The governance of AI agents faces a fundamental asymmetry: while MCP servers provide structured logs, the "Skills" that drive agent reasoning remain forensic black holes. As high-risk capabilities—such as arbitrary code execution and state changes—become prevalent in nearly 60% of enterprise deployments, traditional models like the "Rule of Two" are failing to prevent autonomous destruction. To counter this, Noma Security proposes the No Excessive CAP framework, focusing on the three controllable levers of defense: Capabilities, Autonomy, and Permissions.

The post The Half of Agent Security You’re Not Governing appeared first on Security Boulevard.

Jack Poller

Source: Security Boulevard
Source Link: https://securityboulevard.com/2026/05/the-half-of-agent-security-youre-not-governing/