Skip to content

Building the security layer for AI agent work.

I'm Gustavo Aragón, founder of Oktsec. I build security infrastructure for AI agents operating across code, tools, credentials, packages and infrastructure. My work combines runtime governance and verifiable evidence through Oktsec, open source security through Aguara and nanostack, and hands-on vulnerability research across the agent ecosystem.

The agent ecosystem

250+
findings reported

Security findings reported through major disclosure programs.

Reports to notable vendors and formal disclosure programs (VRP / MSRC), across agent tooling, CLIs and infrastructure. The recurring failure modes from that research feed directly into the controls we build at Oktsec and the detection logic in Aguara.

Reported through programs including

  • Google
  • Microsoft
  • Stripe
  • Cloudflare
  • AWS
  • Mercury

Selected writing

View all
Latest · Agent security · 7 min
The agent identity crisis, four months later

I called the lack of agent identity a security crisis. A2A shipped signed Agent Cards, MCP shipped Enterprise-Managed Authorization, and research delivered task-scoped tokens. A scorecard of what got built and what is still missing.

Read article

What I work on

Agent security
How agents get attacked through their own tools, MCP servers and credentials.
Vulnerability research
Confirmed findings across agent tooling, CLIs and infrastructure.
Open source tooling
Aguara + nanostack, built for the agent ecosystem.

Products & research

View all