[Blog]
Securing the agent era
Notes on securing the agent era: AI governance, MCP security, shadow AI, and the controls that keep teams fast and safe.
MCP Security Best Practices: 6 Attack Vectors Every Team Should Know
The MCP specification defines six critical attack vectors, from confused deputy exploits to session hijacking. Here's how each one works and what to do about it.
How to Build a Secure AI Agent: A Practical Guide for Startups
AI agents are shipping fast, but most teams underestimate the security implications. This guide covers the real threats, from prompt injection to output exfiltration, and gives you actionable patterns to build agents that fail safely.
ShadowPrompt: How a Zero-Click Vulnerability in Claude's Chrome Extension Could Hijack Your Browser
A zero-click vulnerability in Anthropic's Claude Chrome extension allowed any website to silently inject prompts and steal sensitive data. Here's what happened, how it worked, and what it means for your AI tool governance.
We Built a Customer-Facing MCP Server. Here's What the Spec Didn't Prepare Us For.
Building a customer-facing MCP server? Here's what the spec misses: OAuth IdP gaps, client divergence, multi-tenant auth, and supply chain risk.
AI Coding Assistants Are Now a Security Risk: What SOC 2 and ISO 27001 Companies Need to Know
From malicious extensions exfiltrating code to prompt injection attacks enabling remote execution, AI coding tools introduce new risks that most compliance frameworks don't explicitly address. Here's what CTOs and CISOs need to implement now.
ISO 42001: Do You Need It If You Only Use AI APIs?
Do you need ISO 42001 if you only use AI APIs? Learn the key differences between AI developers and AI consumers for compliance.
[Get started]
See every AI in your company. Then take command.
Discover every model, agent, and MCP server your team uses, then switch on the controls that matter.
Book a demo