Writing
Field notes on AI agent security, product judgment and the new operating surface inside companies. Long-form, technical, occasionally opinionated.
- All
- Agent security
- MCP
- Supply chain
- Research
The research log
Latest · Agent security · 7 min
The agent identity crisis, four months later
I called the lack of agent identity a security crisis. A2A shipped signed Agent Cards, MCP shipped Enterprise-Managed Authorization, and research delivered task-scoped tokens. A scorecard of what got built and what is still missing.
Read article
- 2026 · 07Community · 3 minJoining the first cohort of Agentic AI Foundation ambassadorsThe Agentic AI Foundation, a Linux Foundation initiative, put MCP under open governance and opened its first ambassador program. What that means for agent infrastructure and security.
- 2026 · 07Opinion · 3 minWorking with AI agents doesn't remove the mental load, it transforms itThe real challenge of working with AI isn't the model of the week, it's how we manage our energy and time in a reality that never rests. How I'm organizing work in loops of intensity and rest.
- 2026 · 07Opinion · 6 minNo AI sovereignty without infrastructure sovereigntyFrom 'Atoms for Peace' to frontier-model export controls: why AI sovereignty is decided in the infrastructure, not in model access.
- 2026 · 07MCP · 7 minMCP is quietly growing an identity layerEveryone quotes MCP's adoption numbers. The better story is in the changelog: the protocol is moving trust from the connection to the request, just in time to go stateless.
- 2026 · 07MCP · 5 minSkills over MCP: who checks the manual?SEP-2640 proposes shipping skills with MCP servers, the manual with the product. The mechanics are right. The trust question is where the interesting work starts.
- 2026 · 05MCP · 6 minMCP as a supply chain: trust boundaries in agent toolingEvery server an agent calls is an implicit trust decision. Here's how to make it explicit, and the blind spots most teams miss.
- 2026 · 04Agent security · 6 minAgentPay: what we built at the Anthropic × Kaszek hackathonTeam Octopus won the Anthropic × Kaszek × Digital House hackathon with AgentPay, a prototype that puts deterministic security checks in front of the payments an AI agent tries to execute.
- 2026 · 04Policy · 5 minPolicy before agent execution: what security has to controlStatic scanning stops at deploy. What it takes to constrain agent behavior in production, as agents start operating across real systems.
- 2026 · 03Opinion · 4 minSecurity is a product decision, not a checklistThe most consequential call a technical founder makes is what not to ship. Why agent security can't wait until after the incident.
- 2026 · 02Agent security · 9 minAI agents don't have identities, and that's a security crisisWe deploy autonomous systems that read files, call APIs and execute code, yet we can't answer the most basic question: who is this agent? The AI-agent identity gap, and the five layers it takes to close it.
- 2026 · 02Research · 7 minWhat public agent tooling reveals about ecosystem trustFindings from monitoring the AI agent ecosystem across the major registries: permissions, provenance, and drift.