4 posts
An attacker put untrusted text into a GitHub issue. An AI workflow turned it into shell commands inside CI. The Cline supply-chain incident shows why runtime enforcement matters more than prompt defense.
Fourteen vulnerabilities across Claude Code, Cursor, MCP servers, and Claude Desktop share a single root cause: untrusted content driving privileged actions with no independent enforcement layer.
Most agent “guardrails” live before execution (prompts) or after execution (logs). This post explains why that leaves you with hope and hindsight, and why real control must exist at the execution layer.
What we are seeing as AI agents start taking real actions, and why human speed oversight cannot keep up with machine speed execution.