Most discussions around AI security focus on technical vulnerabilities.
But many agent failures are different.
The system isn’t exploited.
It’s persuaded.
A prompt injection attack doesn’t always break software.
It changes behavior.
The agent sees an instruction.
The instruction appears valid.
The system follows it.
Humans naturally evaluate intent.
We ask:
Why was this requested?
Does this make sense?
Is this aligned with the goal?
AI agents often optimize for instruction execution.
That’s why intent becomes a security boundary.
As AI systems gain access to tools, APIs, and workflows, understanding intent becomes as important as understanding permissions.
This is one of the reasons we’re building Crucible.
Pytest for AI agents.

Top comments (0)