Why do we trust AI agents with zero verification?

Honest question for the community:

We require HTTPS for every web request. We require OAuth for every API call. We require 2FA for every login.

But AI agents? We let them execute actions with nothing more than a system prompt and a prayer.

An agent can transfer money, delete data, email customers — and the only "security" is hoping the LLM follows instructions. Prompt injection can bypass that in one message.

We've been building Korven (launching here Tuesday!) to fix this at the protocol level:

→ Cryptographic identity per agent (Ed25519, like SSH keys)

→ Signed intent envelopes that can't be prompt-injected

→ Boundary enforcement: action allowlists, monetary limits

→ Kill switch: revoke any agent globally in milliseconds

Curious: how are you currently securing your AI agents in production? Are you using guardrails, manual review, or just hoping for the best?