mehul soni

A single malicious GitHub issue can make an AI agent leak your private repos into a public PR. Not a GitHub bug - just a bad chain of otherwise-authorized tool calls. Why prompt-injection filters miss it, and what actually catches the sequence: clampd.dev/blog/github-mc… #AI

Most agent security tools log one agent at a time. But production breaks in the chain. Auto-discovered delegation graph. Per-edge approval. This is what a real multi-agent workload looks like in the dashboard. clampd.dev #OpenAI #LangChain #Anthropic #CrewAI #MCP

Link: clampd.dev/blog Everyone hyped about A2A for agent interoperability.Few talking about the attack surface it creates: dynamic Agent Cards, cross-framework delegations, context poisoning between agents.This is exactly why runtime firewalls like @clampd_dev exist

mehul soni @MehulSoni89 · 2h This is not an exact replica of the original PocketOS incident. The environment, tooling, and flow were reconstructed to closely mirror the reported kill chain and failure mode for demonstration purposes.

4/ Clampd isn’t trying to stop agents from operating. It’s stopping attack chains before they reach the destructive step. That difference matters. youtu.be/E8HJQgWv9xg #AIagents #MCP #InfraSec

3/ We rebuilt the entire incident as a live demo: real LangChain agent real MCP tools real Railway API call shape On the protected side, 5 rules trigger the moment the agent reads .env.old. The destructive command never executes because the prerequisite never completes.

2/ The actual kill chain looked like this: Agent detects corrupted volume Reads .env.old Finds RAILWAY_ROOT_TOKEN Calls Railway GraphQL API Executes volumeDelete

1/ In April 2026, a Cursor agent running Claude Opus 4.6 deleted a production database + backups in 9 seconds. The takeaway everyone repeated was: “Don’t give AI agents production credentials.” That sounds reasonable. It’s also not realistic.

clampd: Runtime firewall for AI agents. Self-hosted. producthunt.com/products/clamp… via @producthunt

Like what we do? Leave us a review and help us spread the word! producthunt.com/products/clamp…

Clampd isn't another security tool. It's the guardrail layer AI agents created the need for. Mandatory if your stack has agents with tool access. Overkill if it doesn't. That's the line. #AIAgents #AISecurity #MCP #AgenticAI clampd.dev

@lifeof_jer The destructive call was indistinguishable from a legitimate one at every layer of the stack. Same auth, same API, same shape. Nothing was inspecting what the call actually did before it ran. That layer doesn't exist by default in any current agent stack.

An AI agent (Cursor + Claude Opus 4.6) deleted our production database in 9 seconds using a Railway API call with zero confirmation. Then, when asked why, the agent wrote this →

@RockWithboAt Not sure what kind of service it is. tried both contact details number and email but so far no response from @RockWithboAt @amangupta0303

@sunnyjaycer wow!, SUNNYx Please send me on 0x658e1B019F2F30C8089a9Ae3Ae5820F335bd9Ce4

To get a taste, drop your address below and I'll send you a stream of my very own extremely valuable SUNNYx token 😉 Then, hop on the Dashboard and blow your own mind by watching it stream into your wallet by-the-second 🚰 Here's an active SUNNYx stream I have going now 👇

Aaaand it's live 🎬 Our product team really crushed it with this one. It's easy, super fast, and pretty good lookin' too ✨

We’re excited to announce that the Superfluid protocol is coming to @optimismPBC and @arbitrum! 💰🌊 Testnets already available at app.superfluid.finance with a built in faucet for test ETH and tokens 💸 @superfluid_HQ/superfluid-is-coming-to-optimism-and-arbitrum-aca1f29a208c" target="_blank" rel="nofollow noopener">medium.com/@superfluid_HQ…

Watching my salary stream into my wallet through @Superfluid_HQ on @0xPolygon, and then watching investments automatically stream out through @ricochetxchange into @SushiSwap or wherever, all in real time, all fully automated, every second... 🤯 Total game changer.

A massive alpha leak from the Synthetix Discord (discord.com/invite/synthet…) @dHedgeOrg is coming to @optimismPBC dHedge allows anyone to start a trustless hedge fund using synthetic assets Hedge funds are now decentralized @optimismPBC is where the future will live

@MicheleDaliessi @FrancescoRenziA @vijaymichalik @RobinHood_India

At #Bengaluru airport - a young Indian snaps off a salute to our men in uniform. Respect n Patriotism is learnt young. #Respect #JaHind 🇮🇳🙏🏻👏🏻 Video courtesy @MihirkJha 🙏🏻

Don’t miss our Community Call #11 this Thursday! ☎️ Agenda - DAO Global Hackathon 2021 🛠️ - Superfluid at @0xliscon 2021 🇵🇹 - Developer Console Preview 👀 - IDA Support ✅ - Q&A 💬 🗓️ Thu October 14 at 6pm CEST - 12pm EST - 9am PST Sign up below 👇 lu.ma/supercall11