Agent Systems Are Failing at Trust Boundaries. We Ran 332 Tests to Prove It.

There is a category failure happening in AI agent deployments right now: teams are wiring up tool-calling LLMs, multi-agent delegation chains, and payment protocols, then shipping them to production with no adversarial testing at the trust boundaries. In too many deployments, trust-boundary testing is effectively nonexistent. I spent the last three months building the tests that should exist but don't. This post shares what we found. The Core Problem Agent frameworks solve orchestration. Wire protocols solve interoperability. Neither solves trust. When Agent A delegates a task to Agent B, what validates that Agent B is who it claims to be? When an MCP server exposes a tool, what prevents the tool description from containing instructions that override the agent's behavior? When an agent pays for a service via x402, what stops a receipt replay from authorizing a second transaction? In most current deployments: nothing. What We Tested We built a harness with 332 executable security tests