SECURITY SERIES · 02·4 min read
An agent should never hold the key it's using
You want an AI agent that can actually do things — call APIs, touch real data. You also don't fully trust it. The resolution isn't a better sandbox; it's making sure the agent never possesses a credential at all. A broker holds the keys, mints short-lived capabilities, and gates every write behind a human. Here's the pattern.
- security
- ai-agents
- architecture
- zero-trust
- homelab