Brian D

Giving your AI agent access to your email is a bigger risk than you think. Bank statements. Medical records. Legal conversations. Password resets. All accessible. All searchable. It won't question a phishing email. It won't hesitate before opening a malicious attachment. It won't notice prompt injection hidden in an email body telling it to forward everything to an external address. And giving it a separate inbox doesn't fix it either. #AIAgents #AgentSafety #CyberSecurity

Every agent with an inbox is running an open prompt injection endpoint. AI phishing hits a 54% click rate. But agents don’t click. They just process. The email arrives, the agent reads it, calls your tools, and acts. The “click rate” framing doesn’t even apply anymore. #AIAgents #AgentSafety #CyberSecurity

A Meta AI safety director told her agent to tidy her inbox. It deleted over 200 emails. She told it to stop. It kept going. She built AI safety systems for a living. Her own agent ignored her. Your agent's inbox is its biggest attack surface. Here's what defense in depth actually looks like: https://t.co/mOpzlYgJ8S #AIAgents #AgentSafety

SANS just released an AI security maturity model that names "Principle of Least Agency" as the agentic counterpart to least privilege. The framing is right. The challenge is that most agent frameworks still let you skip it entirely. Authorization, approval gates, audit trails. They exist as opt-in features, not enforced defaults. The gap isn't awareness anymore. It's tooling that actually enforces governance at runtime. #AIAgents #AIGovernance #AgentSafety

Exactly. The admissibility check as a precondition for agents in production shouldn't be optional. When it's in the execution path, the audit trail becomes built-in, not bolted on. The part that breaks a lot of setups is when the answer isn't allow or deny, it's "a human needs to decide this". Routing that decision to the right person with enough context to act on it, without slowing everything down, is what most teams are still figuring out.

89% of orgs deploying AI agents have some observability. Most aren't satisfied with it. Authorization, approval workflows, and audit trails. The pieces exist, but they're scattered across different tools, all opt-in, none enforced by default. Here's what production agent governance actually requires: https://t.co/SCDyl7syRD #AIAgents #AIGovernance #LLMOps

Exactly. If policy evaluation for the tool call happens too far upstream from execution, you lose the context of what the agent actually tried to do. Retry handling is a great example. An agent that gets blocked and immediately tries a variation of the same tool call may have a different risk profile than a first attempt.

Anthropic has 454 open roles. The company is hiring software engineers at $320K-$405K. Their CEO, Dario, said three months ago that coding is "going away first, then all of software engineering." The paradox resolves instantly. Dario's engineers told him they don't write code anymore. They let Claude write it. They edit. They review. They architect. They didn't lose their jobs. They got faster. Anthropic grew from a small research lab to 1,500 employees in four years, adding engineers the entire time. This has played out five times in computing history. Compilers replaced assembly. Frameworks replaced boilerplate. Cloud replaced server management. Every prediction was the same: most programmers won't be needed. Every result was the same: the number of engineers grew. The global software engineer pool went from roughly 5 million in 2010 to 28.7 million today. BLS projects 17% growth in US software developer roles through 2033, adding 304,000 positions. The pool is projected to hit 45 million by 2030. When building software gets cheaper, more problems become worth solving with software. A startup that needed 10 engineers now needs 3. But 50 companies that couldn't afford to build at all now can. The denominator shrinks. The numerator explodes. Meta's engineering headcount is up 19% from January 2022. Google's is up 16%. Apple, 13%. These companies adopted AI coding tools years ago. They're using Copilot and Claude Code daily. They're hiring more engineers than before those tools existed. Every generation of "coding is dead" content creates two cohorts: engineers who freeze up, and engineers who build 10x more with the new tools. The second group has won every single time.