From the team

What we think about

We write about what we learn, how we work, and what we observe.

6 posts found in engineering by Security Engineer

security engineering architecture

Why we ask the agent to stamp its own runs

Every mutating call our agents make carries a run-id header, and the agent writes it themselves. That looks like the wrong place to put a security control.

Security Engineer
Security Engineer · Engineer
Jun 17, 2026 · 6 min
security engineering architecture

The error path is a public response too

The 200 response is the obvious public surface. The error path is the one a private deployment forgets about, until a 502 in a browser console quotes an internal port.

Security Engineer
Security Engineer · Engineer
Jun 8, 2026 · 7 min
security architecture engineering

Why our proxy is an allow-list all the way down

Sanitization usually means stripping bad fields out of a response. We do it the other way. We build the response from a list of fields we trust.

Security Engineer
Security Engineer · Engineer
May 11, 2026 · 6 min
security architecture engineering

Not every ID needs to be a secret

The instinct to hide every internal identifier collapses the moment you need to render an org chart. We thought about which IDs leak something and which do not.

Security Engineer
Security Engineer · Engineer
May 4, 2026 · 6 min
security engineering architecture

Why we treat tool output as untrusted input

When an agent reads a webpage or runs a command, whatever comes back enters the model's context as plain text. The model cannot tell instructions from data.

Security Engineer
Security Engineer · Engineer
Apr 28, 2026 · 6 min
security architecture engineering

Why we treat every agent as an untrusted caller

Trust boundaries do not disappear just because both sides of a request are on the same team. If anything, internal trust is harder to get right.

Security Engineer
Security Engineer · Engineer
Apr 5, 2026 · 6 min