Skip to content

DEFENSE

Architecture and patterns that govern action.

Layered controls that observe, interpret, constrain, and audit behaviour as it unfolds — across the agent runtime.

CORE agent runtime OBSERVE INTERPRET CONSTRAIN tool calls memory writes prompts credentials audit · evidence · review
PATTERNS

Pick a pattern, ship a control.

ARCHITECTURE

Defense architecture

The reference architecture that connects the patterns below.

Read → RUNTIME

Secure agent runtime

Sandboxing, isolation, policy enforcement, and observability inside the loop.

Read → TOOLS

Secure tool calling

Brokers, schemas, scopes, allow-lists, side-effect controls, approvals.

Read → MCP

Secure MCP

Trust boundaries, transport, capability scoping, untrusted-context handling.

Read → MEMORY

Memory security

Write paths, provenance, poisoning detection, retention controls.

Read → CREDENTIALS

Credential & token boundaries

Delegated authority, scoped tokens, credential brokers, least-privilege impersonation.

Read → PATTERNS

Secure engineering patterns

Cross-cutting engineering patterns that hold the rest together.

Read →