Skip to main content
FAQ

Frequently asked
questions

Short answers about the VibeSec Advisory field guide, agentic AI security, Skills, workflow guardrails, and practical testing.

Short answer

What is a governed AI workflow?

A governed AI workflow is a repeated business process where the owner, inputs, data boundaries, approval gates, tool actions, failure modes, and measurement loop are visible before AI gets more authority.

Browse the Skill Library

About VibeSec Advisory

VibeSec Advisory publishes practical research, reusable Skills, workflow patterns, agent reviews, MCP notes, CLI tool coverage, prompt injection tests, AI red-team lessons, market news, and security-focused AI workflows. The site is a free field guide for builders working with agentic AI.

The site is for security engineers, developers, AI builders, technical operators, red teamers, and leaders who need plain-language security context before approving AI workflows. The common thread is practical work with agents, tools, files, browsers, terminals, MCP servers, APIs, and generated code.

No. The public direction is free, content-driven, and research-driven. There is no public pricing page, service funnel, SOW path, paid assessment offer, workshop offer, retainer offer, or checkout path.

Agentic AI is moving faster than most teams can govern it. The new direction keeps the work focused on security education, repeatable tests, reusable workflows, and field notes that help builders understand what can go wrong before agents get more access.

Field Guide Content

Start with the research index if you want field notes, the Skill Library if you want reusable workflow instructions, or the workflow examples if you want concrete patterns for approvals, data boundaries, and review gates.

A Skill Library is a reusable set of AI workflow instructions, review checks, safe inputs, blocked inputs, output formats, and eval scenarios for one repeated workflow. It is more useful than a prompt dump because it captures the operating context around the prompt.

Workflow examples are sanitized patterns that show how an AI-assisted workflow should handle source rules, sensitive data, approval gates, exception logs, and output review before the result is trusted.

FORGE remains useful as an educational methodology for thinking about Baseline, Skills, Agents, Guardrails, Schedule, and Capture. It is no longer the public commercial front door for VibeSec Advisory.

Agentic AI Security

Agentic AI security is the practice of reviewing what an AI system can read, write, call, remember, retrieve, and change. It covers prompt injection, tool poisoning, MCP risk, permission sprawl, unsafe generated code, and missing human approval gates.

Prompt injection matters because agents often read untrusted text from web pages, emails, tickets, repositories, documents, and tool responses. A hostile instruction in that context can push the agent toward unsafe actions unless the workflow limits blast radius.

MCP servers give agents new tools and data paths. Treat them like dependencies with permissions. Review what each server can access, whether the server is local or remote, what credentials it uses, and how a malicious tool description could influence agent behavior.

No. Guardrails reduce blast radius, but they do not make prompt injection or tool misuse disappear. A safer workflow combines scoped permissions, approved sources, blocked inputs, human review, logging, and repeatable tests.

Using The Resources

Yes. The public Skills are generic starting points. Read them, adapt them to your local tool boundaries, and test them before using them in real work.

No. They help you see common failure modes and test your own workflows. They do not certify compliance, replace legal review, or guarantee that a system is secure.

Subscribe to AI Workflows Weekly, read the research notes, and review the Skill Library changelog when new workflow libraries or security notes ship.

Still have questions?

Start with free research, reusable Skills, and workflow examples. Each resource is built to help you test and improve agentic AI systems.