Cursor Agent Deleted a Prod Database in 9 SecondsFEATURED
Cursor agent reportedly wiped a Railway production database and backups in one API call. Prompts aren't permissions — agents need pre-execution gates.
The Cycles Blog
Engineering insights, product updates, and best practices for AI agent runtime authority, exposure, and cost control.
Tools you can run on your own numbers: Cost Calculator (Claude vs GPT) → · Blast Radius Risk Calculator → — every configuration produces a shareable URL. Many of the posts below link to a calculator pre-loaded with the post's specific scenario.
New to Cycles? Read these posts in order to understand runtime authority from the ground up.
- What Is Runtime Authority for AI Agents?
- The True Cost of Uncontrolled AI Agents
- How Much Do AI Agents Actually Cost?
- AI Agent Cost Management: The Complete Guide
- AI Agent Budget Control: Enforce Hard Spend Limits
Ready to try Cycles? Jump to the End-to-End Tutorial.
Agents Are Cross-Cutting. Your Controls Aren't.FEATURED
· Albert Mavashev · 10 min read
Agents span providers, tools, tenants, and workers. Tool-local controls govern only one slice — here is why agent governance has to be cross-cutting.
State of AI Agent Governance 2026FEATURED
· Albert Mavashev · 13 min read
AI agents moved to production faster than governance kept up. This is the state of enforcement, regulation, and incidents in 2026 — and what comes next.
AI Agent Risk Assessment: Score, Classify, EnforceFEATURED
· Albert Mavashev · 17 min read
Practical guide to AI agent risk: classify actions by blast radius, assign risk scores, and convert assessments into enforceable runtime budgets.
The State of AI Agent Incidents (2026)FEATURED
· Albert Mavashev · 13 min read
Documented AI agent incidents and failure patterns — runaway costs, action misfires, security exploits, multi-agent cascades — scored by cost and blast radius.
Agent Memory Writes Are Actions, TooNEW
· Albert Mavashev · 12 min read
Agent memory writes change future runs. Treat mem0, Letta, Zep, and Claude-style memory mutations as RISK_POINTS-budgeted actions under runtime authority.
Closing the Estimate-Actual Gap with cost_fnNEW
· Albert Mavashev · 8 min read
langchain-runcycles 0.2.0 adds cost_fn to CyclesModelGate: reserve at estimate, commit at the LangChain ModelResponse's actual reported token usage per call.
Why a Delete-Delay Isn't the PocketOS FixNEW
· Albert Mavashev · 10 min read
Railway slowed destructive deletes after the 9-second wipe. The legacy account-token model is unchanged. The structural fix is scoped tokens + runtime gates.
Pre-Call Budget Reservation as a Spring AI AdvisorNEW
· Albert Mavashev · 11 min read
How cycles-spring-ai-starter inserts reserve-commit-release into Spring AI's advisor chain — call advisor, Flux streaming, SubjectResolver, tool gating.
Preventing AP2 Open-Mandate Overuse with Runtime IdempotencyNEW
· Albert Mavashev · 5 min read
AP2 spec §6 warns against open-mandate overuse. A runtime idempotency gate keyed on open_mandate_hash prevents a second valid reservation.
AI Agent Approval Queues Need Runtime Authority
· Albert Mavashev · 10 min read
Human approval can pause risky agent actions, but it is not enforcement. Pair approval queues with runtime authority, scoped limits, and audit receipts.
We Put Cycles in Front of Our Own Outreach Agent
· Evan Mavashev · 11 min read
A dogfood field report on governing a real autonomous outreach agent with Cycles — Gmail drafts, Slack review, budget caps, and DENY on external send.
A Supply-Chain Playbook for Agent Skill Marketplaces
· Albert Mavashev · 12 min read
npm and PyPI took a decade to converge on signing, OIDC publishing, and provenance. Agent skill marketplaces can skip the detour — but also need runtime limits.
Policy Drift in AI Agents
· Albert Mavashev · 7 min read
AI agent policies drift when prompts, skills, tools, models, and workflows change. Static approval needs shadow mode, runtime limits, and audit loops.
Why Local-First Agent Runtimes Need Runtime Authority
· Albert Mavashev · 13 min read
Local-first, BYOK agent runtimes — OpenClaw, Cline, Aider, Continue — share a cost and action-risk governance gap that no provider cap or local limit closes.