Part 3: Identity & AuthN For Agentic Workflows

If Part 2 helped you build a robust Server, Part 3 addresses the most headache-inducing question in Security: “How does the MCP Server know WHICH Agent is calling it, and does that Agent have the PERMISSION to do so?” In the early days of Agentic AI, developers often bypassed this by hardcoding long-lived API Keys. But in a Zero Trust environment, an API Key stored in plain text inside a Python script of an Agent is a ticking time bomb. If the Agent falls victim to a Prompt Injection attack, the hacker captures that API Key and gains full access to your infrastructure. ...

May 15, 2026 · 6 min · Lê Tuấn Anh

AI Code Review Pipeline: Zero-Trust, Multi-Agent & Mutation Testing

Series Orientation: This article is Part 4 of the AI Code Review & Vibe Coding series, focusing on building an automated multi-agent quality gate pipeline. For the bug taxonomy that informs these gates, see Part 3 — AI Code Bug Taxonomy. The software industry has spent two years discovering that the productivity problem of AI coding is not generation speed — it is verification speed. AI coding tools are extraordinarily effective at generating code quickly. GitHub Copilot internal data shows task completion up to 55% faster for scoped coding tasks. The bottleneck that this creates is not in the generation phase. It is in the review phase, where PR volume has increased by 20–90% across high-adoption teams while review capacity has not scaled at the same rate. ...

May 31, 2026 · 12 min · Lê Tuấn Anh

Tech Radar 14/07: Zero-Trust Security cho AI Swarms & MCP Authorization

Welcome to this week’s Tech Radar. In our previous issue, we discussed Cloud-Native AI Architecture. Khi chúng ta đã có hạ tầng mạnh mẽ (Envoy, K8s Inference), vấn đề tiếp theo lập tức xuất hiện: Làm sao để kiểm soát bầy AI (AI Swarm) này? Đừng “thả rông” AI Agents trong production. Hôm nay, chúng ta đào sâu vào Zero-Trust Security cho Multi-Agent Swarms. 1. Tech News Radar: Lỗ hổng Agentic và sự trỗi dậy của Non-Human Identity Answer-first: Sự bùng nổ của AI Agents kéo theo rủi ro bảo mật nghiêm trọng (OWASP ASI02). Các API keys tĩnh không còn phù hợp; hệ thống đòi hỏi “Định danh cho Máy” (Non-Human Identity - NHI) qua công nghệ như SPIFFE để kiểm soát từng Agent độc lập. ...

July 14, 2026 · 5 min · Lê Tuấn Anh