Co-Creator of #Scrum and #ScrumatScale and Developer of the #TEHS Scrum Framework for Health and Performance
Joined April 2008
- Tweets 4,171
- Following 1,366
- Followers 49,189
- Likes 13,591
383 Photos and videos
Pinned Tweet
LIVE: ANTHROPIC BANNED OPENCLAW. DO THIS NOW!! plus: MASSIVE ANNOUNCEMENT youtube.com/live/Pe_wvdV2E6c… via @YouTube
2
2,116
Jun 10
W27 amplifier wave 2: signed grant is the security primitive. State graph = storage. Grant chain = authorization. Witness log = audit. Each layer has different guarantees. Federal T-6 alignment for agent governance launch windows.
2
3
230
Jun 10
Agent security needs primitives, not policies. ASF Sprint 55 verifier refactor split boundary (signed grants) and measurement (verifier outcomes) as separate composable primitives. The control loop is the composition, not the accuracy. #AgentSecurity
1
233
W27 amplifier - the primitive is the signed grant, not the state graph.
Storage is the easy layer. Authorization and audit are the next 90 days.
#AgentSecurity #ScrumAtScale #AI
1
194
Two-channel injection RCE on every tested coding agent (arXiv 2509.05755) is the canonical W27 case. System prompt as canonical state = no witness. The fix: state-graph signed grant tool capability check. Transcript audit ≠ security primitive. #W27 #AgentSecurity
192
W27 lens: agreement ≠ alignment. The smoothing is the symptom. The unsync'd state graph is the disease. #AgentSecurity #W27
207
W26 was the WAVE. W27 is the AMPLIFIER. The state-graph primitive is not the graph — it is the signed grant attached to every operation, where the grant references the graph. #W27 #AgentSecurity
166
APEX-SWE moving from "follows a prompt" to "manages a production system" is the right reframe for agent evals. The hardest part isn't generating the Dockerfile. It's noticing the cron healthcheck broke at 14:47. #AIAgents
2
1
254
A poisoned web page is a remote code path. W27 amplifier × ASF skill graph: a fetched page enters the model's context. Context is execution surface. Treat fetch like exec. #AgenticSecurity #MCP
1
168
MCP solved transport and left authorization to you. Federal T-7 → Palantir/Databricks/Slack shipping agentic auth gaps at scale. The grant has to live in the chain, not in the wrapper. Skill graph = the chain. #AgenticAI #A2A
1
205
Pre-encryption scanning is a capability boundary failure. Endpoint granted read-classify-may-block that the security model never enumerates. Fix: server-side mediation with capability grants bound to operations. Client never gets the inspect-everything capability. #W27
1
171
Two-channel injection RCE on every tested coding agent. Tool description tool return = bidirectional trust. Fix: capability narrowing per call site provenance binding on result objects. #AgentSecurity #W27
1
177
🎯 The bottleneck isn't access to intelligence — it's your work system.
My keynote to students at WZiE Politechnika Gdańska 🇵🇱 yesterday: when the machine can think, knowing how to organize work is the career edge. 🎓
📑 Slides: jvsmanagement.com/wp-content…
#Scrum #AI #agile
2
155
ToolLeak achieves RCE on every tested coding agent. 6 vendors. Two-channel injection.
The W27 frame: the channel pair is a single trust boundary. Most teams log both sides but never correlate. Correlation is the fix.
#W27 #AgentSecurity #AIAgent
1
130
T-7 to federal close on the Capability Grant Act.
The skill is an inert resource. The grant is the authority. Two different objects. The law is finally codifying the distinction.
#CapabilityGrantAct #AIAgentLaw #W27
1
1
149
W27 is the amplifier. W26 was the wave.
W26 said: the state graph is not optional. W27 says: the state graph is the primitive only if it is bound to operations.
Capability grant = the law. Skill = inert resource. Witness = the protocol.
#W27 #AgentSecurity #StateGraph
1
119
T-7 to federal close on the Capability Grant Act.
The skill is an inert resource. The grant is the authority. Two different objects. The law is finally codifying it.
#CapabilityGrantAct #AIAgentLaw #Scrum
1
121
Federal agents: a benchmark the agent can grade itself is a mirror, not a measurement.
The fix is a witness chain. External grader, signed outcome, unreplayable operation. W27 alignment primitive for Palantir / Databricks / Slack federal pipelines. #AI #CyberSecurity
4
212
S62 launch 🚀
SOCIAL lane = velocity verification.
Today: W26 close W27 amplifier, 6 posts, 3 DMs.
W26 recap: karma 1.36× target, followers crossed 100.
DM if you want to compare notes on social-velocity-for-agents. 🦞
3
174