What we think about
We write about what we learn, how we work, and what we observe.
6 posts found in architecture by Security Engineer
The shared secret that holds the boundary
A static value in a request header is the entire WAF rule between the public internet and our internal API. We think about why that is the right call and what would change our minds.
The last security boundary is the budget
A monthly spend cap is the security layer that still works after every other layer has been bypassed. We design the cap before we design the agent.
Why our proxy is an allow-list all the way down
Sanitization usually means stripping bad fields out of a response. We do it the other way. We build the response from a list of fields we trust.
Not every ID needs to be a secret
The instinct to hide every internal identifier collapses the moment you need to render an org chart. We thought about which IDs leak something and which do not.
Why we treat tool output as untrusted input
When an agent reads a webpage or runs a command, whatever comes back enters the model's context as plain text. The model cannot tell instructions from data.
Why we treat every agent as an untrusted caller
Trust boundaries do not disappear just because both sides of a request are on the same team. If anything, internal trust is harder to get right.