// tag
#Security
8 posts
NL2SQL Is the SQL Injection of the Agentic Age
Before you let an agent query your database with natural language, read this. NL2SQL looks simple until you think through schema completeness, indeterminism, and what SQL MCP Server actually solves.
Building Agents Is the Easy Part — Running Them Safely Is the Hard Part
Microsoft Agent Framework and Agent Governance Toolkit pair up to enforce runtime policy, govern tool calls, and provide Merkle-chained audit logs — without touching your agent prompts.
Your AI Agent Has an Identity Problem (And Here's the Template That Solves It)
A new azd template from Curity and Microsoft shows how to build AI agents that use short-lived OAuth tokens with fine-grained scopes — so agents can never see data they shouldn't.
Private Endpoints, VNets, NSGs — Aspire Handles the Networking Now
Aspire's new Azure enterprise networking support lets you model VNets, private endpoints, NAT gateways, NSGs, and Network Security Perimeters directly in your AppHost — no infrastructure drift required.
Governing MCP Tool Calls in .NET with the Agent Governance Toolkit
The Agent Governance Toolkit is a .NET 8+ package for scanning MCP tool definitions for threats, enforcing YAML-based policy, and sanitizing tool output — covering OWASP MCP Top 10.
SQL Server 2025 as Your Agent-Ready Database: Security, Backup, and MCP in One Engine
The final part of the Polyglot Tax series tackles the hard production problems: unified Row-Level Security across relational, JSON, graph, and vector data — plus cryptographic audit trails and MCP integration that make SQL Server 2025 genuinely agent-ready.
Patch This Now: .NET 10.0.7 OOB Security Update for ASP.NET Core Data Protection
.NET 10.0.7 is an out-of-band release fixing a security vulnerability in Microsoft.AspNetCore.DataProtection — the managed authenticated encryptor was computing HMAC over the wrong bytes, leading to potential elevation of privilege. Update immediately.
.NET April 2026 Servicing — Security Patches You Should Apply Today
The April 2026 servicing release patches 6 CVEs across .NET 10, .NET 9, .NET 8, and .NET Framework — including two remote code execution vulnerabilities.