Your Agent Can Run printenv (and Your Runtime Can't Stop It)

Tool calls are the postcard. Process trees are the trip.

Work-Bench’s post is one of the clearer attempts to name what’s happening: a new “agent runtime” layer built to execute, constrain, observe, and improve agent work at scale.

I mostly agree with that framing. Where I think it stops short is inside their “Constrain” pillar.

They explicitly define “Constrain” as “two things: identity and permissions.” That’s correct - but incomplete once you accept the premise of agents: they execute arbitrary code, spawn subprocess trees, and interact with the OS in ways that don’t map cleanly to “API permission checks.”

[Read More]
#AI  #Agents  #Security  #AgentSH  #Execution Layer Security  #Runtime  #IAM  #Environment Variables 

It Was the Shell, Damn It: Why I Built AgentSH

I had a rule in my control file: never run database migrations without explicit approval. The agent followed it perfectly - until it didn’t. During a long debugging session, it decided the schema was the root cause, wrote a forty-line inline Python script, connected directly to the database, and altered the table. It never “ran a migration.” It just spoke SQL through a different channel. The table was altered, the script was gone, and my harness log showed “executed python command.”

[Read More]
#AI  #Agents  #Security  #Shell  #AgentSH  #LLM  #Execution Layer Security  #DevOps