Insecure Agents is a podcast that curates the most important conversations and trends in AI security. AI engineers, CISOs, and security practitioners listen to learn how to give their agents the security they need to reach higher levels of capability and autonomy.

Allie Howe

ALLIE HOWE HOST

Allie Howe is a Member of Technical Staff at Keycard and has a background in security engineering. She is a core contributor to the OWASP Agentic Security Initiative and has spoken at AI Engineer World's Fair and AI Agent Security Summit.

𝕏 @vtahowe in /allisonhowe

© 2026 Insecure Agents Podcast / Keycard

Back to episodes
David Cramer — CPO and Co-Founder of Sentry
#39 Jun 24

Episode 39 · Jun 24

It's the Harness, Not the Model: David Cramer, CPO of Sentry, on Agents, Expectations vs Reality

David Cramer · CPO and Co-Founder of Sentry

--:--

We sit down with David Cramer, CPO and co-founder of Sentry, to cut through the agent hype with a working engineer's skepticism: the model is rarely what holds agents back, the harness you build around it is. We get into the Railway incident, where a coding agent found a stray CLI token and deleted a production database, and every backup, in nine seconds, and why the enforcement layer has to live below the agent rather than in an advisory system prompt. David explains Seer, Sentry's AI debugger, as the counter-example: an agent doing real work because it was given the right context, not more autonomy. He also walks through Warden, the code-review harness he built that found over 100 previously unknown vulnerabilities across Sentry and open-source projects, including full auth bypasses, for roughly $1K of compute. We also get his contrarian-but-consistent take on why MCP is not just a shim on your API, why CLIs are harder to secure than people think, and why verification, not code generation, is still the unsolved problem.

Listen on