paulbreuler/AI-Agent-Security-Concerns.md

Last active January 16, 2026 15:18

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/paulbreuler/3cd7a3fbc7696783badfa09a18a11862.js"></script>
Save paulbreuler/3cd7a3fbc7696783badfa09a18a11862 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

AI-Agent-Security-Concerns.md

Security Concern	% of Developers
Unauthorized/excessive API calls from AI agents	51%
AI systems accessing sensitive data	49%
AI systems leaking API credentials	46%

Raw

How-runi-addresses-the-gaps.md

Gap	Postman Finding	runi Solution
Contract testing	Only 17% do it	Continuous drift detection against bound specs
Semantic versioning	Only 26% use it	Temporal awareness with version history & diffs
AI agent security	51% cite it as #1 concern	AI verification validates LLM output before execution
Documentation scatter	55% struggle with inconsistency	Single source of truth in Git-friendly YAML
API discovery	34% can't find existing APIs	Semantic links map cross-API relationships

Raw

MCP-Adoption-Status.md

MCP Status	% of Developers
Use MCP regularly	10%
Plan to explore it	24%
Used occasionally for experiments	19%
Evaluated but chose not to implement	7%
Not familiar with MCP	31%

Raw

PersonQA-Hallucitination-Rates.md

Model	Hallucination Rate	Release
o3-mini	14.8%	2025
o1	16%	2024
o3	33%	2025
o4-mini	48%	2025

Raw

runi-tech-stack-point-in-time.md

Component	Technology	Why
Backend	Rust 1.80+	Performance, safety, `reqwest` for HTTP
Runtime	Tauri v2.9.x	Cross-platform, <50MB bundle
Frontend	Svelte 5.46.x	Reactive, minimal, runes syntax
Storage	YAML/JSON files	Git-friendly, no database lock-in
AI	Ollama (optional)	Local inference, privacy-preserving

Raw

This it is also a comment, but I realized that your LLM won't crawl to comments most likely by default.

Key Research & Sources

Industry Reports

Postman 2025 State of the API Report: https://www.postman.com/state-of-api/2025/
Salt Security State of API Security 2024: https://content.salt.security/state-api-report.html
APIContext API Drift White Paper: https://apicontext.com/resources/api-drift-white-paper/

AI Hallucination Research

USENIX Security 2025 — Package Hallucinations: https://arxiv.org/abs/2406.10279
OpenAI o3/o4-mini System Card: https://cdn.openai.com/pdf/2221c875-02dc-4789-800b-e7758f3722c1/o3-and-o4-mini-system-card.pdf
OpenAI — Why Language Models Hallucinate: https://openai.com/index/why-language-models-hallucinate/
Vectara Hallucination Leaderboard: https://github.com/vectara/hallucination-leaderboard

Model Context Protocol (MCP)

Official MCP Site: https://modelcontextprotocol.io/
MCP Specification (2025-11-25): https://modelcontextprotocol.io/specification/2025-11-25
Anthropic MCP + AAIF Announcement: https://www.anthropic.com/news/donating-the-model-context-protocol-and-establishing-of-the-agentic-ai-foundation
Linux Foundation AAIF Press Release: https://www.linuxfoundation.org/press/linux-foundation-announces-the-formation-of-the-agentic-ai-foundation

Analysis & Commentary

Nordic APIs — State of API 2025 Deep Dive: https://nordicapis.com/a-deep-dive-into-the-state-of-the-api-2025/
TechCrunch — OpenAI's reasoning models hallucinate more: https://techcrunch.com/2025/04/18/openais-new-reasoning-ai-models-hallucinate-more/

Raw

Testing-Maturity-Gap.md

Testing Type	Adoption
Functional testing	67%
Integration testing	67%
Performance testing	57%
Contract testing	17%

Raw

The-API-Gap.md

Reality	Number	What It Means
Developers using AI daily	89%	AI-assisted development is universal
Design APIs for AI agents	24%	Massive gap between usage and architecture
Still design only for humans	60%	Most APIs will break under AI consumption
Haven't even considered AI agents	16%	Not on the radar at all

Raw

The-Brutal-Reality-of-API-Development.md

The Reality	The Number	Source
APIs that don't conform to their specifications	75%	APIContext 2024
Developers experiencing API security incidents	94%	Salt Security Q1 2023
API teams facing collaboration blockers	93%	Postman 2025
Teams NOT doing contract testing	83%	Postman 2025
AI-generated code with package hallucinations	19.7%	USENIX Security 2025
Developers using AI but NOT designing APIs for AI agents	65%	Postman 2025

paulbreuler commented Jan 15, 2026

Author

Key Research & Sources

Industry Reports

Postman 2025 State of the API Report: https://www.postman.com/state-of-api/2025/
Salt Security State of API Security 2024: https://content.salt.security/state-api-report.html
APIContext API Drift White Paper: https://apicontext.com/resources/api-drift-white-paper/

AI Hallucination Research

USENIX Security 2025 — Package Hallucinations: https://arxiv.org/abs/2406.10279
OpenAI o3/o4-mini System Card: https://cdn.openai.com/pdf/2221c875-02dc-4789-800b-e7758f3722c1/o3-and-o4-mini-system-card.pdf
OpenAI — Why Language Models Hallucinate: https://openai.com/index/why-language-models-hallucinate/
Vectara Hallucination Leaderboard: https://github.com/vectara/hallucination-leaderboard

Model Context Protocol (MCP)

Official MCP Site: https://modelcontextprotocol.io/
MCP Specification (2025-11-25): https://modelcontextprotocol.io/specification/2025-11-25
Anthropic MCP + AAIF Announcement: https://www.anthropic.com/news/donating-the-model-context-protocol-and-establishing-of-the-agentic-ai-foundation
Linux Foundation AAIF Press Release: https://www.linuxfoundation.org/press/linux-foundation-announces-the-formation-of-the-agentic-ai-foundation

Analysis & Commentary

Nordic APIs — State of API 2025 Deep Dive: https://nordicapis.com/a-deep-dive-into-the-state-of-the-api-2025/
TechCrunch — OpenAI's reasoning models hallucinate more: https://techcrunch.com/2025/04/18/openais-new-reasoning-ai-models-hallucinate-more/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment