Agents
Anthropic Deputy CISO Jason Clinton publishes a four-question agentic AI risk framework: 'zero risk isn't the job'
Published July 17, the guide argues that eliminating agent risk is neither realistic nor the goal — the job is making risk legible and bounded so organizations can deliberately accept what they can control. The four questions: what content does the agent ingest, what actions is it allowed, what's the blast radius, and is it observable. Concrete primitives include scoped access, network egress controls, SIEM-routed telemetry, and admin-paced rollout — with narrow identity and mandatory human escalation whenever an agent touches untrusted input.
Source
↳ Follow the thread