AI Agent Security Blog
The Kontext blog covers AI agent security, MCP authorization, runtime credential management, and least-privilege enforcement for teams building with autonomous agents.
Practical writing on AI agents, authorization, MCP, privacy, and production security.
Latest posts
- Agent Intent - No One Knows What It Means, But It's Provocative
Why runtime authorization for AI agents should evaluate action safety instead of trying to verify intent, with layered controls for unsafe tool use.
- Announcing Kontext
Kontext gives your AI agents proper identity, scoped access, and audit trails. So they work in production, not just in demos. One SDK. One line. This starts at kontext.require().
- How to Keep a Secret: Why Personal AI Assistants Like OpenClaw Are a Security Nightmare
A security engineering breakdown of OpenClaw's three critical failure modes: unauthenticated access, credential sprawl, and prompt injection. System model and threat model analysis with practical fixes.
- The 5 Agent Security Failures Your IAM Stack Can't See
Your IAM stack can authenticate people—but it can't authorize what autonomous systems do on their behalf. Five failures that show up the moment your copilot becomes an agent, and what to do about them.
- The API Key is Dead: A Blueprint for Agent Identity in the age of MCP
How to replace static API keys with OAuth 2.0 for MCP agents using scoped tokens, Dynamic Client Registration, delegation, and federation.
- Should You Care About Prompt Injection? (Probably.)
Agents read untrusted content and turn it into actions. Sanitize → detect → enforce at tool boundaries to make that speed survivable.
- Read. Write. Own. Delegate.
The next great leap in the digital age isn't just about ownership—it's about intelligent delegation. Explore how autonomous agents can amplify our capabilities while maintaining our sovereignty.