Agents are doing more than you think.

Why your PII redaction tool is useless for AI Agents (and what to do about it) - built a fix I watched my agent try to email a production API key. Here is the post-mortem. If you are building AI agents, you are likely sleeping on a massive security hole. We’ve all added "PII Redaction" to our stacks. It’s standard procedure now. You spin up a middleware, scan the prompt for emails or SSNs, and redact them. Job done, right? Wrong. I learned this the hard way last week. The "Oh Sh*t" Moment I was testing a "Jira Summarizer" agent.