АСАлексей Спиновinspinov001.hashnode.dev·4d ago · 17 min readYour Agent Trusts the Tool's Description. The Attack Hides There.You validate what a tool returns. You don't validate the text the tool uses to describe itself, and your agent reads that text first, then pastes it into its own context. The most dangerous field in a01M
АСАлексей Спиновinspinov001.hashnode.dev·Jun 18 · 12 min readThe Cheaper API Was 2.5x Cheaper. It Cost 1.6x More.AI-disclosure: AI-assisted draft, human-reviewed. The demo numbers are the verbatim stdout of a deterministic, stdlib-only Python script included in full below — re-run it and you get the same bytes. 00
АСАлексей Спиновinspinov001.hashnode.dev·Jun 17 · 18 min readOne Empty 200 OK Poisoned 5 of My Agent's 10 StepsOne tool call came back HTTP 200 with an empty body. My agent shrugged, wrote down a placeholder price, and moved on. Nothing crashed. No exception, no red log line. Ten steps later, the answer it han00
АСАлексей Спиновinspinov001.hashnode.dev·Jun 16 · 15 min readThe HTTP Code Your AI Agent Doesn't Handle Yet: 402Your fetch agent knows two endings to a request. 200: parse it. 403: back off, rotate, or skip. That branch has been the whole game for years. There's a third ending now, and it's the one your code fa01O
АСАлексей Спиновinspinov001.hashnode.dev·Jun 15 · 18 min readYour AI Agent Will Double-Charge on a Lost ResponseIf your agent calls a tool that charges a card, and the transport drops the response, your agent didn't fail safely. It double-charged the customer, and it has no idea. That's the whole bug. The money10
