About
I write about security, authorization, AI agents, and the systems challenges that come with powerful but untrusted components.
My focus is on structural approaches: capability-based authorization, attenuable tokens, runtime boundaries, and designs where certain classes of harm become unrepresentable rather than merely unlikely. I’m the author of Warden, a Rust-based reference runtime that enforces strict, auditable authority limits on agent tool calls.
This site is the home for longer-form technical writing on these topics — and related work in Rust, infrastructure, and application security.
Projects
- Warden — A capability-secure runtime for AI agent tool calls. Rust, Biscuit tokens, structural authority boundaries.
- Capsule — An MCP capability gateway combining sandbox boundaries with content-based taint tracking.
Recommended reading
If you’re new here, start with:
- Prompt Injection Is an Authorization Bug: Capability-Bounded AI Agents — The foundational post. Two agents, same injected attack. One leaks secrets; the other can’t.
- The Signature Verified, the Authority Widened Anyway — How a verified crypto signature still lets attackers escalate privileges (Part 2).
- Capability Boundaries Have No Memory — When sandboxing isn’t enough and you need content provenance too (Part 3).
Contact
- Email: mail@senthilsiva.com
- GitHub: senthil1216
- LinkedIn: ssivasubramanian
- Location: San Francisco, CA
I’m an engineering leader focused on cloud platforms, security, and agentic systems. Worked on SaaS/PaaS and modern cloud infrastructure.
The goal here is clarity over volume: posts that go deep on one hard problem, with honest threat models and reproducible examples.