Intercis Blog
Incident analysis, architecture breakdowns, and governance frameworks — written by a security engineer, for security engineers.
Should you build your own governance layer or buy a platform? A decision framework based on complexity, timeline, and compliance requirements.
SOC2 Type II requires continuous monitoring of system activity. Here's how to build audit trails for AI agents that satisfy auditors.
The deployment of AI agents is outpacing the deployment of controls. Most teams know agents are running but not what they're doing.
OWASP T8 warns agents can operate without sufficient logging. If your audit trail starts at the SIEM, you're missing critical evidence.
SIEMs detect after. SOAR automates known playbooks. Guardrails filter text. None intercept agent tool calls before they execute.
CrowdStrike, Microsoft, and Palo Alto are building AI-powered SOCs. But the agents inside have the same governance gaps.
OWASP T2 is the highest-risk threat for teams with AI agents that have API and infrastructure access.
The full T1–T17 taxonomy. Not a Top 10 — 17 distinct threat categories for AI agents with tool access.
A Claude agent with filesystem access began deleting production files. The SOC team caught it — but only after the damage was done. No existing tool intercepted it before it executed. This is the incident that led to Intercis.
AI agents with filesystem access, cloud credentials, and CI/CD pipelines can take real actions with real consequences. AI agent governance is the policy enforcement, monitoring, and audit layer that controls what they're allowed to do — and stops them before they execute.
Compare in-process SDK enforcement and out-of-process proxy enforcement for AI agents. Learn the trade-offs in tamper resistance, deployment complexity, and multi-agent support.
More posts coming soon
OWASP Agentic AI Top 10 · AI agent audit trails for SOC2 compliance