Snake-oil vendors are already pivoting to the next moral panic: “Your software is secure, but what if the evil AI agents steal your stuff? Install pink-rubber-band-AI-endpoint-SOC-SIEM today!” Just moving the goalpost to whatever is scary this quarter.

Sounds true, what else do you have?

What we are building

The system we are building at Mendral lives inside the CI. It connects threat information, production event logs, source code, historical CI logs, and any custom signals you want to add, alongside secure sandbox environments and a set of dedicated tools (see Andrea’s post on agent harness for how that is wired). The agent operates on triggers, at different stages of the lifecycle.

Concretely, here is what happens when a Dependabot-style PR lands. The agent…

Oh ffs it’s an ad for some agentic bullshit.