Veto finds the executables. You just name them.

Veto is a security tool that enhances executable blocking by using content-addressable enforcement, which relies on computing a SHA-256 hash of executable content to block processes before they start. This method allows Veto to block executables based on their content rather than their location, effectively preventing renamed or moved files from escaping detection. Despite its efficacy, Veto initially required manual input of executable paths, which posed challenges as AI agents continuously introduce new executables. The improved version of Veto addresses this by utilizing a BPF-based discovery agent that scans containers and automatically hashes and blocks executables based on their names, facilitating real-time monitoring and enforcement without the need for exhaustive manual path specification. This advancement in the discovery layer ensures comprehensive coverage across all container layers, maintaining the robust enforcement model initially established. Veto, now in early access, offers kernel-level security without requiring extensive filesystem management, aiming to support AI agents in secure production environments.