BlueRock

Verified account

@BlueRock_io

Keeping agents on the rails. Observability, context, and control for agentic AI systems in production — powered by the Trust Context Engine.

San Mateo, CA

Joined January 2026

35 Following

12 Followers

111 Posts

Pinned Tweet

about 1 month ago

Most teams connect to MCP servers without knowing what's inside. We've scanned 10,000+. Here's what we found: - 9.2% have critical vulnerabilities - 36.7% have SSRF exposure - 43% have command injection flaws Check any MCP server before you connect — free:

1

2

0

0

39

about 13 hours ago

@AgenticAIFdn Scaling AI is becoming an execution and architecture problem, not only a compute problem. Stronger isolation and efficient shared execution matter as much as more chips. That's the shift NOVA was built for.

0

0

0

0

5

BlueRock_io retweeted

Agentic AI Foundation

about 20 hours ago

@BlueRock_io (member company) introduces new AI infrastructure architecture for secure-shared execution with AMD DMA Isolation. As AI infrastructure faces sustained concurrency, growing execution complexity, and increasing economic pressure, NOVA strengthens hardware-level isolation across workloads, devices, and memory in shared execution environments. The NOVA microhypervisor was designed to address these demands through trusted isolation and secure shared-service execution at large AI infrastructure scale, supporting fully isolated virtual machines with up to 256TB of physical memory and 128 petabytes of virtual address space per workload. NOVA can: - Prevent hardware devices assigned to one virtual machine from accessing the memory of neighboring workloads - Enforce fine-grained memory access controls at the hardware layer - Restrict access at per-device and per-memory-page granularity - Abort unauthorized memory transactions directly through the IOMMU - Optionally record DMA remapping faults for diagnostic analysis Learn about the architecture that lays the foundation for future execution-aware security and introspection capabilities: https://t.co/awlcH8ylzL Github for NOVA microhypervisor: https://t.co/7vr9vcvMis

AgenticAIFdn's tweet photo. @BlueRock_io (member company) introduces new AI infrastructure architecture for secure-shared execution with AMD DMA Isolation.

As AI infrastructure faces sustained concurrency, growing execution complexity, and increasing economic pressure, NOVA strengthens hardware-level isolation across workloads, devices, and memory in shared execution environments.

The NOVA microhypervisor was designed to address these demands through trusted isolation and secure shared-service execution at large AI infrastructure scale, supporting fully isolated virtual machines with up to 256TB of physical memory and 128 petabytes of virtual address space per workload.

NOVA can:
- Prevent hardware devices assigned to one virtual machine from accessing the memory of neighboring workloads
- Enforce fine-grained memory access controls at the hardware layer
- Restrict access at per-device and per-memory-page granularity
- Abort unauthorized memory transactions directly through the IOMMU
- Optionally record DMA remapping faults for diagnostic analysis

Learn about the architecture that lays the foundation for future execution-aware security and introspection capabilities: https://t.co/awlcH8ylzL

Github for NOVA microhypervisor: https://t.co/7vr9vcvMis

1

3

1

1

31

about 14 hours ago

Why open: the isolation layer is the thing everyone ends up trusting and almost no one gets to inspect. Trust infrastructure the whole field depends on shouldn't be one vendor's black box. Read the source: <https://t.co/6nL5zPEQpx> #virtualization

0

1

0

0

8

about 14 hours ago

The AI scaling story is told in compute: more chips, more spend. The constraint that's actually emerging is isolation: how do you run many workloads on shared infrastructure, continuously, without them stepping on each other? We're open-sourcing a piece of the answer today.

1

0

0

0

8

about 14 hours ago

The latest NOVA Microhypervisor is now open source under GPLv2, with DMA isolation on AMD via the hardware IOMMU. A device in one VM can't touch a neighbor's memory. Enforced at the hardware layer. On by default. #opensource #AMD

1

1

0

0

22

20 days ago

Learn more here: https://t.co/Bga8auQbqD

0

1

0

0

8

20 days ago

GitHub Copilot: 20M users. ~90% of the Fortune 100. Autonomous coding agents are opening PRs on their own. The line between builder and operator just collapsed. Most enterprise operating models are not built for it.

BlueRock_io's tweet photo. GitHub Copilot: 20M users. ~90% of the Fortune 100.

Autonomous coding agents are opening PRs on their own. The line between builder and operator just collapsed.

