📰 Dev.to · PolicyLayer
28 articles · Updated every 3 hours · View all reads
All
Articles 86,928Blog Posts 107,925Tech Tutorials 21,488Research Papers 18,623News 14,384
⚡ AI Lessons
Dev.to · PolicyLayer
11h ago
AWS just made the case for deterministic policy at the MCP gateway
In May, AWS published an engineering post explaining why Policy in Amazon Bedrock AgentCore chose...
Dev.to · PolicyLayer
11h ago
The NSA just made the case for a policy layer in front of MCP
If you build infrastructure for AI agents, the NSA's May report on MCP security is the most important...
Dev.to · PolicyLayer
11h ago
MCP OAuth: Connecting Agents to Protected Servers
Static API keys in client config are the easy way to authenticate an MCP server and the easy way to...
Dev.to · PolicyLayer
11h ago
MCP Gateway: What It Is and Why Agent Fleets Need One
An MCP server exposes tools. delete_repository, create_charge, execute_query. The agent calls...
Dev.to · PolicyLayer
11h ago
MCP Authorization: Scoping What Agents Are Allowed to Do
A valid token gets an agent through the door. It says nothing about which rooms the agent should...
Dev.to · PolicyLayer
11h ago
MCP Authentication: Securing How Agents and Servers Connect
Every MCP server you connect to expects a credential. Stripe wants an API key. A GitHub server wants...
Dev.to · PolicyLayer
11h ago
AI Agent Containment Starts at the Environment Layer
Anthropic just published how they contain Claude. The number that should stop every platform team:...
Dev.to · PolicyLayer
11h ago
Tool-Result Injection: The MCP Attack System Prompts Miss
We've made the argument twice now: system prompts are not a security boundary, and prompt engineering...
Dev.to · PolicyLayer
11h ago
Namespace-Scope Your Kubernetes MCP Server From Production
An agent is investigating a crashloop. Someone pastes the wrong namespace into the chat —...
Dev.to · PolicyLayer
11h ago
Blocking Outbound Exfiltration Through MCP Fetch and HTTP Tools
An autonomous agent fetches a GitHub issue to triage it. Buried in the issue body, between two...
Dev.to · PolicyLayer
11h ago
Stop Your GitHub MCP Agent From Force-Pushing to main
An agent is chasing a flaky CI run at 02:00. It decides the remote branch is stale, picks the wrong...
Dev.to · PolicyLayer
11h ago
System Prompts vs. Transport Firewalls: Why System Prompts Do Not Equal Security
When deploying autonomous AI agents in production, securing their tool access is the most critical...
Dev.to · PolicyLayer
11h ago
Microsoft's Agent Governance Toolkit: 9 Packages, MCP-Blind
Microsoft just open-sourced the Agent Governance Toolkit — nine packages covering policy enforcement,...
Dev.to · PolicyLayer
11h ago
Why Prompt Guardrails Fail for AI Agent Safety (And What Works Instead)
Most teams building AI agents start with prompt guardrails as their safety strategy: write rules in...
Dev.to · PolicyLayer
11h ago
X Just Shipped an MCP Server. It Exposes 131 Tools With Zero Access Control.
X (formerly Twitter) just released xmcp, an official MCP server that wraps the entire X API v2. It is...
Dev.to · PolicyLayer
11h ago
We Scanned Popular Open Source MCP Configs. Here's What We Found.
Every major developer platform now ships an MCP server. Stripe, GitHub, Supabase, Cloudflare, Sentry,...
Dev.to · PolicyLayer
11h ago
Secure Your Stripe MCP Server: Rate Limits and Spending Controls
Your AI support agent just issued 200 refunds in three minutes. It misread a batch of customer...
Dev.to · PolicyLayer
11h ago
Preventing Your AI Agent From Messaging #general
It starts innocently. You give your agent access to Slack so it can post a daily standup summary....
Dev.to · PolicyLayer
11h ago
One FLUSHALL Away From Losing Everything
Your AI agent just ran FLUSHALL. Your session cache, your rate limiter state, your feature flags,...
Dev.to · PolicyLayer
11h ago
Your AI Agent Can Run DROP TABLE on Production
Your AI agent just ran DELETE FROM users without a WHERE clause. It was trying to remove a single...
Dev.to · PolicyLayer
11h ago
Your AI Agent Can Send Emails as You
Your AI assistant just emailed your entire contact list. It was supposed to reply to one customer —...
Dev.to · PolicyLayer
11h ago
Your AI Agent Has Push Access to Every Repo
Your coding agent just merged a pull request to main, deleted three files it thought were unused, and...
Dev.to · PolicyLayer
11h ago
Your Coding Agent Can Delete Any File on Disk
Picture this. You ask your coding agent to "tidy up the config files." It interprets that broadly. It...
Dev.to · PolicyLayer
11h ago
Your AI Agent Can Delete Every Container on Your Machine
Your AI coding assistant just wiped your local Docker environment. You asked it to "clean up that...
DeepCamp AI