alt Hacker NewsIt feels to me like AI agents should be their own security principals and use access tokens generated speficically for them on the repos or orgs that they need access to. Handing an AI agent an access token "minted" for a human's account feels to me like the new "write the password on a post-it".
Replies
Klathmon • today at 11:39 AM
This is what I'm advocating for.
Give each dev's AI agent its own identity with its own access controls and tokens and everything.
It helps solve both the access control and attribution issues
notnaut • today at 10:48 AM
As long as there’s a way to deterministically tie a model call to a human user. I think a loss of culpability is something some companies are afraid of to some extent.
➕ show 1 reply
Not just AI agents... basically, if you cd Projects/foo, that should be it's own user (for running npm, etc) that should not have access to parent user data (probably including github tokens, etc).