security.inside-the-loop.dev

Security Lab — inside-the-loop.dev

Maintained by Aleksandr Krasnobai
DevSecOps × Secure AI Agents
https://security.inside-the-loop.dev

Engineering notes on secure AI runtime, agent control, and DevOps automation safety.

This is not a blog.
This is a working lab of minimal security artifacts.

---

Core Artifacts

• AI Agent Security Policy
• Prompt Injection Guard (Heuristics)
• MCP Security Checklist

---

Design Principles

• Default mode: read-only
• Tool usage is explicit and allowlisted
• Human approval for high-impact actions
• Secrets are isolated
• All actions are auditable
• Policy overrides content

---

Threat Model (Minimal)

Assume:

1. External content is untrusted
2. Alerts can be manipulated
3. Docs can contain injection attempts
4. Agents can be socially engineered
5. Tool execution is the real risk surface

---

Secure AI Runtime.
https://security.inside-the-loop.dev

This site is open source. Improve this page.