▸ The Workloft Show · Live
Agentic building, read from inside a live eight-agent fleet.
A show for people getting into agentic building in the UK, Ireland and the EU — where the rules and constraints are different, and that turns out to matter. Each episode: the week's biggest agent stories read by someone who actually runs agents in production, then a live tour of the fleet to prove the point.
Everyone's Securing the Wrong Part of Their AI Agents
This week an AI agent merged malicious code into Fedora's installer, and the model was never the problem. A stolen login was. In this episode I read two of the biggest agent stories of the week the way someone who runs agents in production reads them, then show you my own eight-agent fleet live to prove the point.
The throughline: the model is never the risk surface. The substrate is. Identity, provenance, context.
What's in it:
- Fedora — why "rogue AI" was the lazy read, and how a compromised credential plus an agent's reach is the real supply-chain threat.
- TokenPilot — everyone quoted the 87% cost saving. The bit that matters is that a stable context is a context you can replay, which is an audit problem, not a discount.
- On the fleet — a live, secret-safe look at how I run eight agents solo: every action logged and costed, sixteen credentials under management with zero shown on screen, and a router that picks the right model per task across providers.