## TL;DR - Autonomous AI agents can **run commands, move files, and browse the web** — treat them like powerful software, not a “chatbot”. - Do **not** run agents on your main laptop with secrets (passwords, SSH keys, banking). - Prefer a **VM / cloud box / spare machine** + **non-admin user** + **no auto-approve**. - Use **least privilege**: only the folders and accounts the agent truly needs. - If possible, **restrict outbound network access** to known domains. - Back up first. Test on disposable data. Stop if anything feels “off”. Before installing any AI app, coding assistant, or autonomous agent, pause for a moment and think about the security of your setup. A “safe configuration” is a strong baseline — but it is not a guarantee. Modern AI tools can act on your behalf. If misconfigured, they can also make mistakes on your behalf. This page explains the risks and the minimum precautions I recommend. # 🛑 Security Warning in the Agentic Era (2026) 1. **Read before installing autonomous agents.** 2. Unlike traditional AI chatbots (which only generate text), autonomous agents can execute code, move files, call APIs, and interact with websites. 3. Installing such an agent is similar to granting software the ability to type and click for you. ### Key Risks - **Action Risk** Agents may misinterpret instructions. A poorly scoped command could modify or delete unintended files. - **Prompt Injection** Malicious emails, websites, or documents can attempt to trick an agent into leaking secrets, tokens, or private data. - **Over-Permissioning** Giving full disk access, SSH keys, or admin privileges dramatically increases impact if something goes wrong. - **Experimental Nature** Many AI agents are early-stage software. They are powerful, but not yet predictable in all edge cases. ⚠ Use at your own risk. The tools listed on this site are third-party services. I assume no liability for hardware damage, data loss, account compromise, or financial costs resulting from their use. # 🛡 Defence in Depth Security is not one setting. It is a layered approach. ## 1. Separate Environment Containers reduce risk — but they are not absolute isolation. If you mount your home directory, SSH keys, or browser sessions into a container, you have weakened that isolation. **Recommendation:** - Run agents on a dedicated machine, VM, or cloud instance. - Use a non-admin account. - Keep personal passwords, banking data, and SSH keys off that machine. ## 2. Whitelists > Blacklists Blocking specific dangerous commands is fragile. Clever prompting can bypass simple blacklists. **Better approach:** - Restrict outbound network access. - Allow connections only to approved domains (e.g., GitHub, model providers). - Deny everything else. If an agent attempts to send data to an unknown domain, the connection should fail automatically. --- ## 3. Avoid “Auto-Approve” Fatigue The biggest failure point in 2026 is not the AI — it’s the human clicking “Yes” repeatedly. If an agent requests permission 30 times, that is 30 opportunities to review what it is about to do. **Recommendation:** - Never enable automatic approval for shell commands. - Read execution prompts carefully. - Stop immediately if behaviour seems unusual. --- ## 4. Backups First Before running a new autonomous tool: - Back up important files. - Version control your projects. - Test on disposable data first. --- # Risk Levels Overview | Risk Level | Configuration | Safety Assessment | |------------|--------------|------------------| | **High Risk** | Auto-approve enabled + full disk access | One malicious prompt could cause serious damage. | | **Standard** | Sandbox or VM + human approval | Suitable for general experimentation. Avoid sensitive data. | | **Hardened** | Dedicated machine + strict network whitelist + minimal permissions | Strong isolation. Recommended for advanced use. | --- # Responsible Use Some links on this site may be affiliate links. They do not increase your cost and help support the maintenance of this blog. Regardless of affiliation, always perform your own security review before installing or granting permissions to any AI tool. --- Before giving autonomous systems too much access, think carefully. AI is powerful. Power deserves careful configuration. Stay safe.