Blog
Field notes on AI governance
The problems teams actually hit shipping AI agents — and how we solve them. Some of these are written for engineers who'll want to see the mechanism.
Your coding agent runs shell commands with your permissions. Nothing is watching.
AI coding agents execute shell and tool calls with your full permissions and no gate. VAIBot is a local, fail-closed circuit breaker that evaluates allow/ask/deny before each action runs.
AI governance that doesn't ship your work to a cloud
Most AI governance is a cloud dashboard that ingests your traffic and reports after the fact. VAIBot inverts it: enforce on the client, and ship signed policy down instead of shipping your data up.
Prompt injection is an egress problem
You can't reliably detect prompt injection at the input. But injection only causes harm when it becomes an action — so gate the egress, not the prompt. How VAIBot bounds the blast radius.
Can you prove what your AI did?
Logs are mutable and screenshots are fakeable. VAIBot anchors content receipts on-chain and hash-chains every governance decision, so both "what was produced" and "what the agent did" become verifiable, not promised.