Been deep in the agent security space for a while and wanted to get a read on what people are actually doing in practice. The pattern I keep seeing: teams give agents real capabilities (code execution, API calls, file access), then try to constrain behavior through system prompts and guidelines. That works fine in demos. It doesn’t hold up when the stakes are real. Harness engineering is getting a lot of attention right now — the idea that Agent = Model + Harness and that the environment around the model matters as much as the model itself. But almost everything I’ve seen in the harness space is about capability (what can the agent do?) not enforcement (how do you prove it only did what it was supposed to?). We’ve been building a cryptographic execution environment for agents — policy-bounded sandboxing, immutable action logs, runtime attestation. The idea is to make agent behavior provable, not just observable. Genuinely curious:
- Are you running agents in production with real system access?
- What does your current audit/policy layer look like?
- Is cryptographic enforcement overkill for your use case, or is it something you’ve wished existed? Not trying to pitch anything — just want to understand where teams actually feel the pain. Happy to share more about what we’ve built in the comments. If you’re in fintech or a regulated industry and this is a live problem, would love to chat directly. submitted by /u/YourPleasureIs-Mine
Originally posted by u/YourPleasureIs-Mine on r/ArtificialInteligence