Embroidery flags Claude Code, Codex risks

The pitch is sensible: don’t try to block everything, just surface risky agent behavior fast enough that a human or SIEM can act. The hard part will be keeping false positives low without blinding itself to context-specific actions that are actually dangerous.

• –Live monitoring plus scheduled sweeps is the right shape for this problem; some failures are obvious in the moment, others only show up in hindsight across many sessions.
• –The “cheap model first, better model on escalation” pattern is pragmatic, especially for noisy environments where every prompt and tool call can’t go to an expensive judge.
• –Alert-only is a strong wedge because agent blocking is politically hard with developers, but it also means the product needs very high-confidence detections to be taken seriously.
• –Watching prompts, tool calls, and reasoning puts Embroidery closer to agent observability than classic endpoint security.
• –The security use case is real: compromised MCP servers, bad tool use, and sandbox escape attempts are exactly the failure modes teams are underprepared for.