Resources · educational notes

Notes on AI-agent safety research.

General educational notes on AI-agent safety from SecuRight, an Australian software company that develops and operates its own consumer apps. We share what we learn researching safer AI agents for our own software. General information only — not professional, security, compliance, or legal advice, and not a service we offer.

01 · Writing

The notes — our AI-safety research.

Research note

Defending agents against prompt injection

Why prompt injection is the SQL-injection of the agent era, the classes of attack that actually land, and the layered defences — input isolation, capability gating, output checks — that hold up.

Research note · AI safety Research note

A runtime, not a policy document

A policy PDF can't stop an agent from calling the wrong tool. Putting policy enforcement and a tamper-evident audit at the call site — and why the check has to be fast enough that no one disables it.

Research note · architecture Research note

Our AI-agent safety checklist

The questions we work through for our own apps before an AI agent takes an action — auth, scope, injection, logging, human oversight. Shared as a research note.

Research note · checklist

prompt injection capability gating tamper-evident audit human-in-the-loop human oversight AI safety

02 · Open source

Code we'll share.

Some of our AI-safety research notes and example code may be useful in the open. We may publish reference examples on GitHub as general educational material. (Not a product or service.)

View on GitHub → github.com/securight-au

We write what we're actually working on — no fabricated benchmarks, no invented case studies. Where something is still in development, we say so. SecuRight is an Australian software company (founded 2016); the runtime described in this writing is in development. For anything you'd like to discuss, reach us at [email protected].