__Endo__

Every npm package you install gets full access to your entire machine. That's not a bug. It's the architecture. The axios attack just proved it again. This is precisely the sort of attack Endo and LavaMoat exist to make structurally impossible. Read our full breakdown and protect your project. endojs.org/the-axios-atta…

@dckc @touseefliaqat @karpathy @ryancarson @agoric Yep. It's critical infra to enable safe composition. @__Endojs__ to follow the JS hardening in general. @agoric for blockchain that uses it. @Ymaxapp for cross-chain stablecoin yield automation powered by it.

Thats exactly right, @DeanTribble 'Structured, fine-grained access' is the game. That's what object-capability security affords: Agents can only touch what has been explicitly handed. No ambient authority no inherited keys no hoping your ACLs hold up. @agoric proved this model works for smart contracts handling real money. Now we're bringing it to AI agents with Endo.

AI needs real guardrails, where they can only interact with APIs that give structured, fine-grained access. Smart contracts! "AI agents aren’t dangerous because they’re smart. They’re dangerous because we keep handing them the keys and pretending it’s fine." linkedin.com/feed/update/ur…

i have this feeling that the conversation is going to shift very quickly from 'can i make these agents smarter?' --> 'i won't use these agents if they aren't safe' there are things bubbling under the surface and we are seeing it in places like what @near_intents is working on, @AskVenice with a privacy infrastructure intermediating querying llms crypto and ai are going to converge in ways i don't think we can see or understand right now

const authority = grant(capability); E(X).hello() #OCaps #AIAgents