This is an important conversation to be had: What is the right architecture to running agents in production? My posits: - You can trust agent harnesses, you cannot trust agents - The agent harness, the agent, and the code it generates should not run in the same security context Today this separation is not typically enforced and this will lead to major security issues in the future. The bright side: Existing agent abstractions do make it relatively easy to port to a more secure architecture. More concrete in the blog post ↓
Most coding agents default to running generated code with full access to secrets, creating a major risk for data exfiltration. It's essential that developers are deliberate in defining and enforcing security boundaries. How we're thinking about this ↓ vercel.com/blog/security-…