@jonny @david_chisnall @chris_evelyn I have the late Ross Anderson's "Security Engineering, Third Edition" open in my SumatraPDF session right this minute because I need to get up to speed with implementing capability-based security across said code base, fast. They tried to use ACLs in the past and it was just bloated. Also, I've taken to referring to Mythos as Metasploit '26. Capabilities for RPC plus SBOM may be the kryptonite for agentic attack vectors...