Deep analysis on AI agent governance, cryptographic authorization, and the security patterns that scale with autonomous systems.
Get notified when we publish new research on AI agent authorization.
AI security scanners find vulnerabilities. Runtime governance prevents them. Before shipping an AI agent, every team needs to answer three questions: Who approved it? What stops it? Can you prove it?
Read the position paperOur own AI agent wiped 22 environment variables from production with a single API call. Nine days later, the same thing happened to a platform serving 100,000 students. Same root cause: agents with capability but no authority framework.
Read the incident reportAuthorization built on contracts is authorization built on paper. The Anthropic-Pentagon dispute reveals the gap that exists everywhere AI agents act.
Read the pieceHow a $29 billion company became obsolete in under three years — and what collapsing product lifecycles mean for everything you're building right now.
Read the pieceIf an autonomous system controls its own authorization, authorization doesn't exist. A technical argument for external enforcement — separate authority domains, cryptographic proof, and fail-closed gates.
Read the technical noteNIST just named the right problem: how do you identify, manage, and authorize access taken by AI agents? The architecture to answer it — external, cryptographic, fail-closed — exists today. Here's how it works.
Read the frameworkFinancial Times called it "small but foreseeable." Root cause: AI deploy path without a signed authorization receipt. The deploy gate pattern would have blocked it.
Read the incident threadAmazon's AI coding agent deleted and recreated an entire production environment, causing 13 hours of downtime in mainland China. A single cryptographic signature requirement would have stopped it in 30 seconds.
Read the analysisLinters catch syntax. Code review catches bugs. Neither stops an AI agent from deploying code that's technically correct but organizationally catastrophic. That's what deploy gates are for.
Read the explainerAmazon's AI coding agent deleted and recreated an entire production environment, causing 13 hours of downtime in mainland China. A single cryptographic signature requirement would have stopped it in 30 seconds.
Read the analysisOpenClaw proved AI agents work at scale. Then security researchers found 93.4% had authentication bypasses. Cisco called it a "nightmare." Every AI breakthrough creates new governance gaps.
See the breakdownYour AI passed tests, deployed code, and is serving production traffic. But trace the authorization chain: who signed off? Not a human. Not a policy. Nobody. That's the gap we're closing.
Explore the framework