Blog
Securing Agentic AI, Explained
Practical guides on zero-trust security, post-quantum cryptography, governance, and getting autonomous agents into production.
Latest PostFriendly Fire is an authorization problem, not a smarter-model problem
AI Now Institute's 'Friendly Fire' proof-of-concept got Claude Code and Codex to execute a hidden payload during a routine security review, using nothing but a poisoned README. Waiting for a smarter model is the wrong fix.
Read the postAnthropic now verifies you, but does anyone verify your agent?
Anthropic's new ID and biometric verification requirement checks the human at the keyboard. It does nothing for the AI agent acting on that human's behalf, and that's the identity gap regulated companies should be worrying about.
Never Run an Agent Outside Your Own Control
GitLost, a new prompt-injection flaw in GitHub Agentic Workflows, is a preview of what happens when you put the non-deterministic part of your automation outside your control boundary. Keep the reasoning in-house and let only deterministic API calls cross the line.
JadePuffer got in fast, but it shouldn't have been able to get anywhere.
Sysdig's report on the first fully autonomous ransomware attack is being read as a story about AI speed and creativity. The real story is what standing access let the agent reach once it was in.
MCP tool poisoning is an authenticity problem, not a prompt injection problem
Microsoft's research on poisoned MCP tool descriptions shows why filtering-based agent security keeps failing - and why cryptographically verifying tools, not classifying text, is the real fix.
What is zero-trust security for AI agents?
Zero-trust security for AI agents means no agent action is trusted by default - every tool call, data access, and message is cryptographically verified at runtime. Here's how it works and why it matters.
Why post-quantum cryptography matters for AI agents now
Post-quantum cryptography (PQC) protects AI agent data against 'harvest now, decrypt later' attacks. Here's why regulated enterprises should encrypt the agent data layer with PQC today, not after quantum computers arrive.
See NuDay in action
Deploy autonomous agents that are compliant, observable, and provably safe.