Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's the critical question. The key is that Strata never exposes all tools to the agent at once. Our progressive guidance acts as a dynamic allowlist, so that the agent only "sees" the specific tools relevant to its immediate task. This fundamentally reduces the blast radius at each step. We do provide a comprehensive audit trails for every action, giving a CISO a centralized control plane to manage and monitor agent capabilities, rather than an exponential risk. If you are interested, come talk to us!


How is a “dynamic allowlist” useful if it can still access anything based on what the user prompts? Is there a way to impose a static allowlist too?


Yes there is a way to impose a static allowlist. As a very simple example, you can disable certain servers completely via the UI or the API.


Isn’t that a blocklist?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: