Surfit Blog

Product updates, industry landscape, and incident analysis.

Surfit Updates
Surfit Updates March 25, 2026

Introducing Surfit — The Decision Layer for AI Agent Actions

Evals check what the model says. Sandboxes control where agents run. Nobody controls what actually happens when an agent acts on a real system.
Landscape
Landscape April 20, 2026

Three Research Groups Just Described Surfit's Architecture. None of Them Know About Us.

Three independent research papers in March and April 2026 converged on the same core architectural answer Surfit built as a product. This is what category validation looks like.
Landscape March 26, 2026

The AI Agent Control Landscape — March 2026

Every major tool in the stack — what layer they operate at, what they do well, and why execution authority remains unsolved.
Incidents
Incident April 20, 2026

Vercel Got Breached Through an AI Agent Platform. This Is the Failure Mode Everyone Keeps Shipping.

A third-party AI agent platform held deployment-level OAuth scopes. When the agent platform was compromised, attackers inherited the scopes. This is the architectural failure mode Surfit exists to prevent.
Incident March 25, 2026

LiteLLM Got Compromised. Here's Why Agent Credentials Need a Separate Layer.

A malicious version of one of the most popular Python LLM libraries was pushed to PyPI. It stole every credential on the machine.
Incident March 31, 2026

Claude Code's Source Got Leaked Through a Build Pipeline.

Anthropic built Undercover Mode to stop their AI from leaking internal information. A source map in an npm package leaked everything.