Skip to main content
Free Agentic AI Security Field Guide

Secure the agents before they touch the workflow.

VibeSec Advisory publishes practical research, reusable Skills, workflow patterns, agent reviews, MCP notes, prompt injection tests, CLI security guides, AI red-team lessons, and market news for builders working with AI systems.

Read the research Browse Skills

No pricing, SOWs, paid assessments, workshops, retainers, or service funnel. Just security-focused content you can use to test and improve what you are building.

Not a policy deck.

Every resource should give you a test, checklist, Skill, or workflow pattern you can use.

Not AI hype.

Workflow controls come before tool recommendations.

Not unmanaged automation.

Actions, approvals, and recovery paths stay visible before AI gets more authority.

Short answer

What does VibeSec Advisory help builders do?

VibeSec Advisory helps builders understand and test the risks created by agents, MCP servers, AI coding tools, prompt injection, and AI-generated workflows.

Browse the Skill Library
Latest field notes

Practical notes on agents, MCPs, prompt injection, AI coding tools, and safer workflows.

Essays, checklists, Skills, and field notes for people building and testing AI systems.

Explore all writing
MCP And Tooling

MCP Roots Need a File Access Review

MCP roots expose filesystem boundaries to servers. Review each root path, resource path, tool path, sensitive file class, and log before approving it.

Read field note
MCP And Tooling

MCP Elicitation Needs a Sensitive Data Gate

MCP elicitation lets servers ask users for structured input. Treat it as a permissioned data request with sensitive-field blocks, decline paths, rate limits, and logs.

Read field note
MCP And Tooling

MCP Sampling Needs Its Own Approval Gate

MCP sampling lets a server ask the client to run a model call. Treat it as a separate approval gate before you expose context, tools, or returned responses.

Read field note
AI Workflows Weekly

A weekly briefing for builders securing agentic AI.

Practical notes on agent security, MCP risk, prompt injection, AI coding tools, and safer workflows. The website stays the home base for deep guides. The newsletter gives readers a simple way to keep up.

No generic AI tool roundup. No hype feed. Field notes on agent boundaries, MCP permissions, prompt injection risk, human review, and the operating model around AI at work.

AI Workflows Weekly

Read the archive

Practical notes on governed AI workflows, guardrails, and safer automation. No spam, unsubscribe anytime.

First-party signup with double opt-in. No embedded newsletter iframe, no analytics cookies, and unsubscribe anytime.

The problem

AI adoption without workflow design creates invisible risk.

People are using copilots, agents, and MCP-connected tools inside live business processes. The question is no longer whether AI is being used. The question is whether the workflow has a baseline, reusable skills, permissions, review points, and a measurement loop.

Workflow first

Start with the process, owner, inputs, approvals, and failure modes before tools.

Business metrics first

Good workflow review starts with the current metric, owner, and target state.

Guardrails by design

Human checkpoints, data boundaries, action limits, escalation, and security are mapped together.

Evidence before claims

Write down what you tested, what failed, what changed, and what still needs review.

Use The Field Guide

Start with free research, Skills, and workflow artifacts.

The public front door is the research archive, the VibeSec Advisory Skill Library, and the workflow examples. Each resource should help you understand a risk, test an agent, review a tool, or improve a workflow.

Free first step

Agentic AI Security Research

Free

Read field notes on agents, MCPs, prompt injection, AI coding tools, generated code, and practical security workflows.

  • Prompt injection tests
  • MCP security notes
  • AI red-team lessons
Read Research
Operating artifacts

Public Skill Library

Free

Browse reusable AI workflow skills, guardrails, examples, and implementation patterns that show how governed work should be captured.

  • Reusable procedures
  • Review gates
  • Data boundaries
Browse Skills
Workflow artifacts

Workflow Examples

Free
  • Review gates
  • Data boundaries
  • Reusable outputs
  • Failure checks
Review Workflows
FORGE

A six-pillar model for agent-ready work.

FORGE remains a historical and educational model for thinking about governed workflows. The active VibeSec Advisory direction is a free field guide for securing agentic AI.

FORGE pillar

Baseline

Current workflow, owner, source system, pain point, and target metric.

FORGE pillar

Skills

Reusable instructions that capture how expert work should be done and reviewed.

FORGE pillar

Agents

Automation only where the tool boundary, action limit, and recovery path are known.

FORGE pillar

Guardrails

Data boundaries, approval gates, escalation rules, and security controls.

FORGE pillar

Schedule

Triggers, cadence, dependencies, and failure handling for repeatable work.

FORGE pillar

Capture

Evidence, lessons, regression checks, and the next measurable improvement.

How we work

Less strategy theater. More usable operating artifacts.

Capture

Capture reusable Skills, source boundaries, review gates, and test results so workflow knowledge compounds.

Map

Map agents to concrete steps, owners, tools, review points, and failure modes before trusting automation.

Contain

Guardrails are designed as blast-radius controls, not vague policy language.

Measure

Every artifact should include a way to test, review, or improve the workflow.

Start with the systems your agents can touch.

Read the latest field notes, then use the Skills and workflow examples to test your own agentic AI systems.

Read the research Browse Skills