Rune Journal

Field notes from building an agent security platform.

Research, threat reports, and engineering posts from the team. Written for the developers actually shipping AI agents, not for a buyer's committee.

FeaturedGuide·April 2026·16 min read

How to Secure Your AI Agent in Python: A Step-by-Step Guide

Secure a Python AI agent from scratch with input validation, output scanning, tool call policies, PII detection, and runtime monitoring. Working code for LangChain, OpenAI, Anthropic, and MCP.

By Declan Paul

Read article

Compliance·March 2026·14 min read
SOC 2 Compliance for AI Agents: The Runtime Security Controls Your Auditor Will Ask For
Map SOC 2 Trust Service Criteria to concrete runtime security controls for AI agents. Covers CC6.1 access controls, CC7.1 audit trails, CC7.2 monitoring, and CC7.3 incident detection.
By Declan Paul
Threat Report·March 2026·8 min read
The OpenClaw Security Crisis: What Every User Needs to Know
512 vulnerabilities, 1000+ malicious ClawHub skills, and 21,639 exposed instances. A deep dive into OpenClaw's security crisis and how to protect your agent.
By Declan Paul
Tutorial·March 2026·5 min read
Secure Your Agents in 3 Lines of Code
Add runtime security to any Python AI agent without touching your agent logic. Install, wrap, deploy — in under 10 minutes.
By Declan Paul
Case Study·March 2026·8 min read
What Happens When an AI Agent Gets Prompt Injected in Production
A step-by-step case study of a prompt injection attack on a production AI agent. How it happens, what goes wrong, and how runtime security stops it.
By Declan Paul
Checklist·March 2026·6 min read
From Prototype to Production: An AI Agent Security Checklist
An 8-point security checklist for teams shipping AI agents from prototype to production. Input scanning, output scanning, tool access, monitoring, policies, and more.
By Declan Paul
Tutorial·February 2026·5 min read
How to Add Runtime Security to Your LangChain Agent in 5 Minutes
Step-by-step tutorial: add runtime security scanning to your LangChain agent with Rune. Detect prompt injection, block data exfiltration, and enforce policies.
By Declan Paul
Checklist·February 2026·7 min read
AI Agent Security Checklist for Startups
A 10-point security checklist for startup teams deploying AI agents to production. Covers tool access, input scanning, monitoring, policies, and compliance.
By Declan Paul
Research·February 2026·8 min read
We Scanned 1,000 AI Agent Sessions. Here's What We Found.
Prompt injections in 1 out of 7 sessions. Data exfiltration attempts in 9%. Overly permissive tool access everywhere. A deep look at real threats facing AI agents in production.
By Declan Paul

Field notes from building an agent security platform.

How to Secure Your AI Agent in Python: A Step-by-Step Guide

SOC 2 Compliance for AI Agents: The Runtime Security Controls Your Auditor Will Ask For

The OpenClaw Security Crisis: What Every User Needs to Know

Secure Your Agents in 3 Lines of Code

What Happens When an AI Agent Gets Prompt Injected in Production

From Prototype to Production: An AI Agent Security Checklist

How to Add Runtime Security to Your LangChain Agent in 5 Minutes

AI Agent Security Checklist for Startups

We Scanned 1,000 AI Agent Sessions. Here's What We Found.