Issue 05 July 9, 2026 2 min read

The control room for agents doesn't exist yet

The industry is deploying AI agents into production at record speed — Unity controllable by LLMs, agents with local terminal access, complete personal automation pipelines. But the governance, auditing, and operational control layer isn't keeping pace.

The thesis

While builders construct agentic infrastructure, the tools to operate it safely in enterprise simply don't exist. This isn't a future problem: GitLost demonstrated that agents can be tricked into leaking private repos, CVEs spiked with every model release, and someone had to build MakerChecker because there was no standard way to audit dangerous capabilities.

Signals of the week

GitLost: prompt injection against GitHub's agent

Researchers tricked GitHub's AI agent into leaking private repos via prompt injection. This isn't a traditional CVE you patch — it's a fundamental design problem: agents are optimized to be helpful and compliant, not skeptical. For any company giving an LLM access to sensitive data without strict sandboxing, this vulnerability is structural. The uncomfortable question: how many production apps have this attack vector wide open and simply don't know it? Source: Noma Security.

MakerChecker: scanning agents for dangerous capabilities

A builder released a tool to scan AI agents for dangerous capabilities. That this exists — and is trending — means two things: the agent governance problem is real and affecting teams today, and there's no established solution. For any company with AI agents in production, the gap is concrete: they don't have standard auditing tools, capability controls, or operational visibility. This is the kind of tooling that should exist before agents reach production, but we're building it after the fact. Source: GitHub.

CVE spike with the Claude Mythos Preview launch

Epoch.ai cross-referenced CVE data with AI model releases and found a spike in severe vulnerabilities following the Claude Mythos Preview launch. The structural problem: security teams don't scale at the speed of model release cycles. Each launch expands the attack surface before anyone audits it. For SRE and SecOps, this inverts the operational model: you used to be able to audit a release before deploying it; now the new model arrives via API and your agents are already using it. The window between deploy and audit disappeared. Source: Epoch.ai.

My read

The gap between capability and operational control is the systemic risk of 2026.

Useful? Forward it to someone it'd serve.

Subscribe

— Jorel