The security industry has spent two years trying to solve prompt injection at the model layer, where the defender cannot win. Prompt injection is not a model problem. It is an authorisation problem, and authorisation problems are solved at the authorisation layer.
Read →
Permission boundaries are not an optional hardening step for agentic systems. They are the foundational primitive that makes agents safe to deploy. This piece defines what a real boundary is, why the naive approaches fail, and how enforcement has to work to be meaningful.
Read →
OAuth was designed for delegated access between deterministic applications. AI agents are not deterministic. This piece breaks down the six specific places where OAuth fails for AI agents and what a proper authorisation layer requires.
Read →
AI agents are being deployed across enterprise systems without the one infrastructure layer they need most: an authorisation layer. This piece defines the pattern, explains why existing approaches fail, and lays out what production-grade AI agent governance actually looks like.
Read →No articles match this filter.
Try selecting All to see everything.
