You can’t govern gray goo

Written By joe Brown

In 1986, scientists worried runaway nanotech might convert the entire earth into Gray Goo. And that’s exactly what it looks like inside some of my clients.

Phrase of the week: "AI sprawl."

When everyone can vibe code an app, each solution becomes more goo, slowing down the company. How long before tech and org debt eats the business?

Brex may have just open-sourced an antidote.

Traditional AI governance can’t move at AI speeds. When building a new tool costs nothing, a committee or council or even a single owner just gets stretched too thin to govern. Without a single choke point, there’s no consistency in policy, security, or design. Any new layers you add to the org just slow you down.

Brex shipped something different this week: CrabTrap is an open-source HTTP proxy from Pedro Franceschi's team. Every agent's outbound API call routes through it. An LLM judges each request against a natural-language policy, blocks or allows, logs everything. The proxy doesn't care which framework, which team, which language, which model. It runs at a layer the agents can't add to.

That's what an antidote looks like. Not a committee. Not a strategy doc. A constraint that lives below the thing it's governing, doing its work whether anyone notices or not.

If you want to build an AI Governor instead of a goo factory, three practical moves:

First, write policy in plain English. CrabTrap works because a natural-language rule can be judged by a model. "Agents can read customer emails but never forward them externally" is a policy. "Align with data handling standards" is not.

Second, pick a choke point below the tools. Not above them. Governance that sits at the org-chart layer scales with headcount. Governance that sits at the network, the API call, the data access layer scales with traffic. Only one of those is goo-proof.

Third, observe before you prescribe. Brex's team didn't write policies first and hope — they pointed CrabTrap at real traffic and let it draft the policy from what agents were actually doing. Most governance fails because it's fiction about behavior that hasn't happened yet.

Goo moves at AI speed.
Humans move at committee speed.
Guess which one wins.

joe Brown
Next

Nobody got fired, they got subpoenaed