Blog
Field notes on agent identity, runtime policy, and securing autonomous AI.
Your AI Gateway Is Fine, Until Everyone Hits It at Once
Five AI gateways, the same AWS hardware, the burst your team makes every morning. A call that returns in 0.23s through Highflame takes 37.5s through LiteLLM. Your hot-path gateway decides whether developers wait.
-
Engineering
How Anthropic Contains Its Own Coding Agents, and How to Get That Coverage Across Your Fleet
Anthropic open-sourced how it contains its coding agents. Here is the three-layer model, a real attack walked end to end, and the governance problem no sandbox solves: you run five agents and own none of them.
-
Product MCP EMA support now available in Highflame!
MCP just shipped Enterprise-Managed Authorization, a standard that lets a company's own identity provider decide which MCP servers an agent is allowed to connect to, brokered through corporate SSO with an Identity Assertion JWT Authorization Grant (ID-JAG). It's the model enterprises have been asking for: corporate SSO replaces hand-provisioned per-server keys, IT controls access from the IdP, and offboarding someone cuts their agent access everywhere at once. It's also the exact admission model Highflame is built around. But the standard stops at the door: it decides who gets a token to reach a server, not what the agent is allowed to do once it's inside. This post walks through what Enterprise-Managed Authorization does, where it deliberately stops, and why the layer it leaves open, runtime per-tool-call authorization, is the one that actually keeps agents safe in production. Highflame already speaks this standard, and owns that open layer.
-
Engineering Three Gateways, One Decision Fabric
AI security now depends on three control planes: content inspection, tool brokering, and runtime authorization. The problem is not whether your stack has all three. It’s whether they operate as one decision path, sharing identity, detection signals, policy state, and delegation context in real time.
-
Product Highflame + Tailscale Aperture Now Blocks Risky AI Traffic in Real Time
Highflame and Tailscale Aperture now enable real-time AI traffic enforcement at the network layer, helping teams detect, govern, and block risky LLM requests before they reach model providers.
-
Research Mission Drift: Why AI Agents Fail at Step 100
Description: AI agents do not always fail with a crash. They drift. Learn why Step 1 testing and passive observability cannot stop Mission Drift, and how Highflame Compass provides runtime enforcement to keep autonomous agents aligned through Step 100.
-
Product The Uniformed Guard Problem: Why AI Agent Sandboxes Need Identity, Not Just Policy
AI agent sandboxes aren’t enough. Learn why identity, not just policy, is critical to securing autonomous AI systems and preventing misuse.
Archive
41 TOTAL- Apr 29, 2026 Security Your agent followed every rule. It still broke policy.
- Apr 22, 2026 Research When AI Monitors Betray You: The Failure of LLM-as-Judge Architectures
- Apr 15, 2026 Research Why Meta’s AI Alignment Director Couldn't Stop Her Own Agent, and How to Fix It
- Apr 10, 2026 Security Deconstructing “Agents of Chaos”: Failures Behind Autonomous Agent Attacks
- Apr 09, 2026 Product Who Sent You? Solving the Agent Identity Crisis with Highflame ZeroID
- Apr 08, 2026 Product Introducing ZeroID: Open Source Identity for Autonomous Agents
- Apr 02, 2026 Company Highflame Partners with Tailscale to Help Secure AI Agents at the Network Layer
- Mar 31, 2026 Security The LiteLLM Supply Chain Attack Wasn’t Just a Supply Chain Problem
- Mar 10, 2026 Product Traditional Authentication Isn’t Enough for Agent & MCP Security
- Mar 06, 2026 Engineering Securely Rolling Out Claude Cowork Across Your Organization
- Feb 24, 2026 Research Securing Intent : The Next Frontier in AI Agent Protection
- Jan 26, 2026 Engineering Unified Control Plane for Enterprise Code Agent Security
- Jan 19, 2026 Research Agent Context Graphs and Safe Autonomy
- Jan 12, 2026 Company Palisade is now available on Github Marketplace
- Jan 06, 2026 Company DeepContext: Defending Against Multi-Turn LLM Attacks with Context-Aware Guardrails
- Dec 18, 2025 Company Launching Palisade: Zero-Trust Security for the AI Model Supply Chain
- Oct 03, 2025 Security How We Built Highflame RedTeam: An Agent-Powered AI Red Teaming System
- Sep 24, 2025 Company Introducing Overwatch: Code Agent Security
- Sep 16, 2025 Engineering When Agents Chain Tools, The Risk Multiplies
- Sep 10, 2025 Company Announcing the Ramparts MCP Toolkit on Docker Hub
- Sep 03, 2025 Research Why Enterprise AI Agent Security Can’t Rely on Platform Providers Alone
- Aug 28, 2025 Company Highflame joins Coalition for Secure AI
- Aug 26, 2025 Engineering Securing the Bridge: Where AI meets Enterprise Data
- Aug 21, 2025 Research Why GPT-5’s Capabilities Are a Double-Edged Sword for Enterprise Security
- Aug 15, 2025 Research 5 Blackhat 2025 Takeaways on AI & Automation Security
- Jul 22, 2025 Company Announcing Ramparts: Securing MCP usage
- Jul 10, 2025 Company Why traditional DLP hurts LLM accuracy?
- May 30, 2025 Company Javelin Guard: Next-Generation Security Models
- May 13, 2025 Product AI Agent Authentication Security: Prevent Spoofing, Prompt Injection, and Abuse
- May 13, 2025 Research Top 5 Takeaways for CISOs from RSAC 2025:
- Apr 16, 2025 Company Enterprise Strategies for MCP Integration
- Apr 12, 2025 Company Highflame achieves SOC2 compliance
- Apr 02, 2025 Company AI Runtime Security: How to Protect Your GenAI Stack from Real-World Threats
- Nov 08, 2024 Company Secure your AI Embeddings with Homomorphic Encryption
No articles match.