Guides, Tutorials, and Comparisons
Tutorials, comparisons, and guides on AI agent security, MCP, authorization, and agentic systems.
Deep dives into AI agent security, MCP, authorization patterns, and the tools that power modern agentic systems.
Latest posts
- Authentication vs Authorization: What's the Difference?
Authentication verifies identity. Authorization decides what that identity can do. For AI agents, both controls must happen at runtime, not only at login.
- Top 10 AI Attack Path Defenses for 2026
A practical 2026 guide to defending AI agent attack paths with runtime authorization, scoped credentials, prompt-injection isolation, tool controls, audit logs, and automated response.
- AI Agent Tool Permissions: What Is a Tool Invocation Privilege Boundary?
A tool invocation privilege boundary controls which tools an AI agent can call, which actions it can take, and which scoped credentials it can receive at runtime.
- What Is Excessive Agency Vulnerability
Excessive agency vulnerability is the risk that an AI agent has more tools, permissions, or autonomy than its current task requires, creating avoidable blast radius.
- The 10 Best AI Cybersecurity Tools In 2026
A practical comparison of AI cybersecurity tools in 2026, separating agent runtime authorization, AI app security, model security, cloud security, XDR, and NDR.
- Securing LLM Tool Use With Runtime Policies
How runtime policies secure LLM tool use by checking agent identity, intent, tool, resource, parameters, and risk before each action executes.
- NIST AI RMF Runtime Authorization
How runtime authorization helps implement the NIST AI Risk Management Framework for AI agents through Govern, Map, Measure, and Manage evidence.
- What Is AI Agent Runtime Authorization?
AI agent runtime authorization is the real-time policy layer that decides whether an agent should be allowed to use a tool, API, credential, or dataset for the current user, intent, session, and risk context.
- I Built a Credential Broker for AI Coding Agents in Go
AI agents need credentials to call APIs on your behalf. Kontext brokers short-lived, scoped tokens so secrets never touch disk and every action is auditable.
- Stop losing your research in chat logs ðŸ§
I got tired of doing unpaid archaeology on my own work every week, so I built a local-first wiki that actually remembers. Here's oamc.
- Our Response to the NIST Call for Comment on Agent Identity and Authorization
We submitted comments to NIST NCCoE urging runtime, intent-aware authorization for agentic systems. This post publishes the response in full.