An AI agent with real access and no enforcement is essentially a very confident intern with root.. here's how to put guardrails that ACTUALLY work on a LangGraph agent.
https://t.co/wnc9gZifzu
Looking to meet more people building around AI agents.
Agent infra, MCP, security, devtools, deployment, enterprise workflows, or anything adjacent.
Especially interested in people trying to get agents into prod without giving them insane levels of access.
If you’re somewhere in that mess too, I’d love to know what you’re building :)
@boubacarbarry Spot on. People talk about better models like they’ll magically fix agent security, but it cuts both ways. Smarter agents with access to more powerful tools also make prompt injections more creative, less obvious, and harder to catch.
Watching the spurs blow a 29 point finals lead and realizing this was preventable with like four lines of policy
agent "deaaron-fox" {
rules {
deny layup if clock < 24 and lead > 0
permit hold_ball
defer anything_involving_outrunning("OG Anunoby")
}
}
Game 5 Saturday. Somebody apply the governance file
@AbhiCodes15 My cofounder and i talk about this all the time
Building the thing is somehow the easy part
Getting the right people to give a shit at the right time is the key
What are the best lowkey startup accelerators people don’t talk about enough?
Not YC, a16z, Techstars, etc.
We’re building in AI governance / infra if that changes your answer
@neuralunlock i went to a panel hosted by a pre-seed/seed VC firm and one of them said “we don’t need startups, startups need us” with a straight face
i wish he was kidding..
@LangChain Observability is pretty pointless when it’s operating alone, it basically just rubs in how you let the system run poorly.
Being able to enforce policy and stop those loops before they happen is the real unlock... with observability baked in ofc
Nice to see @faramesh_labs show up here.
Hot take that probably isn't that hot: agentic governance gets won by deterministic enforcement, not probabilistic judging.
Once you care about non-bypassability, runtime enforcement before the action is what matters.
@larsencc@rohit_jsfreaky The agent shouldn’t get some giant permission blob and then everyone hopes for the best
Every action should get checked when it happens... this agent, this context, this tool call. allowed or not.
That’s the layer (very broadly) IMO
@Yuchenj_UW NYC Tech Week has been testing this
So many good rooms to be in, but at some point you have to pick the ones that actually matter and not feel bad about skipping the rest