CVSS 9.1. No patch yet. If 'the reverse proxy with auth' is the official mitigation, that's the category we build.
Security researchers filed 30+ CVEs against MCP servers in early 2026, including a CVSS 9.6 RCE in a package downloaded half a million times. August 2 brings €35M fines. The math is not in your favor.
Microsoft just shipped an open-source runtime enforcement toolkit for all 10 OWASP Agentic AI risks. The framework is no longer aspirational — it's a production checklist. Here's how every risk maps to observable, controllable behavior.
Microsoft's new Agent Governance Toolkit tackles all 10 OWASP agentic risks. It's a massive validation of the agent trust category — and a clear signal that DIY governance won't scale.
Most agents pass raw PII directly to third-party MCP tool servers. Zero tokenization. Zero audit trail. Here's what the data shows — and how to stop it without rewriting your agent.
You have an AI agent inventory problem. You just don't know it yet. Shadow agents are the new shadow IT — faster, harder to detect, and exponentially more dangerous.
Agent identity tells you who. Agent trust scoring tells you what they'll do. Why verified AI agents still need continuous behavioral monitoring.
EU AI Act agent compliance: what Articles 12 and 14 require before the August 2, 2026 enforcement deadline, and how to generate audit-ready evidence.
MCP server security has three gaps: PII leakage through tool calls, prompt injection via tool responses, and uncontrolled tool access. Here's how a proxy closes all three.
Agent trust scoring replaces binary access control with behavior-based permissions. Here's how it works and why it matters for AI agent governance.