https://joe-b-security.github.io/tags/aisvs/Recent content in AISVS on Joe Bollen SecurityHugo -- gohugo.ioenYes, it's a real three-body problem simulationSun, 05 Apr 2026 00:00:00 +0000https://joe-b-security.github.io/posts/2026-04-05-toctou-agents/Sun, 05 Apr 2026 00:00:00 +0000https://joe-b-security.github.io/posts/2026-04-05-toctou-agents/<p>Agent systems that do useful work tend to have multiple agents running concurrently, often reading and writing to the same underlying state. A support agent handles incoming requests while an ops agent processes escalations against the same ticket database, or a compliance agent monitors for policy violations on the same access control list that an access management agent writes grants to. When these agents run concurrently and their operations interleave, the same timing vulnerabilities that have existed in operating systems and concurrent programming for decades show up again.</p>