Cursor Agent Deleted a Prod Database in 9 SecondsFEATURED
Cursor agent reportedly wiped a Railway production database and backups in one API call. Prompts aren't permissions — agents need pre-execution gates.
The Cycles Blog
Engineering insights, product updates, and best practices for AI agent runtime authority, exposure, and cost control.
Tools you can run on your own numbers: Cost Calculator (Claude vs GPT) → · Blast Radius Risk Calculator → — every configuration produces a shareable URL. Many of the posts below link to a calculator pre-loaded with the post's specific scenario.
New to Cycles? Read these posts in order to understand runtime authority from the ground up.
- What Is Runtime Authority for AI Agents?
- The True Cost of Uncontrolled AI Agents
- How Much Do AI Agents Actually Cost?
- AI Agent Cost Management: The Complete Guide
- AI Agent Budget Control: Enforce Hard Spend Limits
Ready to try Cycles? Jump to the End-to-End Tutorial.
Agents Are Cross-Cutting. Your Controls Aren't.FEATURED
· Albert Mavashev · 10 min read
Agents span providers, tools, tenants, and workers. Tool-local controls govern only one slice — here is why agent governance has to be cross-cutting.
State of AI Agent Governance 2026FEATURED
· Albert Mavashev · 13 min read
AI agents moved to production faster than governance kept up. This is the state of enforcement, regulation, and incidents in 2026 — and what comes next.
AI Agent Risk Assessment: Score, Classify, EnforceFEATURED
· Albert Mavashev · 17 min read
Practical guide to AI agent risk: classify actions by blast radius, assign risk scores, and convert assessments into enforceable runtime budgets.
The State of AI Agent Incidents (2026)FEATURED
· Albert Mavashev · 13 min read
Documented AI agent incidents and failure patterns — runaway costs, action misfires, security exploits, multi-agent cascades — scored by cost and blast radius.
A Valid Signature Doesn't Tell You Who Signed ItNEW
· Albert Mavashev · 7 min read
A signed receipt proves the bytes came from a key — not that the key is the server's. That gap is signer authority, and closing it for the long haul means resolving keys and respecting rotation, not trusting whatever key the receipt handed you.
A 200 OK Is Not an Audit TrailNEW
· Albert Mavashev · 5 min read
Enforcing an agent's budget is only half of runtime authority. The other half is proving what you decided — to an auditor, a counterparty, or a regulator who wasn't on the call. When configured, CyclesEvidence turns eligible budget decisions into signed, portable receipts.
What Four New Surfaces Taught UsNEW
· Albert Mavashev · 10 min read
Memory writes, merges, clicks, voice. Each needed a different shape of the gate. The action authority lifecycle absorbed all four — here's what it means.
Reserving Authority When You Can't Pause
· Albert Mavashev · 14 min read
OpenAI Realtime, Vapi, Retell AI: voice agents can't wait 300ms for ALLOW. Patterns for budget authority when reserve-commit can't sync on the hot path.
Computer-Use Agents Have No Tool Boundary
· Albert Mavashev · 15 min read
OpenAI's CUA, Anthropic Computer Use, Browser-Use collapse the tool surface to click and type. Risk has to move from tool name to target, intent, and context.
When Coding Agents Press Merge
· Albert Mavashev · 16 min read
Devin, Codex Cloud, Claude Code yolo mode now reach the merge button — direct call or auto-merge via branch protection. Treat merge as a tiered action.
Agent Memory Writes Are Actions, Too
· Albert Mavashev · 12 min read
Agent memory writes change future runs. Treat mem0, Letta, Zep, and Claude-style memory mutations as RISK_POINTS-budgeted actions under runtime authority.
Closing the Estimate-Actual Gap with cost_fn
· Albert Mavashev · 8 min read
langchain-runcycles 0.2.0 adds cost_fn to CyclesModelGate: reserve at estimate, commit at the LangChain ModelResponse's actual reported token usage per call.
Why a Delete-Delay Isn't the PocketOS Fix
· Albert Mavashev · 10 min read
Railway slowed destructive deletes after the 9-second wipe. The legacy account-token model is unchanged. The structural fix is scoped tokens + runtime gates.
Pre-Call Budget Reservation as a Spring AI Advisor
· Albert Mavashev · 11 min read
How cycles-spring-ai-starter inserts reserve-commit-release into Spring AI's advisor chain — call advisor, Flux streaming, SubjectResolver, tool gating.