Advertisement · 728 × 90

Posts by Always Further, Inc

Nono at AI Engineer Europe

We'll be at AI Engineer Europe (London, 8–10 April) to talk kernel-level sandboxing and cryptographic provenance for agentic systems.
Book time with @lukehinds.bsky.social and @scparkinson.bsky.social: nono.sh/book

1 week ago 0 0 0 0
Preview
How nono Prevents Supply Chain Attacks: A Case Study of the axios Compromise How nono's kernel-level sandbox stops supply chain attacks like the axios npm compromise — blocking RAT deployment, credential theft, and exfiltration.

The axios case: a postinstall hook that ran with full user permissions, no prompt, no sandbox.
nono confines npm install to what it actually needs. No C2. No system paths. No credential access.
nono.sh/blog/nono-axios

2 weeks ago 1 0 0 0
Preview
nono Now Runs on Windows: Kernel-Enforced Sandboxing via WSL2 nono v0.26.0 brings kernel-enforced sandboxing to Windows via WSL2. Landlock isolation, network filtering, credential injection, and undo — all working on Windows.

nono v0.26.0 is out: kernel-enforced agent sandboxing, now on Windows via WSL2.

Same Landlock enforcement as native Linux. 84% feature parity. The gap is a WSL2 kernel bug, not nono.

nono.sh/blog/nono-wsl2-windows-support

2 weeks ago 0 0 0 0

Kexin wrapped a GitHub triage bot with nono and documented what each feature does. Sandbox profile. Signed instruction file. Phantom token credential injection - real tokens never enter the sandboxed. Security comes from the launch wrapper. launched.https://nono.sh/blog/wrapping-github-bot-with-nono

3 weeks ago 0 0 0 0
Preview
MCP and Agent security with Luke Hinds Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke’s new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We ...

@josh.bressers.name put it well: MCP is moving faster than anyone can keep up with.
@lukehinds.bsky.social joined #OpenSourceSecurity to dig into why agent security is structurally hard and what kernel-level sandboxing nono.sh actually solves.
Episode: opensourcesecurity.io/2026/2026-03...

3 weeks ago 2 2 0 0

If you're building with AI agents and haven't thought through what happens when the agent's permissions are broader than they need to be, this conversation is a good starting point.

nono.sh?utm_source=t...

1 month ago 2 1 1 0
Preview
nono - Next-Generation Agent Security Kernel-enforced isolation, network filtering, immutable auditing, and atomic rollbacks for AI agents - built into the nono CLI and native SDKs.

Most AI coding agents run with your full user permissions - SSH keys, AWS credentials, API tokens all exposed.
nono is a kernel-level sandbox that changes this. Filesystem, network, and credentials enforced outside the agent's trust domain.
nono.sh
#AISecurity #infosec #opensource

1 month ago 1 0 0 0

How the phantom token pattern works in practice: session-scoped token → localhost proxy → real credential injected outside the sandbox → forwarded over TLS. Scoped to one session. Expires on exit. #AISecurity #infosec

1 month ago 1 1 0 0
Preview
Credential Protection for AI Agents: The Phantom Token Pattern How nono uses a credential injection proxy to protect API keys for AI agents.

Threat model most teams miss:

AI agent API keys sit in /proc/PID/environ on Linux - readable by any same-user process. One prompt injection away from exfiltration.

nono's credential proxy: the agent never holds real keys.

nono.sh/blog/blog-credential-injection

#AISecurity #infosec #opensource

1 month ago 2 0 0 0
Preview
DeepFabric and Spin: A Case Study in Building Better Agentic Training Data

Guest Blog on Spin Framework of how we use WebAssembly isolated tool execution for the training of agentic large language models spinframework.dev/blog/deepfab... - by @lukehinds.bsky.social

3 months ago 2 1 0 0
Advertisement
Post image

How do you train an SEO-focused agent from scratch? Our co-founder Stephen Parkinson covers the full process - dataset generation, live tool execution setup, and more. Part two dropping soon. deepfabric.dev

3 months ago 1 1 0 0
Post image

Fine Tune a 4B Model to Beat Claude and Gemini at Tool Calling for free on Google Colab! www.alwaysfurther.ai/blog/train-4...

3 months ago 0 0 0 1
Preview
DeepFabric, advanced synthetic creation for Model Behavior Training A Blog post by Luke Hinds on Hugging Face

huggingface.co/blog/lukehin...

@alwaysfurther.ai

4 months ago 0 1 0 0
Post image

Latest Blog on why relying on system prompts as guardrails could let you down www.alwaysfurther.ai/blog/system-...

4 months ago 1 1 0 0
Announcing Always Further and our Pre-Seed Investment

We're out of stealth!

Today we're announcing Always Further and our $1.8M pre-seed to deliver precise, secure and reliable open language models.

More soon. Let's build 🚀

www.alwaysfurther.ai/blog/announc...

4 months ago 1 1 0 1