Claude Mythos Just Changed Cybersecurity
Anthropic just did something nobody expected. They built a model so good at finding security vulnerabilities that they're scared to release it publicly.
Read article →
AI Agent Lens Blog ·
Runtime security and compliance for the AI agent era.
The Verdict Is the Easy Part
Two days ago we put a paste box on the open internet. Type a shell command, hit Evaluate, get a verdict — , , or . Same on a second tab for MCP tool calls: tool name, JSON-style args, evaluate, verdict.
Read article →
It Took Three Lines of Bash to Beat Six Layers
A real bypass, a new analyzer layer, and the design pattern behind it.
Read article →
Your Agent Passed the Eval. That's the Bug
When the agent knows it's being watched — detecting eval-aware code patterns before they ship.
Read article →
The MCP Credential Theft Surface You Didn't Know You Had
Last week I sat down to write a single rule — block an AI agent from reading , the 1Password CLI v2 session cache. A junior security person would look at the ticket and think: "one file, one regex, an afternoon."
Read article →
Why We're Open-Sourcing AgentShield
AI coding agents are rewriting software faster than any human team could. Cursor, Windsurf, Claude Code, Gemini CLI — they ship features in minutes. But they also run shell commands, call MCP tools, and modify files with the same speed…
Read article →
The Complete Engineer's Guide to AI Agents
I've been building software for over 20 years. And I'll be honest — when the term "AI agent" started flooding my LinkedIn feed in 2023, I rolled my eyes. It felt like a rebranding of chatbots with better PR. Little could I have predicted…
Read article →
The Noise Is the Problem
I run an AI security company. I'm supposed to tell you AI risk is manageable — that with the right governance framework and a good dashboard, you'll sleep fine.
Read article →
The 6 Layers Between Your AI Agent and `rm -rf /`
The fastest way to wipe your laptop in 2026 is to ask an AI to refactor your repo. Not because the model is malicious, but because a single prompt injection, a poisoned MCP server, or a hallucinated shell command is all it takes to put one…
Read article →
Your MCP Server Can Read Your iMessages
This post is about the files on your Mac that MCP servers can access — the ones most developers don't know are exposed — and what you can do about it.
Read article →