Insights

Blog

Engineering updates, security deep-dives, and building in the open.

2026-03-28Security

Why Sandboxes Alone Won't Secure Your AI Agents

Sandboxes isolate execution. But isolation doesn't stop your agent from leaking a customer's SSN to a third-party API. Here's the gap nobody talks about.

Read more
2026-03-24Engineering

Anatomy of an Agent Data Leak

We walked through a real scenario where a coding agent leaked a database password to a third-party API. Here's exactly how it happened and what would have stopped it.

Read more
2026-03-18Company

Building Declaw: Why Transparency Matters for Security Infrastructure

We're building the entire runtime — sandboxes, security pipeline, SDK — with auditability as a core principle. Here's why, and what we're betting on.

Read more
2026-03-14Security

Prompt Injection Is Not Solved. Stop Pretending It Is.

Everyone knows prompt injection is a problem. Most teams think they've handled it with a system prompt. They haven't.

Read more
2026-03-10Engineering

Why We Chose Firecracker Over Docker for Agent Sandboxing

Containers are fast and convenient. They're also a terrible isolation boundary for untrusted AI agents. Here's the tradeoff we made and why.

Read more