AI-SPM vs Skrun

AI-SPM (AI Security Posture Management) is an open-source control plane for AI agent security in production environments. Built by indie developer dshapi and posted to Hacker News, it addresses a real gap: most LLM systems now have tool access and decision-making power, but almost no runtime oversight layer to catch when things go wrong. The system works as a gateway between your application and the LLM, enforcing three main controls: prompt injection detection (including obfuscated variants that bypass naive pattern matching), structured tool call validation against defined policies using Open Policy Agent (OPA), and sensitive data leakage prevention (PII and model output filtering). An Apache Kafka and Apache Flink streaming pipeline provides real-time audit trails and anomaly detection. The creator's key insight is that tool misuse — not model jailbreaks — is the primary risk vector in production AI agents. A rogue or compromised agent that escalates tool permissions or exfiltrates data through sanctioned channels is far harder to catch than a classic prompt injection. AI-SPM is early, minimal traction, and needs real-world stress testing. But as AI agent deployments mature from demos to production, runtime security tooling like this becomes non-optional.

Skrun is an open-source tool that wraps agentic skills — the discrete, reusable capabilities you build for AI agents (web search, data extraction, file transformation, API calls) — into deployable REST APIs with a single command. The idea is that skills you build for one agent context shouldn't be locked to that agent's runtime. With Skrun, you define a skill once with a standard function signature, and get a hosted endpoint with automatic request validation, retry logic, rate limiting, and an OpenAPI spec generated automatically. The project addresses a real architectural tension in the current AI tools ecosystem: agent skills are written in a dozen different formats (LangChain tools, MCP tools, function call JSON, OpenAI tool specs) and are essentially stranded assets — they only work within their specific orchestration framework. Skrun normalizes this by wrapping any skill definition format and exposing it as a framework-agnostic HTTP endpoint that any agent or pipeline can call. This appeared on Hacker News with a small but thoughtful discussion focused on the "skills as microservices" architectural pattern. Critics noted that adding HTTP round-trips to every tool call introduces latency; proponents argued that the composability and reusability benefits outweigh the cost. The early version focuses on stateless skills; stateful/conversational skill deployment is on the roadmap.