Building what NIST is asking for: an AI agent security proxy

NIST just closed a public RFI on AI agent security. The question they were asking, in five different ways: how do you constrain what an AI agent can do, and how do you prove it was constrained? We built something that answers both. Not because we read the RFI — we built it because we ran into the problem first. Reading the RFI afterward was like seeing someone formally describe a thing you've been fixing with duct tape. The problem frameworks don't solve Most security frameworks for AI agents focus on what the agent should do: don't call dangerous APIs, don't exfiltrate data, follow least-privilege principles. Good policies. But policies are enforced at configuration time, and AI agents operate at runtime. The gap between "the policy says X" and "the agent did X" is where incidents happen. The deeper issue: in heterogeneous pipelines, each provider certifies only their own model. AWS certifies Bedrock. OpenAI certifies GPT-4o. Your self-hosted Mistral is self-attested at best. The hand

Building what NIST is asking for: an AI agent security proxy

Related Articles

The Hidden Magic (and Monsters) of Go Strings: Zero-Copy Slicing & Builder Secrets

Why Watching Tutorials Won’t Make You a Good Programmer

The Code That Makes Rockets Fly

Spotify tests letting users directly customize their Taste Profile

How to Add Face Search to Your App

Related Articles

How-To
The Hidden Magic (and Monsters) of Go Strings: Zero-Copy Slicing & Builder Secrets
Medium Programming • 45m ago

How-To
Why Watching Tutorials Won’t Make You a Good Programmer
Medium Programming • 3h ago

How-To
The Code That Makes Rockets Fly
Medium Programming • 4h ago

How-To
Spotify tests letting users directly customize their Taste Profile
The Verge • 5h ago

How-To
How to Add Face Search to Your App
Dev.to Tutorial • 5h ago