Security & Safety
5 篇文章
Deterministic Security Scanning Build Loop
Non-deterministic approaches to security in AI code generation (Cursor rules, MCP security tools) are fundamentally flawed because security requires absolute determinism - code is either secure or not…
proposedExternal Credential Sync
Users manage AI API credentials across multiple tools—CLIs (Claude Code, Codex CLI), web portals, and local development environments. Manually re-entering credentials for each tool is friction-prone a…
validated-in-productionIsolated VM per RL Rollout
During reinforcement learning training with tool-using agents, multiple rollouts execute simultaneously and may call destructive or stateful tools: - **Cross-contamination**: One rollout's actions af…
emergingPII Tokenization
AI agents often need to process workflows involving personally identifiable information (PII) such as emails, phone numbers, addresses, or financial data. However, sending raw PII through the model's …
establishedSandboxed Tool Authorization
Tool authorization needs flexibility but also security. Static allowlists don't scale across: - **Multiple environments**: Development (permissive) vs. production (restrictive) - **Different agent ro…
validated-in-production