- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Agent #14: The Security-Hardened Agent (Correct Is Not the Same as Allowed)
Agent #14 of 30 in The 30 Agents Series, a build-along companion to "30 Agents Every AI Engineer Must Build" by Imran Ahmad. Watch the whole stack come together, one agent at a time.
Agent #13 proves code is correct. But in an enterprise, code can pass every test and still get the company fined. Functional correctness is orthogonal to regulatory compliance. Picture a payment function: the transaction succeeds, the database updates, the unit tests are green, and in the background the script quietly writes the full unencrypted credit-card number into a log file. That violates PCI DSS, and standard testing pipelines will never catch it, because tests verify behavior, not normative rules.
Agent #14, The Security-Hardened Agent, is the immune system for autonomous software. As AI writes and deploys code at machine speed, a quarterly human audit is far too late. So this agent moves compliance from an auditor who arrives months after deployment to a bouncer at the door, checking every pull request before merge.
What you'll learn
- Why functional correctness and compliance are two different problems
- The violation tests cannot see: a working function that leaks sensitive data into a log
- Why manual audits break once code ships at machine speed
- The six-stage governance loop: trigger, scan, evaluate, remediate, human override, and an immutable audit trail
- Dataflow scanning: trace a sensitive variable from input to where it lands, and flag the leak
- The dual engine: deterministic Rego policy for certainty on black-and-white rules, plus an LLM for nuance on the gray areas and malicious workarounds, a defense-in-depth design
- Remediation: refuse the merge, synthesize the exact patch, and escalate ambiguous cases to a human
- Policy-as-code in CI: the flawed code physically cannot enter the production branch until it satisfies the gate
- The limit: it enforces only the policies you encode, it has no inherent common sense
- How the audit trail becomes the dataset that feeds the next agent
Chapters
00:00 Intro
00:15 Where #14 sits in the Software Development tier
00:33 Recap #13: proven correct, not proven compliant
00:47 Correctness is orthogonal to compliance
01:00 The PCI example: a perfect function that leaks the card
01:19 Why tests never catch it
01:33 The auditor problem: months too late
01:48 At machine speed, you need a real-time guardrail
02:05 From auditor to bouncer
02:16 The six-stage governance loop
02:25 Stage 1: trigger (GitHub Action)
02:32 Stage 2: scan and dataflow tracing
02:48 Stage 3: dual-engine evaluation (Rego plus LLM)
03:18 Defense in depth
03:30 Stage 4: remediation (refuse, patch)
03:47 Stage 5: human-in-the-loop override
03:58 Stage 6: the immutable audit trail
04:05 Policy-as-code in the CI gate
04:41 Use cases: HIPAA, GDPR, regulated industries
04:55 The limit: it only enforces encoded rules
05:08 The audit trail feeds the next agent
05:32 Close: the bridge to autonomous deployment
WATCH NEXT
▶ Next: Agent #15: The Self-Improving Agent (Reversing the Arrow of Software Rot)
https://www.youtube.com/watch?v=ZS8m9NzNikQ&list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
◀ Previously: Agent #13: The Code-Generation Agent (Test-Driven Generation, Red to Green)
https://www.youtube.com/watch?v=0oh-CQQRO20&list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
📺 Full playlist (31 videos): https://www.youtube.com/playlist?list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
📘 The book: *30 Agents Every AI Engineer Must Build* (Imran Ahmad, Packt), https://www.amazon.com/dp/1806109018
💻 Code: https://github.com/PacktPublishing/30-Agents-Every-AI-Engineer-Must-Build (chapter09)
🌐 neurals.ca: https://neurals.ca
𝕏 Follow: https://x.com/neurals_ca
From the author of *50 Algorithms Every Programmer Should Know*.
SecureCode #AIAgents #AgenticAI #Compliance #PolicyAsCode #DevSecOps #LLM #AIEngineering #neuralsca
--- The series ---
Watch all 30 in order: https://www.youtube.com/playlist?list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
New to agents? Start with The Foundations Series: https://www.youtube.com/playlist?list=PLAqDvpRf9DYJy37DPM6K3ApYilNTNtbNp
Next up: Agent #15. Which of the 30 agents would you build first? Tell us in the comments, and subscribe to neurals_ca to follow the whole build.
Видео Agent #14: The Security-Hardened Agent (Correct Is Not the Same as Allowed) канала neurals_ca
Agent #13 proves code is correct. But in an enterprise, code can pass every test and still get the company fined. Functional correctness is orthogonal to regulatory compliance. Picture a payment function: the transaction succeeds, the database updates, the unit tests are green, and in the background the script quietly writes the full unencrypted credit-card number into a log file. That violates PCI DSS, and standard testing pipelines will never catch it, because tests verify behavior, not normative rules.
Agent #14, The Security-Hardened Agent, is the immune system for autonomous software. As AI writes and deploys code at machine speed, a quarterly human audit is far too late. So this agent moves compliance from an auditor who arrives months after deployment to a bouncer at the door, checking every pull request before merge.
