g

This is why I built assury.ai 15 min install get your agents governed

@ZackKorman This is why I built assury.ai it happened to me last year

Now imagine the damage a threat actor can do by prompt injecting your AI agent.

@ZackKorman Hey Zack I like this approach. I built assury.ai and have some experimentation on the detection side. I would love to chat about this. Assury is execution layer governance not detection but we have some really interesting telemetry.

New video on AI agent threat detection. What works, what doesn't, and why no approach is perfect. I also go into detail on how I do things. I spent way too much time making this, so please watch.

@ZackKorman Agreed

This new AIUC-1 "AI agent compliance standard" is a massive grift. Everyone involved is taking something for themselves. The "losers" here are the companies that might rely on this thinking it means something and the startups that will have to pay to get audited.

MoCoP is the first production platform built specifically for AI agent runtime governance at the execution boundary. ✓ Intercepts tool calls before execution ✓ Session-level cumulative risk scoring ✓ OPA/Rego deterministic policy — no LLM in the governance path ✓ Credential starvation — agents never hold tool credentials directly One deployment. No SDK.

Model governance ≠ action governance. Model gateway: which models, cost controls, rate limits. Assury Enforce: which tools, under what conditions, with what session context. Different boundary. Different problem.

API gateway adoption is accelerating in AI teams. So is the false sense of security it creates. New post on the architectural gap nobody's drawn yet: assury.ai/blog/why-api-g…

Your input filter passed. Your output filter passed. Your tool call wasn't filtered. That's not a prompt security failure. That's a category error.

Post-inference is the new attack surface. Most stacks have zero coverage there. The LLM decides what to do. The tool call is where it actually happens.

@natalie_avfieb Yep that was my thesis when building assury.ai

@honeybadgerhack Post-inference is exactly the blind spot. When an agent acts on an MCP tool response, it's treating external content as trusted execution commands. If that layer goes unmonitored, prompt injection flows straight to the tool.

Lakera, LLM Guard, Prompt Security: they stop bad inputs. They miss everything after. Post-inference is ungoverned. That's where agents do real damage. Free dev tier → assury.ai #MCP #AIAgentSecurity

@elonmusk Not with Assuy.ai governance at the execution-path

Giving people agentic AI be like …

Okta, Entra, CyberArk -- great at who. Silent on what. Authentication ends at the door. Governance starts inside. assury.ai

A new arXiv spec defines what AI agent runtime governance must include. We contributed to it. MoCoP is the reference implementation. arxiv.org/abs/2602.09433

One endpoint. 15 minutes. No SDK. Full AI agent governance. No rewrite. No framework dependency. No months of integration. That's Assury MoCoP.

Three billion-dollar security categories. Zero of them govern what AI agents actually do. New post on why identity, prompt security, and API gateways all miss the same layer: assury.ai/blog/ai-securi…

The 5-layer AI stack: L5: Identity ✓ L4: Prompt security ✓ L3: Model routing ✓ L2: Tool & action governance ✗ L1: Autonomy governance ✗ Two layers. Zero coverage. That's the problem. Assury MoCop solved