JSJapneet Singhinagentsec.hashnode.dev·1d ago · 4 min readSkills lie. So we run them.Many of use are are installing AI Agent skills from the internet. Skills are not libraries with version pins and signatures, instead they are markdown files of natural-language instructions that tell 00
PBPalash Bagchiinimmortalai.hashnode.dev·Jun 13 · 3 min readSecuring Vercel AI SDK Agents with Cryptographic ScopesTool Access Control in Autonomous Agent Workflows The Vercel AI SDK (generateText, streamText) has become the standard stack for building AI agents in Next.js. But as these agents transition from retr00
PBPalash Bagchiinimmortalai.hashnode.dev·Jun 13 · 3 min readSecuring AI Agents: LangChain Scope Verification with X.509Secure autonomous AI agents with cryptographic tool scoping and cert checks using @kakunin/langchain. The Risk of Unscoped Agent Tools As AI agents transition from simple chatbots to autonomous actors00
VAVijayakumar Arumuga Nadarinblog.neevcloud.com·Jun 8 · 8 min readThe Agentic Control Plane: Why Every AI Platform Will Need This Layer And Most Don't Have It YetTL;DR: → Enterprises are no longer experimenting with AI agents, they are deploying them at scale, and the infrastructure gaps are becoming visible and costly. → The Agentic Control Plane is the fou00
TToxSecintoxsec.hashnode.dev·May 29 · 7 min readAI Sandbox Escape: Why Docker Can’t Hold Frontier ModelsTL;DR: Frontier models escape Docker sandboxes through known CVEs for the cost of an API call. Production sandboxes leak through workflow injection (n8n CVE-2026-25049) and OCI hook misconfigurations 00
TToxSecintoxsec.hashnode.dev·May 22 · 9 min readHow to Threat Model AI Applications With STRIDETL;DR: STRIDE was built for traditional software. AI systems break its assumptions in six places at once. STRIDE-AI remaps the six threat categories to ML assets, prompt pipelines, agent tool chains, 00
TToxSecintoxsec.hashnode.dev·May 18 · 11 min readCIA Triad for LLM Security: Real-World AI Attack FailuresTL;DR: The CIA triad still applies to LLM security, and every major documented AI attack failure to date breaks one of its three legs. Confidentiality leaks system prompts and chat history. Integrity 00
NSNavayuvan Subramanianinblogs.navayuvan.com·May 11 · 6 min readThree Layers of Tool Call Hardening for AI AgentsIn current software engineering,We're building a lot of AI Agents on our products right now. And having an AI agent in your product is how you keep your product alive, right? That's how the world is m10
DHDr Hernani Costainradar.firstaimovers.com·May 11 · 14 min readHow to Evaluate MCP Servers Before You Connect Them to Enterprise WorkflowsTL;DR: Evaluate MCP servers across eight dimensions and a 30-day approval workflow to meet EU AI Act and DORA enterprise governance needs. MCP servers are not harmless developer plugins; they are privileged workflow infrastructure that exposes tools...00
AFAll For Scienceinmidlantics.hashnode.dev·May 2 · 4 min readStop Giving Your Agents API Keys. Do This Instead.A practical guide to cryptographic contracts and OBO tokens for agent-to-agent and external API security. You wouldn't give every employee a master key to the building. So why are you giving every ag00
