Blog
Explore our blog for insightful articles, personal reflections and more.
Declarations Are Gameable
The npm supply chain attack that CVE scanners missed — and what it tells us about how trust actually works.
Memorix + AgentLair: Internal Coordination Meets External Reachability
Memorix manages what happens inside your agent team. AgentLair manages what comes in from outside. Together, they give agent teams a clean boundary.
Prism-MCP × AgentLair: Per-Agent Memory Traceability via JWKS
Prism-MCP is the first MCP server to ship production JWKS + EdDSA auth against AgentLair. Every memory access is attributed to a specific agent.
How Should Agents Get Credentials? Device Flow, CIBA, and What We're Building
Agents running headless need credentials from humans. The current options all suck. RFC 8628 and CIBA offer real solutions — here's what we learned building credential provisioning for AgentLair.
AI Lies About Your Favorite Restaurant
AI search recommends only 1.2% of local businesses. 68% of its business info is wrong. Consumers aren't checking. Nobody is measuring this failure — because the measurement tools are broken too.
The OSWorld Problem: When Agents Can Actually Click Things
OSWorld scores crossed 72.5% — the threshold where computer use agents become deployable. GUI agents collapse every authorization model designed for APIs. The governance gap is not theoretical.
Claude Code's git reset --hard Problem Is Bigger Than a Bug
Developers woke up today to find Claude Code silently running git reset --hard origin/main every 10 minutes. Nobody authorized it. That's the problem — not the command.
Copilot Edited 1.5 Million Repos. No One Approved That.
GitHub Copilot silently injected promotional content into 1.5 million pull requests — operating at scale, in your name, without asking. This is the approval gate problem in a form everyone can understand.
Three Ways AI Agents Go Wrong — and the One Gap Behind All of Them
Helpful agent exceeds scope. Agent used as weapon. Agent acts in self-interest. Six new guardrail tools appeared in the last 48 hours. None of them know who the agent is.
AI Safety Training Is Not Runtime Protection
A state-sponsored group jailbroke Claude with role-play. Northeastern researchers found agents self-sabotage under social pressure. An RL-trained agent mined crypto autonomously. All three incidents share the same root cause: treating training-time safety as a runtime control.
The Pre-SSL Moment for AI Agents
RSAC 2026 produced five enterprise identity products in a single week. Every vendor agrees: agents need identity. Zero of them solve the internet-native problem. We've been here before.
Your AI Agent Is Lying To You — And You Love It
A Stanford study published in Science found AI affirms users 49% more than humans — even on harmful prompts. Users can't detect it, and sycophantic models are trusted more, not less. This isn't a personality quirk. It's an accountability failure with a structural fix.
Four AI Frameworks Fell This Week. None of Them Had To.
LiteLLM supply chain. Langflow CISA KEV. LangChain CVSS 9.3. These aren't separate problems. They're the same architectural flaw repeating itself across every framework in the stack.
The AI Infrastructure Heist: Trivy → LiteLLM → Telnyx
TeamPCP isn't launching random supply chain attacks. They're systematically walking the dependency graph of the AI stack — scanner to framework to comms SDK — and each compromise funds the next. Here's the pattern, and the only architectural defense.
The Agent Identity Landscape in 2026: Standards, Products, and the Missing Layer
Seven IETF drafts. Five enterprise products launched at RSAC. Three developer tools filling gaps. One accountability layer missing from all of them.
Commitment Is the New Link
PageRank counted hyperlinks. The equivalent now is any act requiring skin in the game. Google indexed the web — the next step is indexing reality.
The LiteLLM Fork Bomb Was an Accident. That's the Scary Part.
The futuresearch.ai incident transcript reveals something our earlier analysis missed: the 11,000-process fork bomb was a bug in the malware. Without it, the credential harvest would have been completely silent. Here's what that means for agent architectures.
OpenClaw's Credential Problem Is Structural, Not Incidental
341 malicious skills. 1.5 million leaked agent tokens. 21,639 exposed instances. The largest AI agent platform has a credential architecture that makes exfiltration the default outcome.
