Live simulation · brakes for AI

Watch the gate kill a runaway agent

In June 2026, an AI coding agent was asked to tag 87 tasks. It got stuck in a loop and burned 1.3 billion tokens $1,382.59 in 90 minutes, with no daily cap. This recreates that exact failure, and shows UBAG's circuit breaker cut the cord on structure, not speed.

$ burned (this run)
$0.00
tool calls
0
gate status
IDLE
agent: pm-clickup-tagger  ·  tool: clickup.update_task()
$ awaiting run…
Without UBAG (real incident)
$1,382.59
With UBAG (cut here)
Saved

The runaway breaker is one layer. UBAG is the deterministic authorization gate for everything an agent does the model proposes, the gate decides, with no LLM in the decision.

Prompt-injection & intent gate

A hijacked agent manipulated by a poisoned document, tool result, or webhook can't move money or leak data. The gate inspects intent (lexical + semantic, dual-provider failover) and fails closed on high-value calls it can't verify.

Blind-agent credential vault

The agent never holds your real keys. Secrets are injected server-side only on an explicit ALLOW so a compromised agent has nothing to exfiltrate and no credential to leak. Patent-pending.

Behavioral authorization

Every action is scored against the account's own baseline plus hard allow-lists and value ceilings. Oversized, off-policy, or out-of-pattern calls are denied before they execute not flagged after the damage.

The model proposes. The gateway decides.

Put this on your agents →

This is a deterministic simulation of UBAG's runaway / token-burn circuit breaker, recreating a real, publicly-reported June 2026 incident. It illustrates the mechanism it is not connected to a live customer system. Numbers for the unchecked case are from the public report.