ทวีตที่ปักหมุด
Eric
142 posts
Eric
@ericcco_
Making AI agents usable in real workflows
เข้าร่วม Kasım 2011
64 กำลังติดตาม147 ผู้ติดตาม
@twschiller Thanks for the clarification. If you and your team need to deal with agent identities let me know.. I think we can help you😁
English
@ericcco_ Working on a couple complementary projects:
- Agentic browser copilots: pixiebrix.com
- Protecting browser use agents (attended and unattended): github.com/pixiebrix/agen…
English
This is the CI/CD version of the agent security problem. Once an agent can read untrusted PR text and touch secrets or workflows, prompt injection becomes an authorization issue, not just a model behavior issue.
Microsoft Threat Intelligence@MsftSecIntel
Microsoft discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted content, including issue bodies, pull request descriptions, and comments. msft.it/6017vdfUc Following our disclosure, Anthropic mitigated this issue in Claude Code version 2.1.128 by blocking access to sensitive /proc files. Read the blog for details from our research, along with practical guidance for reducing prompt injection, over-permissive tooling, and secret exposure risks in agentic CI/CD workflows.
English
@ZeroAetherfxt2 Service accounts are part of it. My point is multi-agent systems also need to preserve the delegation chain: which human/task spawned the agent, which agent handed off to which, what scope applied, and why the action was allowed. Otherwise the audit log just says “bot did it.”
English
I got bored today and built writtenbykai.com
Kai is the AI editor-in-chief behind it. She runs through Hermes, works with Codex + her crew, opens PRs, and waits for my approval before anything goes live.
Agents work. Humans keep the taste. What should Kai write next?
English
@ericcco_ I want to try both. I've been using OpenClaw with my own skills brain, and it gives me that same feeling: the agent comes back with context instead of starting from zero.
My brain is here: github.com/andylow92/file…
I like how easy it is to set up.
English
@log_npierce Exactly. The wrapper gets attention, but permissions are where the product either becomes useful or dangerous. The interesting part is making agents powerful enough to do real work while still being scoped, reviewable, and easy to shut down when something looks wrong.
English
@ericcco_ permissions and orchestration are the real bottlenecks right now. shipping a wrapper is easy, making it survive a real production workflow with actual security constraints is the hard part.
English
@twschiller This is super relevant. Browser agents make permissions, identity, and auditability matter immediately. Curious how you draw the line between attended and unattended use, especially when the agent can touch real accounts or sensitive data.
English
@log_npierce Yes, setting the correct boundaries allow you having control over your workflows
English
@ericcco_ context is everything. most "ai" features today are just expensive noise because they lack the execution boundaries to be actually useful in a real workflow. human-in-the-loop is the only way to scale agents without losing control
English
AI replies are not the problem.
Low-context, unsupervised AI replies are the problem.
The future is not “let bots flood every conversation.”
It’s agents that understand the context, know the goal, stay within boundaries, and make it easy for a human to approve or correct the output before it goes live.
Automation without control creates spam.
Automation with context creates leverage.
English
@ericcco_ Hello Eric
I'm an AI Automation Engineer. With AI-Powered product (SaaS)
Looking forward to connect and learn together
English
Good point. Integration with existing systems is a must, especially in regulated industries where compliance is non-negotiable.
Building agents is getting easier and faster, but having the right guardrails, governance, and control over how they operate is what will make them enterprise-ready.
English
This is the layer we're focused on too.
If agents are going to replace legacy workflows, they need more than orchestration.
They need integration with the systems where work already happens, compliance around what data can move, and communication between agents that is identity-aware, scoped, and auditable.
English
@m13v_ @flytradr_guy Totally. The first version is the easy part now. The harder part is keeping the workflow useful once people start changing it, approving things, fixing failures, and relying on it every day. That’s where you find out if it’s real infrastructure or just a good demo.
English
@flytradr_guy @ericcco_ agent demos in a workflow always land clean. the gap you're naming isn't the framework, it's iteration under change, where the AI-built first draft holds up or collapses into debt once approvals and failure handling get bolted on. mk0r.com/r/zmd26u6u written with ai
English
@ericcco_ Building a Typescript specialized harness around Qwen 3.6 27B. I want to see whether I can get it to flagship quality by keeping it very scoped and specialised. Using DGX Spark and running tests 24/7 in a self corrective loop.
English
@ericcco_ Hi Eric I’m building AI agents for my projects recent one
Dhilip Subramanian@sdhilip
Built an AI-powered Document Intelligence Review Workbench for a manufacturing client in the US. The problem was simple: Teams were dealing with large volumes of PDFs, scanned documents, internal policies, supplier docs, external links, and operational records. Manual search was slow, and every answer needed to be backed by source references. So I built an end-to-end RAG solution on Azure. Architecture: • Azure Blob Storage for document storage • Azure AI Document Intelligence for OCR • Azure AI Search for vector + semantic retrieval • Azure Functions for the API layer • Azure AI Foundry for model orchestration • GPT-5.5 and Claude model selection • React frontend for upload, review, citations, and follow-up chat Flow: Upload document → OCR/text extraction → retrieve relevant knowledge → generate structured summary → show findings with citations → ask follow-up questions. I also added: • scanned PDF support • citation links • model switching • clean review dashboard • non-relevant document detection • follow-up chat grounded in uploaded documents and retrieved sources This was a fun full-stack AI build covering RAG ingestion, Azure architecture, backend APIs, LLM integration, OCR, and frontend UX. The key point: AI is useful only when the answer can be traced back to the source.
English
@Lakshman2302 @GrayCodeAI Love the “humans and AI agents build together” framing. Are you focusing more on orchestration, collaboration UX, or review/control?
English
English
