|
|
|
|
|
|
by navilai
62 days ago
|
|
|
The per-identity model is the right direction — shared credentials for agents is one of the most under-discussed risks in the space. One thing we've run into: even with proper credential isolation, agents can still exfiltrate data if they're compromised via prompt injection. The credential controls who can access the DB; runtime policy controls what the agent is allowed to do with that access. They're complementary layers. We built Navil specifically for the runtime enforcement side — it sits between the agent and its MCP tools and can block calls that violate policy even if the agent has valid credentials. Happy to share notes on where we've seen the two layers interact in real deployments. |
|
|