These tools are useful, but I can't help to feel like they're solving the wrong part of the problem. I really don't have much concern that an agent has access to one of my credentials. Outside of production, most of these credentials are going to be limited in privilege and self-rotatable.

What remains terrifying is the ability to exfil important data or run commands that are malicious.