Skip to content

Secrets & Trust

Keeping credentials safe while autonomous agents act on your behalf — trust models, least privilege, and secret-leak attacks.

7 articles

Jul 6, 2026·18 min read

How Do Two AI Agents Trust Each Other?

Agent-to-agent trust is a 4-layer stack borrowed from web auth (signed cards, OAuth/mTLS, token exchange) — and the injection gap none of it closes.

Jul 6, 2026·17 min read

Least Privilege for AI Agents

Least privilege bounds what a tricked AI agent can do — not whether it's tricked: authz policy, JIT tokens, and the confused-deputy ceiling it can't cross.

Jul 6, 2026·12 min read

Prompt Injection Is a Credential-Exfiltration Attack

Prompt injection is a 3-stage credential kill chain: injection lands, the agent reads a secret, it leaves via an allowed channel. Three defenses matter.

Jul 5, 2026·10 min read

The Trust-Model Spectrum for AI Agent Secrets

Six rungs of protecting an AI agent's secret, weakest to strongest—each defeats a different threat, but none stops a tricked agent misusing what it unlocks.

Jul 4, 2026·13 min read

Credential the LLM Never Sees for MCP Tools

Credential the LLM never sees: resolve secrets below the model, inject them on the wire, and account for MCP, logs, and confused deputies.

Jul 4, 2026·13 min read

Memory Poisoning: The Patient Path to Your API Keys

A poisoned AI agent memory can wait weeks, then leak an API key. Persistence and key-theft are each demonstrated; chaining them isn't—yet. Here's the fix.

Jun 29, 2026·11 min read

AI Agent Secrets: Why the Nagging Won't Save You

AI agents warn about API keys because the risk is real. But warning after a secret enters context is not protection.

← Back to the Library