1
1 Comment

Day 7: My AI agent almost leaked my AWS keys. Here's how I stopped it.

I've been building AI agents for about two years.

Last week something happened that changed how I think about agent security.

I had a coding agent that could read GitHub issues and run shell commands.

Then it hit me...

The moment the model outputs a tool call, we just... execute it.

No checkpoint.

No "are we sure?"

Just:

LLM → JSON → shell

That feels insane in hindsight.

In web apps we'd never execute user input without validation.

But with agents, we're basically doing the equivalent.

I started trying to break my own agents.

Not jailbreak the model.

The execution layer.

The interesting thing is that the model isn't really the problem.

If it decides to call:

run_shell("rm -rf ...")

the framework just says "okay."

That's the scary part.

So I stopped thinking about prompt injection and started thinking about execution boundaries.

I've spent the last week hacking together a runtime layer that sits between the agent and its tools.

Right now it can:

block specific tool calls
sandbox shell commands
log every decision
Still a lot to build.

I'm curious...

If you're running agents in production today, where do you actually enforce security?

Inside each tool?

Middleware?

Or are you just trusting the system prompt?

on July 15, 2026
  1. 1

    Really appreciate all the discussion here.

    A few people asked what I meant by a runtime layer. I ended up building a small prototype for my own agents to experiment with this idea. Right now it handles policy checks before tool execution, runs shell commands in a network-isolated Docker container, and records audit logs.

    If anyone wants to poke holes in the architecture or tell me what I'm missing, I'd genuinely appreciate the feedback:
    https://relay-security-lemon.vercel.app/

Trending on Indie Hackers
641 downloads, 2 sales, and I still don't know why User Avatar 131 comments I sent 43 cold emails with my own tool. 17 replied. 1 paid. Here’s the unofficial launch. User Avatar 96 comments I built for one user. Myself. User Avatar 67 comments My AI agent quoted a client a price we killed months ago. So I built Engram. User Avatar 34 comments Got our first paid customers from an unexpected channel User Avatar 28 comments I came up with a great idea for a solo Vibe Coding project, and I'm testing it out right now User Avatar 22 comments