Cursor AI Agent Reportedly Deleted a Production Database in 9 SecondsFEATUREDNEW
Cursor agent reportedly wiped a Railway production database and backups in one API call. Prompts aren't permissions — agents need pre-execution gates.
The Cycles Blog
Engineering insights, product updates, and best practices for AI agent runtime authority, exposure, and cost control.
Tools you can run on your own numbers: Cost Calculator (Claude vs GPT) → · Blast Radius Risk Calculator → — every configuration produces a shareable URL. Many of the posts below link to a calculator pre-loaded with the post's specific scenario.
New to Cycles? Read these posts in order to understand runtime authority from the ground up.
- What Is Runtime Authority for AI Agents?
- The True Cost of Uncontrolled AI Agents
- How Much Do AI Agents Actually Cost?
- AI Agent Cost Management: The Complete Guide
- AI Agent Budget Control: Enforce Hard Spend Limits
Ready to try Cycles? Jump to the End-to-End Tutorial.
Agents Are Cross-Cutting. Your Controls Aren't.FEATURED
· Albert Mavashev · 10 min read
Agents span providers, tools, tenants, and workers. Tool-local controls govern only one slice — here is why agent governance has to be cross-cutting.
State of AI Agent Governance 2026FEATURED
· Albert Mavashev · 13 min read
AI agents moved to production faster than governance kept up. This is the state of enforcement, regulation, and incidents in 2026 — and what comes next.
AI Agent Risk Assessment: How to Score, Classify, and Enforce Tool Risk Before ProductionFEATURED
· Albert Mavashev · 17 min read
A practical guide to assessing AI agent risk at the tool level. Classify actions by blast radius, assign risk scores, and convert assessments into enforceable runtime budgets.
The State of AI Agent Incidents (2026): Failures, Costs, and What Would Have Prevented ThemFEATURED
· Albert Mavashev · 13 min read
Documented AI agent incidents and recurring failure patterns — runaway costs, action misfires, security exploits, and multi-agent cascades. Each scored by cost, blast radius, and which runtime controls would have prevented it.
Agent Skills Are the New Supply ChainNEW
· Albert Mavashev · 6 min read
Agent skills turn reusable workflows into executable supply chain risk. Govern them with inventory, provenance, sandboxing, runtime limits, and audit.
MCP Gateways Are Not Runtime AuthorityNEW
· Albert Mavashev · 6 min read
MCP gateways help secure tool connectivity, but production agents still need runtime authority for budget, risk, scope, and per-action decisions at runtime.
Agent Identity Is Not User IdentityNEW
· Albert Mavashev · 7 min read
Why production AI agents need dedicated identities, scoped credentials, owner mapping, audit trails, and runtime authority instead of borrowed user sessions.
Webhook Delivery That Operators Can TrustNEW
· Albert Mavashev · 6 min read
A production webhook delivery contract for AI agent events: signed bodies, retries, dedupe keys, stale cutoffs, auto-disable, replay, and traceability.
Bulk Operations Are Incident Response InfrastructureNEW
· Albert Mavashev · 7 min read
Why AI agent platforms need previewed, idempotent bulk actions to contain tenant, webhook, and budget incidents without blind production scripts at 2 AM.
Least-Privilege API Keys for AI AgentsNEW
· Albert Mavashev · 7 min read
How to scope AI agent API keys by tenant, environment, and permission so one leaked credential cannot become cross-tenant budget authority in production.
Cursor AI Agent Reportedly Deleted a Production Database in 9 SecondsFEATUREDNEW
· Albert Mavashev · 9 min read
Cursor agent reportedly wiped a Railway production database and backups in one API call. Prompts aren't permissions — agents need pre-execution gates.
The AI Agent Audit Trail You're Already Building
· Cycles Team · 10 min read
Runtime authority's hidden byproduct: ledger-ready audit, cost, and attribution records for AI agents — useful for compliance, FinOps, and platform chargeback.
Why Multi-Agent Coordination Fails — and What Actually Prevents It
· Albert Mavashev · 11 min read
Multi-agent failures aren't a prompt problem. They're structural. A look at the UC Berkeley MAST taxonomy and the prevention patterns that actually work.
Deploying the Cycles Events Service at Scale
· Albert Mavashev · 11 min read
How to run the Cycles events service in production: the 7980/9980 port split, Prometheus scraping, Kubernetes probes, and alert rules that actually page the right people.