Facio Blog

Practical notes on human-reviewed AI agents.

Payload-powered product notes, security writing, HITL patterns, and operational guidance from the Facio runtime: long sessions, Placet approvals, audit trails, memory, providers, channels, tools, and Docker-first operations.

Showing 1-5 of 18 articles in Security.

Security

674 Attacks in 3 Hours: How AI Red Teaming Agents Are Rewriting the Security Playbook

A single operator just ran 674 adversarial attacks against Llama Scout in three hours with an 85% success rate — using an AI red teaming agent. Traditional pentesting and manual red teams can't match this velocity. Here's what the shift to agent-orchestrated adversarial testing means for enterprise security programs.

Jun 6, 2026Security

Read article

Security

The NSA Just Published MCP Security Guidance: What the Five-Layer Threat Model Means for Your Agents

Jun 5, 2026Security

The NSA Just Published MCP Security Guidance: What the Five-Layer Threat Model Means for Your Agents

The Model Context Protocol is now critical infrastructure — confirmed by the NSA's formal Cybersecurity Information Sheet. From transport-layer interception to context poisoning to supply chain threats, every MCP deployment faces a five-layer attack surface that traditional API security doesn't cover.

Security

RBAC Is Not Enough for AI Agents: The Authorization Model That Actually Works

Jun 4, 2026Security

RBAC Is Not Enough for AI Agents: The Authorization Model That Actually Works

Static roles can't govern agents that shift from read-only research to production deployment in ten minutes. The confused deputy problem is the default architecture for most agent deployments. Here's why RBAC+ABAC with tool-scoped permissions is the minimum viable authorization model for 2026.

Security

Your AI Agent Audit Trail Is Probably a Filing Cabinet: What Compliance Actually Requires

Jun 3, 2026Security

Your AI Agent Audit Trail Is Probably a Filing Cabinet: What Compliance Actually Requires

88% of enterprises had AI agent incidents — but only 21% have runtime visibility and 33% have no audit trail at all. Operational logs are not audit logs. WORM storage, cryptographic chaining, and the five mandatory elements every compliance-grade agent audit trail needs before the EU AI Act deadline.

Security

Your Containers Can't Hold an Agent: The Sandboxing Reality Every Architect Must Face

Jun 2, 2026Security

Your Containers Can't Hold an Agent: The Sandboxing Reality Every Architect Must Face

Standard Docker containers share the host kernel — and 1 in 8 AI breaches now involves an agentic system. From Cohere's CVSS 9.3 sandbox escape to Claude Code's configuration injection, the evidence is in: containers aren't sandboxes. Here's what isolation actually requires in 2026.