Most enterprise operating models are not built for it. https://t.co/CMEQ3woqaH

1

2

1

0

33

20 days ago

The next enterprise operating model is not slower approvals. It is shared understanding across teams, runtime execution visibility, dynamic guardrails, infrastructure built for continuously active systems, supervisory humans, and builder enablement at scale.

1

1

0

0

8

21 days ago

Today's GitHub story from @TheHackersNews: https://t.co/lWcGUuXDyg

0

0

0

0

17

21 days ago

The GitHub news got the headlines. For agentic developers, the durabletask compromise reported alongside it is the more useful data point. Microsoft's Python client for Durable Task workflows, ~417K downloads/month. Versions 1.4.1 through 1.4.3 execute on import. The payload reads HashiCorp Vault KV, 1Password and Bitwarden vaults, SSH keys, Docker credentials, and shell history. It propagates via AWS SSM and kubectl exec on infected hosts. The code is an evolution of last week's guardrails-ai payload. Same pattern as LiteLLM in March: trusted package, malicious version, runtime credential sweep. Build-time scanning didn't catch LiteLLM because the scanner itself (Trivy) was the backdoor. Same logic applies here. @hbatbluerock walked through the full chain and the runtime mitigations across all three phases when this campaign started. The analysis still holds.

1

0

0

0

22

21 days ago

Full breakdown: https://t.co/TJ4alGqrPU

1

0

0

0

3

21 days ago

It's hard to see what actually ran once execution begins. In MCP systems, tools call other tools. Dependencies execute code indirectly. Subprocesses spawn during normal operation. Request logs don't capture any of it. We open sourced BlueRock MCP Python Hooks to fix that. A lightweight Python sensor. Captures MCP protocol activity, resource access, module imports with SHA-256, subprocess execution. Structured NDJSON output. Apache 2.0. No SDKs. No code changes. Three commands to set up. https://t.co/jDyxKzxwAJ

BlueRock_io's tweet photo. It's hard to see what actually ran once execution begins.

In MCP systems, tools call other tools. Dependencies execute code indirectly. Subprocesses spawn during normal operation. Request logs don't capture any of it.

We open sourced BlueRock MCP Python Hooks to fix that.

A lightweight Python sensor. Captures MCP protocol activity, resource access, module imports with SHA-256, subprocess execution. Structured NDJSON output.

Apache 2.0. No SDKs. No code changes. Three commands to set up.

https://t.co/jDyxKzxwAJ

0

0

0

0

16

28 days ago

Most enterprises are trying to govern agentic AI with models built for static software. That gap is becoming a competitive liability. In the agentic era, control is not the opposite of speed. Control is what unlocks speed. New post on Agentic Operations → https://t.co/eEH0hPW0GR

BlueRock_io's tweet photo. Most enterprises are trying to govern agentic AI with models built for static software.

That gap is becoming a competitive liability.

In the agentic era, control is not the opposite of speed. Control is what unlocks speed.

New post on Agentic Operations → https://t.co/eEH0hPW0GR

0

2

0

0

18

29 days ago

Apache 2.0. No SDKs. No code changes. Three commands to set up. First event in minutes. https://t.co/iCQz6tE9CT

0

1

0

0

18

29 days ago

It's hard to see what actually ran once execution begins. In MCP systems, tools call other tools. Dependencies execute code indirectly. Subprocesses spawn during normal operation. Request logs don't capture any of it. We open sourced BlueRock MCP Python Hooks to fix that ↓

1

2

0

0

26

29 days ago

A lightweight Python sensor that attaches at interpreter startup, before app code runs. Captures: • MCP protocol activity — tool calls, sessions, connections • Resource access • Module imports w/ version + SHA-256 • Subprocess execution Structured NDJSON. Inspect locally or pipe into OTEL.

1

1

0

0

21

30 days ago

The agent didn't go rogue. It did exactly what it was allowed to do. That's the difference between observing prompts and governing actions at the app runtime. Live demo → https://t.co/jCBmEy0jQi

0

1

0

0

16

30 days ago

A Cursor agent deleted a production database on Railway in 9 seconds. One API call. Backups included. All safety rules bypassed. We ran the exact same command against BlueRock. Here's what happened in 60 seconds.

1

1

1

0

63

30 days ago

Blocking curl outright isn't the answer. Agents legitimately need it for database APIs. BlueRock distinguishes legitimate operations from destructive ones, and only stops the destructive one.

1

0

0

0

18

Last Seen Users on Sotwe

Trends for you

Most Popular Users