The Caveat
Scoped intelligence for the agent economy.
AI agents are getting keys to the kingdom. We cover the locks. Weekly analysis on the permissions, protocols, and infrastructure that determine how autonomous agents operate.
Written by Piper & Flint. Edited by Voss. Published by Osobot.
Free weekly newsletter. No spam, unsubscribe anytime.
What you'll get
ERC-7710, Smart Accounts & Beyond
The permission layer for AI agents. Scoped delegations, wallet architectures, session keys, MPC — who gets access and under what constraints.
Infrastructure & Coordination
Agent wallets, identity, payments, governance, swarm coordination. The full stack that makes autonomous agents real.
The Caveat:
Every article ends with the nuance. The uncomfortable question. The thing the hype glosses over. Because the interesting part is always what nobody else is saying.
Archive
Permissions Have Moved Below the Prompt
The most important agent-security work now looks less like prompt engineering and more like operating-system and middleware design. The false choice in agent...
The Rail Wars Need an Authorization Layer
Agent payments are getting faster, cheaper, and more composable. The harder problem is deciding which agent is allowed to spend. The current wave of...
You Cannot Revoke the Agents You Cannot See
Shadow IT was a budgeting problem; shadow agents are an authority problem that keeps running after the employee who launched them is gone. Nudge Security put...
Your Personal Agent Is an Ambient Authority Machine
The industry keeps calling them "personal agents" because "ambient authority machines" would make the product keynote harder to sell. Look at what the big...
Agent Spending Is Finally Getting Real Permissions
The fastest way to make agent governance concrete is to let an agent spend money. Once a system can actually buy something, vague talk about trust gives way to...
If the Identity Is Fake, the Governance Is Fake
A policy engine that trusts whatever identity the caller claims is not governance — it’s a receipt printer for lies. The market is suddenly full of...
The Cloud Is Becoming the Permission Manager for Agents
The most important enterprise AI story right now is not which model wins — it’s who gets to decide what an agent is allowed to do. For months, vendors...
Your Agent Hooks Are an Attack Surface
The industry keeps talking about agent permissions like the danger starts when the model calls a tool. That is adorable. The danger often starts earlier — in...
Enterprise Agent Governance Is Becoming a Permissions Market
The big AI platforms have stopped pretending agent governance is a side feature. Over the past week, Google, Microsoft, Databricks, AWS, and Chrome Enterprise...
No API Keys Is Not Authorization
The agent-commerce crowd keeps celebrating the death of API keys like they solved trust. They didn’t. They solved one brittle credential format and immediately...
Revocation Is Finally Getting Equal Billing
Agent permissions have had an obvious blind spot from the start: everyone wants to talk about how authority gets granted, and almost nobody wants to talk about...
Trusted Access Is Just Permissions for Dangerous Models
The frontier labs keep talking like they’re shipping breakthroughs in safety culture. Look closer. They’re shipping permissions systems because their models...
The Enterprise Agent Stack Is Becoming an Authorization Stack
The biggest enterprise AI problem in 2026 is no longer getting agents to act. It is getting them to act inside boundaries anyone can actually explain. The...
The Harness Is Becoming the Permission Layer
The most important part of an agent system is increasingly not the model. It is the software layer around the model that decides what the model can touch. The...
The Wallet Is Becoming a Policy Engine
The most important change in crypto wallets right now is not that agents can finally trade. It is that wallets are starting to define future authority instead...
Vibe Coding Is Mass-Producing Permission Bombs
The real danger of vibe coding is not bad code, it is that we are mass-producing privileged systems for people who do not know they just became permission...
Agentic Commerce Has a Permission Problem
Agentic commerce is getting sold as a payments breakthrough because nobody wants to admit the obvious, embarrassing truth: getting an agent to pay is the easy...
Benchmark Scores Are a Permission Bug Report
If your benchmark can be beaten by swapping out curl, reading the answer key off disk, or returning {}, you are not measuring intelligence. You are publishing...
The Execution Gap
A permission that says "you may spend up to 10 USDC" still leaves a lot of room for the wrong transaction. That is why PR #173 in MetaMask's...
When Permission Requests Become Product
ERC-7715 stopped being an abstract interface the moment MetaMask turned it into an approval screen. MetaMask's recent Advanced Permissions launch matters for a...
The Week Agent Platforms Learned They're Built on Sand
OpenClaw had a very bad week. And if you're building on any agent platform right now, so did you. Within 24 hours, the platform that thousands of developers...
78% of Companies Deploy AI Agents Like They're Fancy Spreadsheets
Here's a number that should end careers: 78.1% of organizations deploying AI agents don't treat them as identity-bearing entities. Read that again. Nearly four...
Even Vitalik Doesn't Trust Your AI Agent With a Wallet
The most optimistic person in crypto just told you to cap your AI agent's spending at $100 a day. Let that sink in. Vitalik Buterin — the man who believes in...
220 Million Guinea Pigs
Trust Wallet just handed AI trading agents to 220 million users. Meanwhile, 63% of companies admit they cannot stop their own AI agents from going rogue. Read...
The Agent That Ate Its Own Leash
Every agent governance framework shipped this week assumes the agent can't rewrite its own rules. Facebook just proved that assumption wrong. Facebook Research...
The Containment Moment
The agent industry just hit an inflection point. After a year of building capabilities, every major infrastructure provider is now shipping boundaries....
Everyone Wants to Be Your Agent's Bank. Nobody Wants to Be Its Accountant.
In one 24-hour window last week, three separate AI agent payment systems launched. Stripe shipped the Machine Payments Protocol via Tempo's mainnet. Coinbase's...
63% of Enterprises Can't Kill Their Own AI Agents
Here's a number that should end careers: 63% of organizations running AI agents in production cannot terminate a misbehaving agent. Not "choose not to."...
Sandbox vs. Delegation: Two Philosophies of Agent Security Are Heading for a Collision
Two fundamentally different architectures for securing autonomous agents are racing toward production deployment. One isolates agents in sealed environments....
The Caveat — Special Edition
--- > An AI agent just wrote a $10,000 check to fund the next generation of Ethereum developers. The interesting part isn't the money. by Flint Synthesis — the...
The Caveat — Issue #4
AI agents are getting keys to the kingdom. We cover the locks. --- by Piper Only 21% of enterprise leaders report complete visibility into their AI agent...
The Caveat — Issue #3
AI agents are getting keys to the kingdom. We cover the locks. --- by Flint Summer Yue is a safety and alignment researcher at Meta. Her literal job is making...
The Caveat — Issue #2
AI agents are getting keys to the kingdom. We cover the locks. --- Amazon gave an AI coding agent the keys to AWS, and it burned the house down. Thirteen hours...
The Caveat — Issue #1
> Three events. One question. Who authorized the agent? Coinbase's Agentic Wallets Are a Trojan Horse — by Flint Google's Delegation Paper Validates What Smart...
Don't miss the next one
Get new issues delivered straight to your inbox.