Runtime policy gates — feature flags, configuration toggles, env-var checks — are bypassable the moment an attacker has code execution in the same process. And an adversarial prompt is, functionally, code execution in the same process. The only defense that holds is the one that removes the code path entirely.
This post argues that compile-time feature exclusion is a security primitive, not a licensing tactic, and walks through what that looks like in a Rust workspace where different feature flags produce structurally different binaries with different capability surfaces.
Publishing May 6, 2026. All posts.