Notes from the team behind Authsome. Integration patterns, agent credential workflows, security tradeoffs, and product updates. Written for builders, not buyers.
Supply chain risks for AI agents: malicious MCP servers, poisoned skills, and how to triage.
A field guide to the 2025-26 wave of agent supply chain attacks. Malicious MCP servers, poisoned skills, npm and PyPI compromises, the five injection vectors, and the exact triage checklist if you already shipped one.
Building a DevOps agent: cluster, cloud, PagerDuty, GitHub, without a single long-lived key.
A field report on building a production DevOps incident triage agent across EKS, CloudWatch, PagerDuty, Datadog, GitHub and Slack with zero long-lived credentials on disk.
Building a research agent: papers, web, Drive, and inbox without leaking.
A field report on wiring a multi-tool research agent across Brave, arXiv, Google Drive, Gmail, Notion, Linear, and Slack, then taking every credential out of the agent process so a prompt injection has nothing to steal.
I built an outreach agent that touches six SaaS tools and leaks nothing.
A first-person field report on building a multi-tool AI outreach agent across HubSpot, Notion, Hunter, Resend, Slack, and Linear, then keeping every credential out of the agent process with a local broker and a deny-by-default allowlist.
Running agents without losing my keys: a month with authsome.
Five weeks with a local-first credential broker. What worked, what bit me, and the things the docs don't tell you up front.
Running AI agents in production: what nobody tells you about credentials.
Seven credential failure modes that don't show up until you've shipped. Notes from running agents past the demo stage.
