Post-quantum spend envelopes need proof, not claims
Agent payment buyers should connect envelope scope to x402 receipts without skipping runtime policy checks.
May 4, 20263 min read
Command Palette
Search for a command to run...
#security
Articles tagged with #security
Vercel AI incident response for agent teams
Vercel's April 2026 incident is a warning for agent teams: readable env vars, OAuth grants, and paid tools belong in the same incident response plan.
Apr 27, 20266 min read5NIST CAISI Is Asking the Right Question for Agent Wallets
How delegated identity, session-scoped spend limits, and audit trails map to agentwallet-sdk
Apr 15, 20263 min readAgent Tooling Supply Chain Security: OWASP Agentic Top 10 and the pentagi Threat Model
Trivy got compromised. Autonomous pentest agents are trending. The OWASP Agentic Top 10 warned us.
Mar 22, 20267 min readAgent Tooling Supply Chain Security: What the Trivy Compromise Teaches Us
The aquasecurity/trivy ecosystem got hit this week. Supply chain compromise - a tool that 50,000+ organizations rely on for vulnerability scanning had its own supply chain briefly weaponized. The irony isn't lost on anyone. 65 points on Hacker News, ...
Mar 22, 20264 min readBeyond SOC2: Why AI Agents Need On-Chain Audit Trails
The Delve scandal proved SOC2 can be faked. AI agents handling money and data need audit trails that can't be fabricated. Here's what that looks like.
Mar 21, 20265 min read