| ▲ | ryanrasti 6 hours ago | |
Building ExoAgent: a security layer for AI agents that enforces data flow policy, not just access control. The problem: agents like OpenClaw can read your email and post to Slack. Nothing stops Email A's content from leaking to the wrong recipient, or PII from ending up in a Slack message. Current "security" is prompts saying "please don't leak data." The fix: fine-grained data access (object-capabilities) + deterministic policy (information flow control). If an agent reads sensitive data, it structurally can't send it to an unauthorized sink. Policy as code, not suggestions. Got a working IFC proof-of-concept last week. Now building a secure personal agent to dogfood it. What integrations would you want if privacy/security wasn't a blocker? What's the agent use case you wish you could trust? | ||