Building a Purple-Team CI Gate for Agentic-AI Apps
Traditional SAST misses the bugs LLMs actually ship. Traditional security Actions miss the AI supply chain. Consumer CI-security tools themselves can be compromised — and twice in the last thirteen months, they were. Here is purplegate, the open-source Action we built at Kardoxa Labs to close all three gaps in one step.
Why traditional SAST can't see LLM bugs, why the CI supply chain itself keeps getting weaponised, and how purplegate — Kardoxa Labs' first open-source project — closes both gaps.
The seven actors that make a real-time multi-lingual voice agent work, the three genuinely hard problems, and why architectural control is the prerequisite, not the preference.
Five9 Voicestream, gRPC, NLP pipelines, and $500K+ in annual savings. What it took to make it production-ready in a pension fund.
What it actually takes to govern AI in a regulated financial institution — beyond the policy documents.
Multi-agent orchestration in a live enterprise environment. The failure modes, the guardrails, the things that surprised us.