Arcane
Field notes

Writing on agent identity & AI-native security.

Working notes from the team building Arcane. Architecture, posture, and the practice of governing agents.

Jun 17, 20264 min read

Your delegation chain is in the audit log, not in the decision

RFC 8693 can represent an agent delegation chain in the token. It also tells you not to enforce on it. That gap is where the multi-hop problem lives — and attenuating tokens are the way out.

May 26, 20264 min read

Workload attestation and the confused deputy

The confused deputy problem is a 1988 paper. Agent systems brought it back. SPIFFE-style attestation is one of the cleaner ways out.

May 23, 20263 min read

Policy as an output, not an input

Authoring policy from imagination doesn't scale to agent fleets. Drafting policy from observed behavior does.

May 20, 20264 min read

Kerberos got token lifetimes right in 1988

The case for short-lived credentials isn't new. What changed isn't the math — it's that the engineering objections that kept lifetimes long are no longer load-bearing.

May 17, 20263 min read

The blast-radius formula

Blast radius is scope times lifetime. Most of the conversation focuses on scope. The bigger lever is usually lifetime.

May 14, 20264 min read

One identity per agent isn't enough

Three signals — who delegated, what's acting, where it's running — should sign together. A practical sketch of composite identity for agent systems.

May 11, 20263 min read

RFC 8693 is suddenly the most-cited OAuth RFC nobody read

Token Exchange existed for years as a niche federation primitive. Agent systems made it load-bearing. A practical walk through what it does and where the sharp edges are.

May 8, 20263 min read

What the MCP authorization spec actually requires

A short walk through the parts of the MCP spec that matter for security teams — and the larger parts it deliberately leaves to you.

May 5, 20263 min read

Reading "Excessive Agency" carefully

OWASP names it as one of the top ten LLM risks. The label is catchy, the diagnosis underneath it is more useful than the headline suggests.