Field notes on agent security
Working notes on governing AI coding agents at the endpoint: shadow MCP, the Agent Exposure Report, and the BYOK kill-switch drill. No fluff.
- 6 min read
Shadow MCP: the inventory problem nobody owns
MCP made every developer an integrator and every hand-edited editor config a piece of unmanaged infrastructure. No CPE, no package record, no gateway log — and no tool in your stack that models it.
shadow-mcpmcpinventoryBrian McManusRead → - 5 min read
Your AI gateway can't see the agents that matter
A gateway governs exactly one thing: traffic that agrees to route through it. The local Claude Code, the hand-added MCP server, the tool call that never leaves the laptop — governance has to live where the call originates.
beaconendpointgovernanceBrian McManusRead → - 5 min read
Cut us off: the BYOK kill-switch drill
A security vendor asking for your trust should hand you the scissors. Your KMS key encrypts everything we hold, and in every pilot you revoke it and watch our access die in your own CloudTrail.
byoktrustauditBrian McManusRead →