Tag
#security
4 posts tagged “security”.
- 10 min read
Build software that heals itself in the agentic era
In the agentic era, an AI agent can write the fix — but letting one patch production is terrifying unless the architecture makes it safe. Here's a software-design pattern for self-healing systems: never crash, turn every failure into a structured anonymous signature, and let an agent close the loop behind a sandbox and adversarial gates. Our open-source MIME parser is the worked example; the pattern applies far beyond it.
- 8 min read
You can't prompt your way out of prompt injection
Part two. In the last post I admitted I'd opened a security hole: I gave an agent an inbox and told it to follow instructions in emails. Here's the architecture I landed on — ACL-gated by design, so a fully hijacked agent still can't do any damage.
- 2 min read
Why aren't we seeing more agent security discussions?
Agents are writing our codebases and running on our platforms — and the security conversation hasn't caught up. A field note on the vectors that came back, and one I opened on myself.
- 5 min read
Verify your inbound email webhooks (HMAC — and why you must)
An unverified webhook endpoint is an open door: anyone can POST a fake email.received event. Here's how to verify the HMAC signature in Node, Python, and Go — and why the raw body matters.