No polished demos or theoretical architectures. This talk shows what actually breaks when you build agents you use every day. I walked through real patterns from building specialized agents with shared infrastructure: capability bounding to prevent tool abuse, prompt injection detection that needed real-world tuning, multi-agent memory isolation failures (and the fix), and OAuth device flow for headless operation. Live demos, actual code, and honest discussion of security decisions that worked and the ones I had to fix after they broke.