Field notes
When agents cause losses — and what actually contains them
Nine Seconds: How an AI Agent Deleted PocketOS's Database and Every Backup
On 25 April 2026, a Cursor agent running Claude Opus 4.6 wiped PocketOS's production database and all volume-level backups via a single API call. The incident exposes three guardrail failures that Auly's scoring directly addresses.
Apr 25, 2026 · 4 min read
The Permission-Scoping Trap: Wildcard Credentials and Standing Access
How over-scoped tokens and persistent credentials convert low-frequency agent reasoning errors into high-severity loss events — and what least-privilege actually requires for autonomous agents.
Jun 15, 2026 · 4 min read
GuardrailsWhy 'Read-Only' Is Not a Risk Category
Treating 'read-only' as a safe permission tier mistakes declared authority for actual consequence surface—a gap that OWASP's excessive-agency framework and EchoLeak both document in concrete terms.
Jun 14, 2026 · 5 min read
GuardrailsWhat Guardrails Actually Stop — and What Only Insurance Can
Guardrails reduce how often AI-agent losses happen. Reversibility caps how bad they get when they do. Insurance covers the residual that remains after both. Understanding which layer does what prevents teams from confusing risk reduction with risk elimination.
Jun 11, 2026 · 4 min read