agent runtime
Safeguard articles tagged "agent runtime" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Keeping secrets out of agent context windows: brokers, scoped tokens, and redaction
Every secret that touches an agent's context window is a secret the agent can leak. Just-in-time credential brokers, scoped-token issuance, and redaction layers keep the surface small without breaking the agent's ability to do real work.
Network egress controls for autonomous agent runtimes
Autonomous agents need network access to do useful work, and that access is exactly what attackers exploit when they trick an agent into exfiltrating data. Here is how to design egress controls that hold up under adversarial pressure.
Detecting shadow MCP servers in developer environments
Unauthorized MCP servers running on developer laptops are the agent-era equivalent of shadow IT. Here is how to inventory them, see them at runtime, and bring them under policy.
Defending LLM agents against confused-deputy attacks on their tool privileges
An LLM agent with tools is a deputy that holds privileges its users do not. Attackers exploit that gap by tricking the agent into using those privileges on their behalf — here is how to design defenses that hold up.
LangGraph CVE-2025-64439: When Agent Checkpoints Become RCE
A JsonPlusSerializer fallback in langgraph-checkpoint let attacker-controlled payloads execute arbitrary Python on deserialization. We unpack the bug, the patch, and what agent operators must change.