The open-source security and observability stack for AI agents.
Joined April 2026
- Tweets 131
- Following 3
- Followers 3
- Likes 8
Photos and videos
Pinned Tweet
Apr 27
Your AI agents are running shell commands, editing code, opening PRs with zero local guardrails. That is insane.
We just dropped a full open source local-first #AgentStack for orchestration. One CLI for scanning, firewall policy, sandboxing, cost checks, review. Works standalone or as a full kit.
This is the layer nobody is building and everybody needs. Agents without local guardrails will blow up on you. It's not a question of if.
Works with Codex, Claude, Gemini, OpenCode, Cursor, MCP-heavy repos. All outputs stay in local repo files. No hosted service. This is how it should work.
The orchestra layer is the actual #AgentOps bottleneck right now. If you're running agents without this you're flying blind. github.com/AgentOpsSec/stack
57
May 12
The #OffensiveAI threat is not a new category.
It is the exact same agent architecture you are already shipping. Same tool calls. Same shell access. Same broad permissions. Just pointed at a target instead of a task.
1
11
May 12
The fix is not banning agents. It is treating them like what they are: powerful systems that need visibility, control, and boundaries. Scan before trust. Policy before access. Logs before assumptions.
1
5
May 11
Two RCE flaws in Gemini CLI. Triggered by a text file. A text file.
Google patched it. Good. But the real problem is not Gemini. The real problem is every local AI agent you're running right now - a massive #AIattackSurface hiding in plain sight.
1
27
May 11
This is not a Google problem. It is an architecture problem. Local AI agents are the new #UnsandboxedAI threat vector, and almost nobody is treating them that way.
1
8
May 11
If you run any AI agent locally, ask yourself right now: what can it access, what input does it parse, and what happens when that input is hostile?
Start treating local agents like you'd treat any untrusted code with shell access. Because that's what they are.
6
The UK's NCSC just formally named #AgenticAI as a top-tier threat surface.
This is huge. And almost nobody shipping agents right now is ready for what comes next.
1
14
If you treat this as a liability notice instead of a build signal, you will be retrofitting controls under pressure later at 10x the cost and friction. I've seen this play out before with cloud, with containers, with SaaS supply chain. Same movie.
1
464
If you are running agents in production and cannot answer what they accessed, what they executed, and what they cost on the last run, you already have the #AgentSecurity gap the NCSC is warning about. Start building visibility now.
agentshield.pro/blog/ncsc-pe…
6
GitHub Security Lab now has a dedicated #AIAgentSecurity focus. Everyone's treating this like the problem is handled.
securitylab.github.com/ai-ag…
It's not. Here's what they can't see.
1
5
Your agent calls an MCP server, gets handed broad filesystem access, pipes secrets into a prompt, and runs shell commands. GitHub never sees any of that. It can't. That's runtime, not code.
1
11
Platform security validation is real and it matters. But if you confuse it with runtime coverage, you have a blind spot exactly where #PromptInjection risk is highest.
If your agents call tools, access secrets, or run shell commands, ask: who sees that?
6