Field notes from the audit trail.
Patterns, findings and arguments from 250+ real vulnerabilities found across AI-agent systems, MCP servers and developer tools. Written for the teams building and securing agent systems. The research explains the same problems Oktsec is built to control: tool access, prompt injection, MCP exposure, signed policy and verified evidence.
Prompt injection is an authorization problem.
Every few weeks a new prompt-injection trick makes the rounds, and every few weeks a new filter ships to block it. That arms race is unwinnable. The durable fix is to stop asking what the model read and start enforcing what the agent is allowed to do.
Read the articlePrompt injection is an authorization problem.
Filtering malicious input will keep failing. The durable fix is deciding what an agent is allowed to do before it acts, and verifying what it did after.
What an MCP server actually exposes.
A practical map of the tool surfaces, credentials and trust boundaries behind the Model Context Protocol, drawn from real audits.
Why policy for agents must be signed.
How signed bundles and node-initiated pull keep policy verifiable from authoring to apply, even in air-gapped environments.
The Agent Security Checklist
The same checklist we run on client code, distilled from 250+ real vulnerabilities. Vendor-neutral, no product required.
From reading about agent risk to controlling it.
The control loop in these articles is the product. See it run on your own environments.