
Or Weis
Announcing Permit MCP Gateway
Announcing Permit MCP Gateway, a new trust and enforcement layer for MCP that brings identity, consent, fine-grained authorization, auditability, and runtime control to AI agent actions.


Featured Stories

Or Weis
Announcing Permit MCP Gateway, a new trust and enforcement layer for MCP that brings identity, consent, fine-grained authorization, auditability, and runtime control to AI agent actions.

Gabriel L. Manor
The new Permit.io CLI brings developer-first workflows to access control. Define, test, deploy, and enforce fine-grained authorization using AI, CI/CD, GitOps, and OpenAPI — all from your terminal

Or Weis
DIDs, verifiable credentials, and AI control towers are foundational for agent governance, but they still do not decide whether a specific agent action is allowed right now. This article explains the runtime authorization model enterprises need for delegated AI execution.

Or Weis
Prompt injection becomes a security incident when untrusted content is promoted across authority boundaries into actions. This article shows how to enforce RAG and MCP promotion gates with runtime authorization outside the model.

Ziv Cohen
It had every permission it needed and a ticket telling it exactly what to do. Blocked once, it reworded the request to fool the check. Blocked again, it asked me to switch the check off. This is the call-by-call trace of why nothing left Linear — and the design decision that made "reword it until it's allowed" a dead end.

Or Weis
The LiteLLM CVE-2026-42271 and Starlette BadHost CVE-2026-48710 chain turned authenticated command injection into unauthenticated RCE. The deeper lesson: AI gateways hold model credentials, route sensitive traffic, and expose MCP utility endpoints — and need action-time authorization, not flat API keys.

Or Weis
Sandboxing a coding agent isolates it from the host—but the real blast radius is the credentials it holds. GitHub tokens, cloud keys, MCP connections, and CI/CD access define what an agent can actually do. Here's the runtime permission model that closes the gap.

Or Weis
Atlassian Rovo's MCP server makes a precise security tradeoff visible: OAuth 2.1 handles identity and consent; API tokens handle non-interactive automation. Neither governs what agents can actually do at tool-call time. Here is what that gap looks like in practice.

Or Weis
Coding agents are operational actors, not just assistants. This guide presents a practical trust-level taxonomy for agent commands and MCP tools, explains why human approval prompts degrade at scale, and shows how runtime authorization policy enforces trust levels without relying on click fatigue.

Or Weis
Treating AI agents like service accounts is a useful starting point — but it fails at runtime. Here's why scoped tokens are necessary but not sufficient, and how runtime authorization fills the gap.

Or Weis
The Claude Code MCP OAuth token theft chain is an authorization failure, not just a credential leak. OAuth got the agent connected, but it never constrained which tool calls remained valid after the routing layer was tampered with — and that is the gap runtime policy enforcement must close.

Or Weis
The IETF SD Agent draft and Microsoft Entra Agent ID are turning agent identity into real infrastructure. But a verified Agent Card or sponsored enterprise identity still doesn't answer whether an agent may call a specific MCP tool right now — that requires runtime authorization.

Or Weis
Microsoft Entra Agent ID and SD-JWT agent identity solve registration, governance, and authentication — but they don't decide whether a specific MCP tool call is permissible right now. This article explains the gap and the runtime authorization architecture needed to close it.

Gabriel L. Manor
In April 2026, the NSA published 'Careful Adoption of Agentic AI Services' — the first intelligence-community advisory specifically targeting AI agent authorization failures. Here is what it actually demands and why most engineering teams are not close to meeting it.