We'll be at AI Engineer Europe (London, 8–10 April) to talk kernel-level sandboxing and cryptographic provenance for agentic systems. Book time with @lukehinds.bsky.social and @scparkinson.bsky.social: nono.sh/book

The axios case: a postinstall hook that ran with full user permissions, no prompt, no sandbox. nono confines npm install to what it actually needs. No C2. No system paths. No credential access. nono.sh/blog/nono-axios

nono v0.26.0 is out: kernel-enforced agent sandboxing, now on Windows via WSL2. Same Landlock enforcement as native Linux. 84% feature parity. The gap is a WSL2 kernel bug, not nono. nono.sh/blog/nono-wsl2-windows-support

Kexin wrapped a GitHub triage bot with nono and documented what each feature does. Sandbox profile. Signed instruction file. Phantom token credential injection - real tokens never enter the sandboxed. Security comes from the launch wrapper. launched.https://nono.sh/blog/wrapping-github-bot-with-nono

@josh.bressers.name put it well: MCP is moving faster than anyone can keep up with. @lukehinds.bsky.social joined #OpenSourceSecurity to dig into why agent security is structurally hard and what kernel-level sandboxing nono.sh actually solves. Episode: opensourcesecurity.io/2026/2026-03...

If you're building with AI agents and haven't thought through what happens when the agent's permissions are broader than they need to be, this conversation is a good starting point. nono.sh?utm_source=t...

Most AI coding agents run with your full user permissions - SSH keys, AWS credentials, API tokens all exposed. nono is a kernel-level sandbox that changes this. Filesystem, network, and credentials enforced outside the agent's trust domain. nono.sh #AISecurity #infosec #opensource

How the phantom token pattern works in practice: session-scoped token → localhost proxy → real credential injected outside the sandbox → forwarded over TLS. Scoped to one session. Expires on exit. #AISecurity #infosec

Threat model most teams miss: AI agent API keys sit in /proc/PID/environ on Linux - readable by any same-user process. One prompt injection away from exfiltration. nono's credential proxy: the agent never holds real keys. nono.sh/blog/blog-credential-injection #AISecurity #infosec #opensource

Guest Blog on Spin Framework of how we use WebAssembly isolated tool execution for the training of agentic large language models spinframework.dev/blog/deepfab... - by @lukehinds.bsky.social

How do you train an SEO-focused agent from scratch? Our co-founder Stephen Parkinson covers the full process - dataset generation, live tool execution setup, and more. Part two dropping soon. deepfabric.dev

Fine Tune a 4B Model to Beat Claude and Gemini at Tool Calling for free on Google Colab! www.alwaysfurther.ai/blog/train-4...

huggingface.co/blog/lukehin... @alwaysfurther.ai

Latest Blog on why relying on system prompts as guardrails could let you down www.alwaysfurther.ai/blog/system-...

We're out of stealth! Today we're announcing Always Further and our $1.8M pre-seed to deliver precise, secure and reliable open language models. More soon. Let's build 🚀 www.alwaysfurther.ai/blog/announc...