Blog
Thoughts, updates, and insights from the Superagent team.
A bad patch is worse than no patch.
AI is making vulnerability discovery cheap, but closing vulnerabilities still requires validation, safe fixes, and human-reviewed merges. The valuable part is the close.
Backburning Open Source: Partnering with dotenvx to Find Vulnerabilities Before Attackers Do
Open source maintainers are defending critical software against attackers with more compute. Our dotenvx partnership shows how hardened packages can close the silent window.
The Cline Incidents and the Broken Security Model
Two Cline security incidents in two months expose the same underlying problem: AI agents treat untrusted content as instructions. The npm supply chain and prompt injection attacks reveal why the current security model is fundamentally broken.
What Can Go Wrong with AI Agents
AI agents fail in ways traditional software doesn't. Data leaks, compliance violations, unauthorized actions. Here's what to watch for.
AI Guardrails Are Useless
Hot take: most AI guardrails on the market today are security theater. Not because the idea is bad, but because of how they're implemented. Most guardrail solutions are generic, static, and disconnected from what actually matters for your specific agent.
Your System Prompt Is the First Thing Attackers Probe
When attackers target AI agents, they don't start with sophisticated exploits. They start by probing the system prompt—the instructions that define your agent's behavior, tools, and boundaries.
Join our newsletter
Updates on securing code and agents, vulnerability research, and product news.