Security Research Lab

AI agents are execution environments. Treat them like one.

Linear studies how agents fail once they have real tools, credentials, and filesystem access. We build Rampart to stop unsafe actions before they run, and Snare to catch credential misuse when prevention is not enough.

Research

Incident analysis and threat models for agentic systems.

Prevention

Rampart enforces policy before commands, files, and tools execute.

Detection

Snare plants canaries where compromised agents look first.

Recent Writing

All posts →

Runtime security

If Your Agent Can Delete Production, It Eventually Will

The production database incident was not a model failure. It was a permission boundary failure. Prompts, plan mode, and confirmation buttons are not controls.

Apr 30, 2026

Supply chain

The Bitwarden CLI Compromise Was About the Harvest List

A malicious npm release targeted developer credentials, GitHub Actions secrets, and AI tooling configs. That list is the threat model.

Apr 24, 2026

Supply chain

The Axios Attack Is Different

TeamPCP's third major supply chain hit in two weeks targeted foundational npm infrastructure, not an AI tool. Every JavaScript agent framework was in scope.

Mar 31, 2026

Tools

Two layers, same threat model: prevent what you can, detect what escapes.

Details →

rampart open source

↗

Firewall for AI agents. Intercepts at the OS layer — blocks exfiltration, restricts tool calls, enforces policy before execution.

brew install peg/tap/rampart

snare open source

↗

Canary tokens for AI agents. Plant tripwires in secrets and files. Get alerted the moment an agent touches something it shouldn't.

curl -fsSL https://snare.sh/install | sh

About

Linear is a security research lab run by Trevor (GitHub: peg). We focus on the security properties of AI agent systems — how they fail, how they get exploited, and what defense looks like at the OS layer. Rampart and Snare are the tools that came out of that work.