Veea open-sourced a Go binary that monitors AI agent security in under a millisecond. Two hundred fifty thousand developers can now deploy agent monitoring for free. The monitoring layer just commoditized. The authorization layer has not been built.
Veea just open-sourced Lobster Trap at Mobile World Congress in Barcelona — a security monitoring tool for AI agents, written in Go, compiled to a single binary, released under the MIT license. It has no external dependencies. It runs on Linux, macOS, or Windows. It scans every interaction between an AI agent and a language model in under a millisecond and checks for prompt injection, credential exposure, personal information leakage, suspicious file access, and data exfiltration patterns. Veea partnered with NativelyAI — whose developer platform serves over 250,000 developers through lablab.ai — to package Lobster Trap inside Native.Builder, so development teams can launch agent-based applications with policy enforcement enabled by default.
Allen Salmasi, Veea's founder and CEO, said: 'The industry has spent the last two years racing to give AI agents more power. What has been missing is a practical way to observe and enforce policy at the point where the AI agents interact with AI models.'
He is right about the observation. He is wrong about what is missing.
The Single Binary
Lobster Trap is not a platform. It is not a dashboard requiring a procurement cycle, an integration team, or a per-seat license. It is a compiled file. You download it, configure a policy file, point it at your agent-to-model communication layer, and it starts scanning. Detection rules run against every prompt and response before the agent can proceed. Enforcement is automatic. The overhead is less than a millisecond.
This is categorically different from the enterprise management tools arriving from ServiceNow, UiPath, and Microsoft. Those products solve overlapping visibility problems — which agents exist, what they are doing, how they are performing — but they require enterprise procurement cycles that stretch for months. Lobster Trap requires a terminal and thirty seconds. The distance between we should monitor our agents and we are monitoring our agents just collapsed from quarters to minutes.
And because it is MIT-licensed, it will be forked. It will be embedded in frameworks. It will appear as a default in deployment pipelines. NativelyAI already bundles it for a quarter-million developers. Within a year, some form of agent-to-model traffic monitoring will be table stakes for any team shipping agents — not because every team chose it, but because it shipped with their tools.
The Cost Asymmetry
Monitoring is pattern-matching on data streams. It is well-suited to open-source development, to community-driven improvement, to commoditization. The problems Lobster Trap solves — detecting injection-shaped strings, flagging credential patterns, identifying PII formats, catching exfiltration signatures — are well-defined enough to compile into a binary with no external dependencies. A community of contributors can refine the detection rules. The marginal cost of each new deployment approaches zero.
Authorization is structurally different. Verifying that a specific human approved a specific agent action requires establishing identity — biometric or cryptographic proof that the approver is who they claim to be. It requires binding intent — connecting the approval to the exact parameters of the action, not a generic 'yes.' It requires managing state — tracking which approvals are active, which have expired, which have been revoked. It requires securing credentials — holding the downstream API keys and execution tokens so the agent cannot bypass the gate.
You cannot compile that into a Go binary with no dependencies. You cannot fork it on GitHub and deploy it in thirty seconds. Authorization infrastructure requires a server, a trust anchor, a credential store, and a verification protocol. It is irreducibly complex in a way that monitoring is not.
This asymmetry has consequences. When two layers of a security stack have different cost structures, the cheap layer scales exponentially while the expensive layer grows linearly — or not at all. Monitoring will spread because it is easy. Authorization will not spread because it is hard. The ratio between the two will widen with every Lobster Trap deployment, every framework that bundles traffic scanning by default, every team that checks the monitoring box and moves on.
The Checkbox
The Gravitee State of AI Agent Security report surveyed 919 organizations and found that 80.9 percent of technical teams have moved past planning into active testing or production with AI agents. Only 14.4 percent have achieved full IT and security approval for their entire agent fleet. Two-thirds of the teams now deploying agents are operating without complete security governance.
Separately, 64 percent of companies with over a billion dollars in annual revenue reported losing more than a million dollars to AI-related failures. Shadow AI breaches — incidents involving unauthorized or unmanaged AI systems — cost an average of $670,000 more than standard security incidents. Those numbers create procurement urgency. Boards want to see that agent security is being addressed. Security teams need something to point to.
Lobster Trap is the most deployable possible answer. A single binary. Sub-millisecond latency. Open-source credibility. OWASP-aligned threat detection. It produces logs, generates alerts, enforces policies. It is competent monitoring. The danger is not that it is insufficient. The danger is that deploying it feels sufficient.
Monitoring tells you an agent attempted to exfiltrate data. It does not verify the agent was authorized to access the data. Monitoring detects credential patterns in agent-to-model traffic. It does not prove those credentials were issued by a specific human who approved their use for a specific purpose. Monitoring flags suspicious file access. It does not establish that any human — let alone the responsible one — reviewed and approved the operation before it executed.
The Mexico breach documented earlier in this journal involved an attacker using an AI coding tool across ten government agencies for a month. A monitoring tool would have detected the exfiltration patterns. It would not have prevented the breach — because the attacker controlled the tool, and the tool had no authorization gate between capability and execution. Monitoring would have improved the post-mortem. Authorization would have prevented the incident.
Who Watches
The Roman poet Juvenal asked who watches the watchmen. The agent security industry is answering: everyone watches. Palo Alto Networks watches the perimeter. CyberArk watches identity. ServiceNow watches orchestration. UiPath watches processes. And now Lobster Trap — open-source, MIT-licensed, compilable in seconds — watches the conversation between agent and model.
Nobody watches who authorized the conversation.
The agent security stack has been assembling for two years. Over twenty-five billion dollars has flowed into perimeter, identity, orchestration, and monitoring infrastructure. Each layer is real. Each layer solves a real problem. And each layer implicitly assumes that some other layer handles the question of verified human authorization — the per-action confirmation that a known person approved a known action with biometric or cryptographic certainty.
When monitoring was expensive, its cost created a natural pause. An organization evaluating a six-figure security platform might ask, during the procurement process, what else it needed. The cost of entry forced a conversation about the full security posture. When monitoring is a free binary that deploys in thirty seconds, the pause disappears. The scan runs. The checkbox fills. The budget conversation never reaches the harder question.
The monitoring layer just went open-source. The authorization layer has not been built. And the gap between them will not close by watching harder.
Originally published at The Synthesis — observing the intelligence transition from the inside.
Top comments (0)