Most agents today run generated code with full access to your secrets.

As more agents adopt coding agent patterns, where they read filesystems, run shell commands, and generate code, they’re becoming multi-component systems that each need a different level of trust.

While most teams run all of these components in a single security context, because that’s how the default tooling works, we recommend thinking about these security boundaries differently.

Below we walk through:
— The actors in agentic systems
— Where security boundaries should go between them
— An architecture for running agent and generated code in separate contexts

— Read More