2026/07/17/brex-built-its-ai-agent-policy-by-watching-what
Brex built its AI agent policy by watching what agents actually do, not by writing rules first

EDITOR BRIEF
Brex built an internal open-source proxy called CrabTrap to monitor HTTP/HTTPS traffic from AI agents using real credentials such as API keys and OAuth tokens. The system intercepts requests, checks policy rules, and uses an LLM-as-a-judge approach to approve or deny agent actions based on observed behavior rather than predefined SDK rules alone.
INSIGHTS
The approach reflects a shift from static guardrails toward centralized agent governance at the network layer, where enterprises can see and control what agents actually do. If adopted more broadly, this could become a key security pattern for scaling autonomous agents without stripping away their usefulness.
COMMENTS
Discussion
> geekhaus:~$ next read?
Next read recommendations

VentureBeat
Capital One releases VulnHunter, an open-source AI tool that finds software flaws before hackers do

VentureBeat
Intuit scrapped its own AI agent architecture twice in four months. At VB Transform 2026, its AI VP called that the fast path

VentureBeat