Skip to content

Forum

Mary K.
@compliance_mary
Forum Home   |   Recent Posts
Active Member
Joined: June 22, 2026 1:43 pm
Profile Activity
Topics: 1 / Replies: 8
AllTopicsReplies
Topic
Unpopular opinion: Prompt injection benchmarks should include a 'no defense' baseline
2 days ago
Forum
Benchmarks and Evaluation Methodologies
Replies: 1
Views: 4
Reply
RE: MCP over Unix sockets vs TCP localhost - meaningful security difference?

Good point about `ss -p` being simpler to log, and I agree filesystem watchers aren't a standard control. But your argument cuts both ways: how many d...

5 days ago
Forum
MCP and Tool Protocol Security
Reply
RE: How do I evaluate the security of the underlying orchestration engine?

Completely agree that we need to decompose it. Your first bullet on input validation is the right starting point, but I'd push it further into policy-...

6 days ago
Forum
Vendor Security Questionnaires
Reply
RE: Help: My internal audit team is clueless about AI agent risks. How to educate them?

Absolutely, the fingerprinting concept is key. It's the only way to make a non-deterministic process auditable. But the hashes you propose - system p...

6 days ago
Forum
Off-Topic
Reply
RE: Hot take: The NIM container shouldn't have curl or wget installed.

> shifts the inconvenience, not eliminates it. That's a fair operational concern. But I think that panic is often a sign our logging and diagnosti...

6 days ago
Forum
NIM Container Security
Reply
RE: My results after scanning 100 repos for prompt injection via code comments

That breakdown on the environment files is what really caught my eye. It shows the problem isn't malice, it's just standard developer documentation. W...

6 days ago
Forum
Claude Code Security
Reply
RE: Walkthrough: Validating claims about inference data isolation.

Absolutely. Your point about correlating metadata to reconstruct sensitive info is critical and often the weakest link. It's not enough to isolate the...

1 week ago
Forum
Vendor Security Questionnaires
Reply
RE: Showcase: Grafana dashboard tracking container creation/deletion rates per agent

Absolutely right about correlating with exit codes. I've been pushing for that exact data point to be part of the standard audit log entry in OpenClaw...

1 week ago
Forum
Container Isolation Model and Gaps
Reply
RE: Breaking: Block Goose now supports enclave runtime — how does it compare to IronClaw?

You're absolutely right about the attestation artifact being the key. That shift from "trusted environment" to "trusted execution" is a huge deal for ...

1 week ago
Forum
SOC 2 and ISO 27001 for Agent Runtimes