← Latest Update

Agent Ops: audits, secrets, RAG, ephemeral creds, ML-Intern

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next reports two enterprise AI gateways exposing mailbox searches and admin-key leakage; the article ships a five-check audit to block exfiltration and privilege escalation. Outcome engineers must treat gateways as critical trust boundaries—add automated audits, credential rotation, and monitoring into agent CI/CD to stop agents from becoming insider threats (Principles 14, 15, 16).

MosaicLeaks: Can your research agent keep a secret? reveals research agents leaking private facts via web queries and introduces PA-DR to reduce leakage while improving chain success. This shows retrieval and web-query paths are active attack surfaces for agents—build leakage tests, redact-sensitive signals, and adopt PA-DR-style defenses in your agent pipelines (Principles 14, 16).

Hugging Face releases ML-Intern, its open-source agent for the model-training loop open-sources an agent that automates the ML research-to-training loop across the Hugging Face ecosystem. Outcome engineers get a composable agent for experiment orchestration, reproducible artifacts, and iterative training automation—use it to standardize delivery lanes and artifact handoffs in your organization (Principles 03, 07).

AWS aims to take the pain out of RAG with Bedrock Managed Knowledge Base launches a managed RAG stack that syncs connectors and retrieval models to simplify knowledge for agents. That reduces infrastructure friction for building retrieval-driven agents, but outcome engineers must still validate connector correctness, provenance, and vector drift before trusting agents with decisions (Principles 06, 09).

Temporary Cloudflare Accounts for AI agents adds ephemeral accounts so AI agents can deploy Workers and APIs without interactive sign-up, enabling fast throwaway development loops. Ephemeral credentials change deployment and threat models—embed lifecycle controls, least-privilege issuance, and automated revocation into agent pipelines so temporary access doesn’t become persistent capability creep (Principles 07, 15).