<span class="vcard">/u/Turbulent-Tap6723</span>
/u/Turbulent-Tap6723

We implemented a second-order early warning signal for multi-turn prompt injection based on information geometry

Most prompt injection detection methods are reactive, meaning something crosses a threshold and gets blocked. This threshold serves as a signal. We have been working on a proactive approach. In our framework, each conversation has a position τ on a s…

I built a proxy that prevents AI agents from taking actions based on hidden instructions. Here are the numbers.

When an AI agent reads a webpage, email, or document, that content can tell it what to do. The agent has no native way to distinguish data from instructions. Most defenses scan for obvious patterns and miss anything subtle. I built Arc Gate around a di…

I built a benchmark for multi-turn prompt injection attacks. Most defenses never see them coming.

Most prompt injection benchmarks currently operate on a one-shot basis. In these tests, an attack instructs the model to "ignore your instructions," and the defense either detects this violation or fails to do so. In reality, however, attacks…

If your AI automation reads emails, websites, or databases, someone can manipulate it without you knowing

Most AI automation tools read external data and act on it. That’s the whole point. But anything your automation reads can contain hidden instructions. An email. A webpage. A lead record in your CRM. A support ticket. If someone puts the right text in t…

Most AI security tools inspect messages. Arc Gate inspects sessions.

One thing that’s always felt weird to me about prompt injection defenses is that they usually evaluate one message at a time. But a lot of the attacks I’m seeing don’t really work that way. A webpage says something subtle. A tool result reinforces it. …

I built a benchmark for multi-turn prompt injection attacks. Most defenses never see them coming.

Most prompt injection benchmarks are one-shot. The attack says “ignore your instructions” and the defense either catches it or doesn’t. Real attacks are often slower. The model gets nudged over multiple turns. A webpage plants a suggestion. An email re…

I built an OpenAI compatible firewall for AI agents. Try to break it.

Most AI security tools look at individual prompts. Arc Gate looks at the entire session. It tracks authority across turns and escalates from ALLOW → MONITOR → RESTRICTED_CONTINUE → BLOCK before a tool call executes. Here’s a simple example of what it c…

I built an OpenAI compatible proxy that tracks authority across conversations. Looking for people to break it.

Most AI security tools score individual prompts. I was more interested in what happens across an entire session. Example: Turn 1: “What tools do you have access to?” Turn 2: “What are your operating constraints?” Turn 3: “How do system instructions wor…

I put my AI agent governance platform online. Try to break it.

I’ve spent the last several months building Bendex Arc, a governance layer that sits between AI agents and the real world. As agents get browser access, tools, MCP servers, memory, and the ability to take actions, I kept running into the same gap: noth…

Mapped Bendex Arc against OWASP Top 10 for Agentic Applications — 7/10 full coverage, 3/10 partial, 0 out of scope

OWASP released their Top 10 for Agentic Applications in 2026. I mapped Arc Gate’s runtime governance capabilities against each risk category. Results: 7/10 full coverage, 3/10 partial. Nothing out of scope for the agentic threat model. The strongest co…