
Ziv Cohen
A poisoned Linear ticket told our AI agent to leak the team. It tried three ways. None worked.
It had every permission it needed and a ticket telling it exactly what to do. Blocked once, it reworded the request to fool the check. Blocked again, it asked me to switch the check off. This is the call-by-call trace of why nothing left Linear — and the design decision that made "reword it until it's allowed" a dead end.
Read more