What you'll learn
- Why functional correctness and compliance are two different problems
- The violation tests cannot see: a working function that leaks sensitive data into a log
- Why manual audits break once code ships at machine speed
- The six-stage governance loop: trigger, scan, evaluate, remediate, human override, and an immutable audit trail
- Dataflow scanning: trace a sensitive variable from input to where it lands, and flag the leak
- The dual engine: deterministic Rego policy for certainty on black-and-white rules, plus an LLM for nuance on the gray areas and malicious workarounds, a defense-in-depth design
- Remediation: refuse the merge, synthesize the exact patch, and escalate ambiguous cases to a human
- Policy-as-code in CI: the flawed code physically cannot enter the production branch until it satisfies the gate
- The limit: it enforces only the policies you encode, it has no inherent common sense
- How the audit trail becomes the dataset that feeds the next agent
Chapters
00:00 Intro
00:15 Where #14 sits in the Software Development tier
00:33 Recap #13: proven correct, not proven compliant
00:47 Correctness is orthogonal to compliance
01:00 The PCI example: a perfect function that leaks the card
01:19 Why tests never catch it
01:33 The auditor problem: months too late
01:48 At machine speed, you need a real-time guardrail
02:05 From auditor to bouncer
02:16 The six-stage governance loop
02:25 Stage 1: trigger (GitHub Action)
02:32 Stage 2: scan and dataflow tracing
02:48 Stage 3: dual-engine evaluation (Rego plus LLM)
03:18 Defense in depth
03:30 Stage 4: remediation (refuse, patch)
03:47 Stage 5: human-in-the-loop override
03:58 Stage 6: the immutable audit trail
04:05 Policy-as-code in the CI gate
04:41 Use cases: HIPAA, GDPR, regulated industries
04:55 The limit: it only enforces encoded rules
05:08 The audit trail feeds the next agent
05:32 Close: the bridge to autonomous deployment
WATCH NEXT
▶ Next: Agent #15: The Self-Improving Agent (Reversing the Arrow of Software Rot)
https://www.youtube.com/watch?v=ZS8m9NzNikQ&list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
◀ Previously: Agent #13: The Code-Generation Agent (Test-Driven Generation, Red to Green)
https://www.youtube.com/watch?v=0oh-CQQRO20&list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
📺 Full playlist (31 videos): https://www.youtube.com/playlist?list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
📘 The book: *30 Agents Every AI Engineer Must Build* (Imran Ahmad, Packt), https://www.amazon.com/dp/1806109018
💻 Code: https://github.com/PacktPublishing/30-Agents-Every-AI-Engineer-Must-Build (chapter09)
🌐 neurals.ca: https://neurals.ca
𝕏 Follow: https://x.com/neurals_ca
From the author of *50 Algorithms Every Programmer Should Know*.
SecureCode #AIAgents #AgenticAI #Compliance #PolicyAsCode #DevSecOps #LLM #AIEngineering #neuralsca
--- The series ---
Watch all 30 in order: https://www.youtube.com/playlist?list=PLAqDvpRf9DYK-jpD0D4SeaoB9FDImV0Dg
New to agents? Start with The Foundations Series: https://www.youtube.com/playlist?list=PLAqDvpRf9DYJy37DPM6K3ApYilNTNtbNp
Next up: Agent #15. Which of the 30 agents would you build first? Tell us in the comments, and subscribe to neurals_ca to follow the whole build.
Видео Agent #14: The Security-Hardened Agent (Correct Is Not the Same as Allowed) канала neurals_ca
Комментарии отсутствуют
Информация о видео
7 июня 2026 г. 19:53:26
00:05:59
Другие видео канала
Gradient Boosting (XGBoost): How Kaggle Competitions Are Won (50 Algorithms #32)
What Is an AI Agent? (And What Isn't)
Agent #29: The Collective Intelligence Agent (Why Majority Voting Makes AI Dumber)
Convolutional Neural Nets: How Machines Learned to See (50 Algorithms #37)
Agent #04: The Knowledge Retrieval Agent (How RAG Stops AI From Hallucinating)
MCP Explained: The USB-C for AI Tools
Agentic RAG: Query Planning, Iterative Retrieval, and Knowledge Graphs
How to Test AI Agents: Simulating Real-World Scenarios
Insertion Sort: How Your Hand Sorts a Deck of Cards (50 Algorithms #2)
Transformers & Attention: The Architecture Behind Every Modern LLM (50 Algorithms #42)
Stop Hallucinations: Build a Memory-Augmented Agent with Advanced RAG
Agent #01: The Autonomous Decision-Making Agent (Anatomy of Autonomy)
k-Means Clustering: Group Data Around Moving Centroids (50 Algorithms #18)
Bubble Sort: Why It's the Worst Way to Sort (and the Best Way to Learn) (50 Algorithms #1)
The Cost-Aware Agent: Stop Burning Money on Tokens
Agent #05: The Document Intelligence Agent (Turning Scanned Chaos into Structured Data)
Matrix Factorization (SVD): The Math That Won the Netflix Prize (50 Algorithms #44)
30 Agents Every AI Engineer Must Build: The Complete Map (Start Here)
Merge Sort: Divide, Sort, and Merge in n log n (50 Algorithms #4)
Build a Memory-Augmented Agent in Under 10 Minutes (LangChain)
