MCP or even cli seems a pretty good squeeze point for access controls and yet there’s limited control over them as an org? It feels like a huge oversight whilst they’re off solving much more difficult problems.
The owners of frontier AI talk about how they’re struggling to integrate with corporations. Yet none of them have enterprise policies that control their software well. “Sure let me just connect write access of our task system to a fuzzy system”.
AI agents are clicking buttons with your credentials. WebMCP lets pages declare tools for agents to call, but it trusts the page to be honest. That's the same assumption that gave us phishing.
I wrote about why agentic AI needs a real consent layer, not just better sandboxes.
https://jotter.jonathankingston.co.uk/blog/2026/02/22/consent-is-all-you-need/
Consent is all you need
The agentic web has a consent problem. Every agent depends on the same unstated assumption: the model knows when it should stop and ask you.
Most teams treat skills, MDC rules and system prompts as write-once artifacts, refined by vibes. The post looks at two practical approaches to actually measuring whether they work: deterministic rubric testing and paired comparisons borrowed from RLHF.
https://jotter.jonathankingston.co.uk/blog/2026/02/17/magic-words-need-measuring-sticks/
Magic words need measuring sticks
Dave Rupert's Magic Words names a thing I've been stewing on. Skills, MDC rules, and system prompts are all incantations. We write them, ship them, a...
The “ai kill switch” isn’t the best name given the state of the world. Especially as there’s likely a naming collision with something “defence” companies are making.
I wrote up an idea to add support <canvas poster="placeholder.png">
https://jotter.jonathankingston.co.uk/blog/2026/01/11/a-case-for-poster-on-canvas/ both for archiving the web and preloading content into the canvas.
A Case for poster on Canvas
The HTML <canvas> element has a gap that <video> solved years ago: there's no declarative way to provide a static visual repr...
That said I’m skeptial that the web should ever serve mhtml and certainly not framed either. I haven’t really thought about the security implications much other than I’m serving them only from files, with a null principal and blocking all scripts from loading. I’m sure serving from the web could be possible but I’m not at this stage pushing for it.
Another rationale is that the encoding allows for binary encoding similar to the Apple archive format does. This is much more efficient than embedding the assets into the HTML as data URIs. iiuc this approach adds the 20% encoding tax for each frame nesting too.
@freddy well Firefox doesn't have that as an extension API either. I'd support that instead if they did. Both are transforms on the initial document. I do think the single file approach is better for the embedding/RAG case.
@freddy it’s a pretty great archive format that can be used to replay or index page state. HAR can’t replay reliably reconstitute a document state and WARC is seemingly nice but is like MHTML+HAR combined (huge and a dev/crawler only format). I’m using it as the base format in:
https://refine.page a page annotation extension. Chrome has an API to snapshot whenever basically.
refine.page - Web Page Snapshot & Annotation Extension
Capture and annotate web page snapshots for labeling and review. Create labeled datasets from web pages with high-fidelity snapshots.
