Andy Berman

@1Password Full details: 1password.com/blog/secure-mc…

Ahead of RSA's 2026 conference next week, we're excited to share exclusive details on our partnership with @1Password. This is the AI security playbook for MCPs & Agents we'll be sharing with attendees. MCP is a critical control point for humans, agents, and the systems they need to reach. It's simply irresponsible to let credentials accumulate there. One breach, and everything's exposed. We worked hard with the 1Password team to create the system that fixes this, and gives your agents secure access. More details below.

@1Password runlayer.com/blog/1password…

We're proud to announce our partnership with @1Password. If you're still using plaintext .env password files, or pasting passwords into your agent's chat window, read on. In 2025, agents acted as extensions of employees. Now, they're fully autonomous. Password and credential access never caught up to this. Until now. Today, 1Password announced Unified Access, a new agent security platform. @Runlayer is proud to be a founding partner with our agent control plane, alongside industry leaders like OpenAI, Anthropic, Cursor, and Vercel. Using Runlayer, you get auditable access to every credential your agent sees. All you have to do is integrate 1Password to securely inject credentials into the agent sessions it manages. No more plaintext .env files. Enterprises now have centralized governance over how AI agents access sensitive tools, resources, and context. Check it out at the link below, and give your agents secure superpowers.

@Mascobot @naval @joerogan

Software was eaten by AI.

@larsencc we solved it by: - rolling out our own LLM gateway - vending per agent session tokens which allow making requests to that gateway - each one has a 0.2 RPS limit and X token budget - expires after agent run failure/success

I actually believe this. But don't follow Perplexity's lead. Perplexity mostly deals with public data, so strict governance isn't as much of a concern. But for any company touching private customer data, internal systems, or regulated workflows, using CLIs without a governance layer is a non-starter. MCP is thriving there.

Yeah. For solo devs, MCP is overkill. You do not need a protocol server for one solo dev calling APIs directly. But MCP is what happens when you hit enterprise scale with enterprise customers. 500 engineers, 40 SaaS tools, and a buyer who won't sign a contract without the right security. CLI with raw API doesn't cut it for them. Someone has to give the AI credentials, scope its access, log what it did, and revoke access when someone leaves. MCP solves this, and enterprises need it

@yenkel 100%. No company wants a bunch of unmonitored CLIs on users' machines without common logging and introspection. This is such a massive security risk with 1 developer, never mind N or N+500. If only something like MCP existed to solve this. Great read.

It might work for a solo developer, but for a company with 500 engineers, deploying N CLI tools across machines is a governance nightmare Enterprises need the structured RBAC and audit logging that MCP provides, rather than the black box of a CLI

100%. No company wants a bunch of unmonitored CLIs on users' machines without common logging and introspection. This is such a massive security risk with 1 developer, never mind N or N+500. If only something like MCP existed to solve this. Great read.

100% agree! Most people you hear saying MCP is dead are probably technical folks who got really good at calling tools through APIs or CLIs. They're going to hit a wall the moment they try to ship products to non-technical clients and ask them to access tools through ChatGPT or Claude... You'll start seeing posts like: MCP is back!

MCPs are the opposite of dead. They are the life blood of how AI agents use services inside mid-sized and above companies. Case in point: Uber runs on MCPs internally, for good reason. Details: newsletter.pragmaticengineer.com/p/how-uber-use…

This is an MCP App This is a native capability of Claude. They could have custom built it into, but decided not to. It proves the MCP Apps architecture is so solid that you can also use it in your own 1st Party UI

@RhysSullivan Harness / client / model being trained on LLM All are solved.

MCP sucking is a harness problem, not an MCP problem MCP unlocks behavior that is fundamentally impossible to get via CLI or APIs Bad auth, too much context usage, all get solved with an execution layer - your agent writes code to progressively discover and call tools

@garrytan That’s a client implementation Gary

MCP sucks honestly It eats too much context window and you have to toggle it on and off and the auth sucks I got sick of Claude in Chrome via MCP and vibe coded a CLI wrapper for Playwright tonight in 30 minutes only for my team to tell me Vercel already did it lmao But it worked 100x better and was like 100LOC as a CLI

An AI agent hacked McKinsey's AI chatbot, and had full system-wide access in under 2 hours. Do you still think you're safe? The scale of this is staggering. 46.5 million chat messages. 728K confidential files, 57K user accounts, and 95 system prompts. All writable. An attacker could poison every answer McKinsey's agent gives to employees. The vulnerability was shockingly simple too; a SQL injection through unauthenticated endpoints. Luckily for McKinsey, this attack wasn't malicious. It was a test from a red-team security startup called CodeWall. It's also a wake-up call for anyone not taking the prompt layer seriously. That layer is the highest-value target for attackers. I'm expecting at least one headline like this a month for the next 12-18 months if enterprises don't start taking the prompt layer seriously. If this worries you, don't panic. Act. Look for a system that detects these attacks at multiple layers. It should: 1. Catch silent prompt rewrites and tool poisoning before they hit your system 2. Lock down every API & MCP connection with authentication and logging (absolutely no open endpoints) 3. Immediately surface any agent trying to probe your system and chain exploits This is specifically how we designed @Runlayer, and I'm confident it would have caught this attack. If you want to see how, I'd be happy to chat.

@liran_tal @Raadmobrem

@Raadmobrem @berman66 What? Where is the role of QA in software if not enitely automated..? Sorry but QA was dead in the water a decade ago already

Nothing gives me more confidence in our roadmap than a Series A competitor with a Head of QA. That's not a hire. That's a white flag with a LinkedIn announcement.