It's time to take away the keys
Its time to take away the keys
This is a call to action to all the infra/devops type people out there. It’s time to take the keys away from 99% of your developers. You need to cut off their access to production services and give them other ways to access the things they need.
I’ve received two concerning reports recently of coding agents such as Cursor and Claude Code taking surprisingly dangerous actions.
Cursor edited the contents of an AWS bucket that the developer had access to. Claude experienced a prompt injection and credential stealing attack through a compromised npm pacakage.
Why the agent did these and if the developer was prompted sufficiently are beyond the point. It is ops' job to set up permissions so that developers can’t break things for other developers or the production application.
The genie is out of the bottle. Developers are incentivized to use all the AI tools they can. And Agents are incentivized to connect to everything they can to “help” the developer.
More accurately Companies who produce coding agents are incentivized to implement all viable tools/mcp servers and to prod the agents to use them. The more the agent ”solves problems” for the user, the better their user metrics will be.
Unfortunately that means we need to lock down any developer’s access and it needs to be done now.
No actual kubectl, use a dashboard. No db dumps, pull a stripped snapshot out of some automation. GitHub repos? You should already have branch protection preventing pushes and requiring PRs and approvals. Feature flag software like Launch Darkly? Require approvals for the tiniest thing. Tailscale? Hope you love that ACL file syntax.
All of this applies (perhaps more) to your vibe code guru CTO.
Is infra immune? No, probably not. But you can protect yourself. Limit tool access, never select “always allow” for tool use. Isolate coding agents into containers, vms, or users. I’ve written ACS to help do this.
The coding agents will discover credentials and use them, maybe not maliciously but not in an expected manner. It’s a when, not an if.
It’s time to take away the keys.
