Autopoiesis builds and breaks agentic systems.
Autonomous agents now plan, call tools, and act with real-world consequences. That capability is also a new and poorly understood attack surface: prompt injection, tool misuse, privilege escalation, and emergent behaviour that no single component was designed to produce. We focus exclusively on this frontier.
Our work spans both sides of the problem — adversarial red teaming to surface failure modes before attackers do, and secure architecture to design those failure modes out from the start. Thus, you can consider Autopoiesis to be an agentic security research lab. The name autopoiesis — a system that continuously produces and maintains itself — reflects how we think about security: the work is self-sustaining, and the process built in rather than bolted on.
Autopoiesis was coined by the biologists Humberto Maturana and Francisco Varela to name what makes a living thing alive: operational closure — the system’s own processes regenerate the very network that produces them — held within a membrane it builds for itself, and structural coupling, its ongoing adaptation to a changing environment without loss of identity. Security for autonomous systems, we believe, has to become exactly this: self-producing, self-bounding, and self-adapting.
A living system endures by continuously adapting to its environment without losing what makes it itself. Security for autonomous systems has to do the same — sensing, learning from, and adapting to a threat landscape that shifts faster than any release cycle, rather than standing behind a fixed perimeter.
A cell produces a membrane that separates self from non-self and keeps its internal processes coherent. Agentic systems need the same: explicit trust boundaries, least privilege, and sandboxing — so a single compromise stays contained and the blast radius is bounded by design.
Life persists by constantly regenerating its own components. Security is not a one-off audit but a self-sustaining loop — test, learn, harden, and regenerate defences continuously, as the system and its adversaries co-evolve.
Mattia Bradascio is a University of Oxford graduate in Software and Systems Security, with a background in security research and machine learning. He has worked at the frontier of security engineering for approximately 10 years, including AI infrastructure, blockchain consensus protocols, kubernetes and cloud platforms.
If you’re working on agentic systems and want them stress-tested or built securely, get in touch.