Insights

Field notes on agent authority, escalation, and audit evidence.

Short pieces for teams moving AI agents from pilots into production systems.

Latest field notes
Authority
Prompt injection is visible. Tool authority is the blast radius.

An attack matters most when the agent can use a tool that changes data, sends messages, triggers workflows, or touches production.

Request this note
Governance
A registry is not an authority model.

Knowing which agents exist is useful. Knowing what they can do when blocked is the part that prevents findings.

Request this note
Escalation
Human approval fails when the system cannot explain what changed.

Approval only works when the human sees intent, consequence, boundary, and rollback path before the action fires.

Request this note
Audit
Logs are not evidence until they answer the auditor's question.

Raw tool calls are not enough. Evidence needs owner, authority, approval, exception, and residual risk.

Request this note
Production
Agent risk increases when the workflow becomes hard to unwind.

The right time to assess authority is before the agent becomes part of the operating rhythm.

Request this note