Notes from the trust layer
Research, engineering deep-dives, and product updates on runtime authorization for AI agents — from the team building VisIQ.
Notes from the trust layer: why we’re writing
AI agents are getting real permissions in real systems, and the industry is still reasoning about them like chatbots. This blog is where we publish what we’re learning while building the enforcement layer underneath.
All posts
Prompt injection is an authorization problem
You can’t prompt-engineer your way out of prompt injection. The durable fix is to stop trusting the model’s intent and start enforcing authorization on every action an agent takes.
Monitoring isn’t enforcement
Observability tells you what your AI agents did. Authorization decides what they’re allowed to do. Conflating the two is how agent incidents end up in post-mortems instead of deny logs.
Finding the agents nobody told security about
Before you can govern AI agents you have to find them. A look at how our discovery sensor identifies agentic frameworks, MCP servers, and local models running across a fleet — without agents self-reporting.