AgentKeeperby RAD Security

Research

Technical notes for evaluating AI agent security.

Public research for security and platform teams comparing runtime controls for AI coding agents, productivity agents, and MCP tool use. Each brief includes a technical model, concrete evaluation criteria, and the signals a buyer should expect to inspect in a real deployment.

Field guide18 minMay 6, 2026
Securing Claude Cowork: An Enterprise Runtime PrimerClaude Cowork is not just chat in a desktop shell. It is a local agent runtime with file access, plugins, connectors, MCP reach, browser paths, and delegated work that can outlive a single prompt.Cowork can remain useful while high-impact actions become visible, explainable, and enforceable.Cowork action latticeClaude Coworkruntime securitypluginsMCPRead research brief
Comparative analysis16 minMay 6, 2026
Claude Code vs. Claude Cowork: Security Model, Evidence, and Control PlaneClaude Code and Claude Cowork share agentic DNA, but they do not create the same security evidence. One lives close to the terminal and repository. The other expands into desktop work, plugins, connectors, files, and asynchronous collaboration.Normalize for policy. Preserve provenance for investigation and buyer trust.Evidence overlayClaude CodeClaude Coworksecurity modelevidenceRead research brief
Architecture17 minMay 6, 2026
MCP Server Security 101: Inventory, Tool Calls, and Pre-Execution ControlMCP turns an AI agent from a text generator into an operator for files, SaaS apps, databases, internal APIs, browsers, and memory stores. An allowlist alone is not a security model.MCP governance is strongest when it evaluates the structured call before the server performs a side effect.MCP control pathMCPtool securityinventorygatewayRead research brief
Incident analysis15 minMay 6, 2026
When a Coding Agent Deletes a Database: Control Design After the Replit IncidentA public database-deletion incident showed the real failure mode for coding agents: not that agents are useless, but that powerful tools need pre-execution controls, production boundaries, and evidence when instructions fail.The right control blocks or escalates the proposed operation before the irreversible side effect.Destructive-action chainClaude Codedatabase safetyruntime controlsincident responseRead research brief
Threat model9 minMay 1, 2026
AI Agent Runtime Threat ModelThe security boundary moved from chat to action. Useful controls evaluate the exact file, command, MCP call, destination, identity, and policy before the agent completes the operation.A runtime event should explain what happened and why it was allowed.Decision latticeruntime securityworkstationspolicyRead research brief
Architecture8 minMay 1, 2026
Why MCP Tool Calls Need Pre-Execution PolicyMCP turns agents into operators for files, SaaS apps, internal APIs, memory stores, and local services. Inventory is helpful, but the security event is the call.The policy decision happens before the external capability is exercised.Pre-execution gatewayMCPtool callsgovernanceRead research brief
Security operations7 minMay 1, 2026
Why EDR Misses Agent IntentEndpoint security sees process behavior. Agent security needs the missing layer: prompt, model, tool, repository, user, policy, and verdict in one chain.The two layers answer different questions and become stronger together.Intent overlay timelineEDRinvestigationsauditRead research brief
Detection8 minMay 1, 2026
From Prompt Injection to Tool ExecutionPrompt injection becomes operational risk when hidden instructions influence a tool action. The defensive surface has to connect content detection to execution.Detection quality improves when the next action determines severity.Injection kill chainprompt injectiondetectionstool useRead research brief
Field guide9 minMay 1, 2026
Enterprise Rollout Checklist for Coding AgentsA safe rollout does not start with blocking everything. It starts with inventory, audit mode, policy fit, identity, and a path from one workstation to managed coverage.The rollout should get safer as adoption grows, not slower.Coverage control boardenterprise rolloutcoding agentsenablementRead research brief
Control design8 minMay 1, 2026
Policy Packs as the Agent Governance UnitPolicy packs turn agent controls into reusable operating rules: who they apply to, which surfaces they govern, what they observe, and what they block.Policy feels enterprise-ready when admins can predict the result before rollout.Resolver graphpolicy packsidentitygovernanceRead research brief
Identity8 minMay 1, 2026
Directory Sync for Agent Policy DecisionsEntra ID, Google Workspace, and Okta are not just login plumbing. For agent governance, directory data decides who gets which controls and who loses access when identity changes.Policy should update when identity changes, not when someone remembers to edit a rule.Identity delta loopEntra IDGoogle WorkspaceOktaRead research brief
Operations7 minMay 1, 2026
From Audit Mode to Enforcement Without Breaking DevelopersThe best first policy is often observe. Passed actions, warnings, and blocks show teams where enforcement will help and where it will create avoidable friction.Developers keep moving while risky behavior becomes easier to govern.Enforcement impact rampaudit moderolloutdeveloper experienceRead research brief
Incident response8 minMay 1, 2026
Agent Evidence for Incident ResponseWhen an agent touches sensitive systems, incident responders need more than an alert. They need the prompt, action, policy, output summary, identity, host, and timeline in one place.Evidence should be complete enough for response and restrained enough for privacy.Evidence envelopeevidencedeep captureinvestigationsRead research brief