Blog

Technical writing

AI agent security, kill chain detection, and governance architecture.

June 5, 2026·9 min read

Your AI Agent Passed OAuth. Now What?

One developer logged 4,519 tool calls from his AI agent. 63 of them were things he never authorized. The agent had valid credentials the whole time. Here's why that's not a security problem — it's an infrastructure problem nobody has solved yet.

AI AgentsAuthorizationTrust InfrastructureEnterpriseRead

June 2, 2026·10 min read

Introducing the Agent Authorization Standard (AAS) v0.1

OAuth and RBAC answer one question: is this identity allowed in? They were never designed to answer what actually matters for autonomous agents. AAS is a vendor-neutral standard that does.

AI SecurityAgent GovernanceOpen StandardCISAAASRead

May 29, 2026·8 min read

Why Microsoft's Agent Governance Toolkit Misses Kill Chains

Microsoft's Agent Governance Toolkit validates each agent request independently. That's not enough. Here's the attack it can't see — and why stateful behavioral analysis is the only defense.

AI SecurityAgent GovernanceKill ChainsMicrosoft AGTRead