monarie dude

🚨 ANTHROPIC JUST PUBLISHED A 36-PAGE SECURITY GUIDE THAT BASICALLY TELLS YOU TO STOP TRUSTING YOUR OWN AI AGENTS. If you run agents on Claude Code, MCP servers, or automation tools, pay attention. The attack timeline has collapsed. AI models compress the gap between a vulnerability and a working exploit from months to hours, for mere dollars. Agents introduce new autonomous risks, from tool poisoning to context memory manipulation. The most useful idea in the guide is Anthropic's new security test: Does a control make an attack impossible, or just tedious? Automated attackers have unlimited patience. They will grind straight through friction like rate limits and 2FA. To defend at the speed of AI, you need hard barriers and automated defensive operations. Here is how Anthropic says you should lock down agents: → Treat static API keys as compromised. Use short-lived tokens that expire in minutes. → Apply "Least Agency": explicitly limit what each tool can DO. → Sandbox agents that process untrusted inputs like emails and web pages. → Scope permissions dynamically per task, not permanently. I've added the link to the guide in the 🧵↓