Research

AI Agent Incident Patterns to Watch

The recurring incidents are not just bad answers; they are authorized credentials executing the wrong side effect. A sourced research brief for teams moving agents from demo to production.

Veto EditorialMay 27, 2026Updated May 27, 20268 min

Page audit

  • Cited source ledger with May 27, 2026 access dates.
  • Action-time policy, approval, and evidence model.
  • Primary conversion path points to a demo; developer pages also point to install.

The recurring incidents are not just bad answers; they are authorized credentials executing the wrong side effect.

What changed

The old guardrail conversation centered on prompts, filters, and model behavior. Production agents have a second problem: they can call tools that move money, expose data, update records, deploy code, and message customers.

Old questionBetter production question
Will the model say the right thing?Can the proposed action run under policy?
Did we log the chat?Did we record the decision before execution?
Can a human review the output?Can a human stop the side effect before it happens?

Practical takeaway

Pick one protected action, wrap it, define allow and review thresholds, and export the decision record. That is a better comeback than publishing generic thought leadership.

first-protected-action.yaml
protected_action:
  tool: release_payment
  allow_when:
    amount_usd: "<= 500"
  require_approval_when:
    amount_usd: "> 500"
  deny_when:
    tenant_mismatch: true

Sources

LLM06: Excessive Agency

OWASP. Accessed May 27, 2026.

OWASP MCP Top 10

OWASP. Accessed May 27, 2026.

AI RMF Generative AI Profile

NIST. Accessed May 27, 2026.

FAQ

What should a team authorize before production agent actions?

Authorize the exact tool name, arguments, actor, tenant, environment, and review requirement before the side effect reaches the upstream system.

Why not rely on prompts for this?

Prompts guide model behavior, but they do not reliably stop a tool dispatch. Runtime authorization sits after the model proposes an action and before the tool executes.

What evidence should the page produce?

Keep a decision record with the actor, tool, arguments summary, policy version, verdict, reviewer when required, timestamp, and source system context.

Related paths

Blog

Research briefs on agent authority, MCP security, and production governance.

Install Veto

Wrap one protected tool call and test allow, deny, and review decisions.

Book a demo

Map your first protected agent action to policy, approval, and evidence.

Govern the next agent action

Book a callSign up