Veto Blog

AI agent security, authorization patterns, and engineering insights from the Veto team.

Security

The Authorization Gap in AI Agents

AI agents authenticate just fine. But authentication answers 'who is this?' -- not 'what may it do?' The Replit incident, OWASP LLM06, and why capability without authority is the root of every agent failure.

Yaz CalebMar 28, 202614 min
Engineering

Why Prompts Are Not Authorization

SaaStr's founder told Replit's agent to stop eleven times. It deleted his database anyway. Prompts are suggestions. Authorization is deterministic. Here's the difference -- and why it matters for production agents.

Anirudh PatelMar 21, 202612 min
Security

MCP Security: A Complete Guide

CVE-2025-6514 gave attackers RCE through mcp-remote. Anthropic's own git MCP server had three chained CVEs. Tool poisoning, silent redefinition, supply chain attacks -- the MCP threat model is real. Here's how to lock it down.

Anirudh PatelMar 14, 202618 min
Use Cases

Building Safe Financial Agents

$45M lost to AI trading agent exploits. 60% of financial firms say agent misconfiguration is their top AI concern. The SEC is watching. Here's how to build financial agents that don't become liabilities.

Yaz CalebMar 7, 202616 min
Integrations

LangChain Agent Authorization Guide

CVE-2025-68664 proved LangChain agents need more than trust. LangChain 1.0's middleware API finally makes authorization composable. Here's how to add runtime guardrails to any LangChain or LangGraph agent.

Anirudh PatelFeb 28, 202615 min
Integrations

Claude Agent Guardrails: Anthropic SDK Security

The complete guide to securing Claude agents with runtime authorization. Real Anthropic SDK code, the protect() pattern, YAML policies, and audit trails that satisfy SOC 2 and GDPR.

Yaz CalebFeb 21, 202614 min
Compliance

EU AI Act Compliance for AI Agents

The August 2026 deadline is four months away. Articles 9, 12, 13, 14, and 26 mapped to concrete technical controls. Fines up to 35M euros or 7% of turnover. Here is your compliance blueprint.

Kyrie KirkFeb 14, 202616 min
Architecture

Multi-Tenant AI Agent Architecture

Three isolation models for multi-tenant AI agents, with ASCII architecture diagrams, per-tenant YAML policies, vector database isolation patterns, and defense-in-depth strategies for SaaS at scale.

Anirudh PatelFeb 7, 202618 min
Engineering

Human-in-the-Loop for AI Agents

Five approval patterns for production agents: pre-action, confidence-based, sampled, tiered escalation, and post-action review. With YAML configs, timeout strategies, and regulatory alignment for EU AI Act Art. 14 and GDPR Art. 22.

Yaz CalebJan 31, 202615 min
Compliance

AI Agent Audit Trails: SOC2 and GDPR

Map Veto's audit trail to specific SOC 2 controls (CC6.1, CC6.3, CC7.2, CC7.3, CC8.1) and GDPR articles (Art. 13-15, Art. 22, Art. 30). Complete audit record anatomy, retention policies, and tamper-evident logging.

Kyrie KirkJan 24, 202617 min

Build your first policy

Start freeRead the docs