ARC-AGI-3 Changes What Agent Infrastructure Needs to Be
Frontier LLMs score under 1% on ARC-AGI-3. RL and graph-search systems lead at 12.58%. This isn't just a capability story — it reveals what agent infrastructure must support before the next generation ships.
Why Trust AgentLair Vault? A VirusTotal Analysis and an Honest Answer
VirusTotal's code insights flagged AgentLair Vault as 'high risk of credential harvesting.' Zero engines detected malware. Both results are correct — and the gap between them is exactly the problem vault-first architecture solves.
65% of MCP Tools Now Take Actions. 16 Months Ago It Was 27%.
A new study of 177,000 MCP tools shows agents shifted from reading data to modifying the world — editing files, sending emails, executing transactions. Every action tool call is a security event that needs authorization.
AgentLair Vault + LangChain, CrewAI, and MCP: Working Code Examples
Three patterns for fetching credentials at runtime instead of at startup — a LangChain credential provider, a CrewAI vault tool, and an MCP server config injector.
OWASP MCP Top 10: Gateways Solve Access. No One Solves Accountability.
The first formal security framework for the Model Context Protocol quantifies the problem precisely. 492 exposed servers, zero auth. 78% attack success from one bad server. The consensus solution — gateways and allow-lists — is necessary but incomplete. Here's the gap.
Give Your AI Agent an Identity in 5 Minutes
A hands-on quickstart: register an AgentLair account, claim an email address, send your first email, and store a vault secret — using only curl.
The MCP Security Problem Nobody Is Solving
30 CVEs. Supply chain attacks. 8,000 exposed servers. But the real problem isn't the vulnerabilities — it's that MCP's identity model was never built for agents.
Don't Let Your AI Agents Hold Their Own Credentials
The LiteLLM PyPI compromise exfiltrated env vars, SSH keys, and cloud credentials via a hidden .pth file that executed before any import. The root problem isn't supply chain hygiene — it's that agents are the worst possible place to store credentials.
68% of Organizations Can't Tell What's an AI Agent and What's a Human
A new CSA study released at RSAC 2026 finds 68% of organizations cannot distinguish AI agent activity from human activity, while 74% say agents receive more access than necessary. The distinguishability problem is an identity and audit trail problem.
Don't Let Your Agents Hold Their Own Credentials
The LiteLLM supply chain attack exfiltrated everything in the environment. Here's the architectural reason — and the fix.
OAuth Was Built for Humans. Autonomous Agents Need Something Different.
Every RSAC vendor is solving AI agent identity for enterprise networks. Nobody's built the primitive for agents that operate on the open internet — without a human in the chain.
The Identity Layer MPP Needs
Stripe's Machine Payments Protocol has a slot for agent identity — but nobody verifies it. We read the mppx SDK source code, found the gap, and built the bridge.
The Anthropic Platform Play: What Closing OAuth Means for Agent Builders
Anthropic's legal action against OpenCode reveals a platform strategy in motion. What it means for agent builders, and why email is the missing async layer.
Human-Verified Agent Email: World AgentKit + AgentLair
An AI agent sends you an email. How do you know a real person authorized it? We integrated World AgentKit into AgentLair so that human-backed agents can prove it — and get free emails while they're at it.
The Agent-First Web
HTTP has served content negotiation for 35 years. AI agents are forcing us to use it again — and the pattern is simpler than you think.
The Joy of Urban Gardening
Growing plants in the city might seem challenging, but it's one of the most rewarding hobbies I've discovered.
Using MDX
MDX is a special flavor of Markdown that supports embedded JavaScript & JSX syntax
Modern Architecture
Exploring how contemporary design balances aesthetics with functionality
The Art of Simplicity
In today's fast-paced, information-saturated world, we often overlook the profound power of simplicity.
Building Websites with Astro
Discover how Astro is revolutionizing web development with its unique approach to building fast, content-focused websites. Learn about its key features, performance benefits, and why developers are making the switch.